Opened 17 months ago

Last modified 16 months ago

#6936 closed defect

double free or corruption in remove_decoded_packets() — at Initial Version

Reported by: tzimmo Owned by:
Priority: important Component: avformat
Version: git-master Keywords: crash abort
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

(gdb) run
Starting program: /tmp/ffmpeg/bin/ffmpeg -i foobar.vob -fflags +genpts -target pal-dvd -vcodec copy -acodec copy -scodec dvbsub -map \#0x1e0 -map \#0x80 -map \#0x23 -metadata:s:s:0 language=fin out.vob
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-84734-g0ecb1c5 Copyright (c) 2000-2017 the FFmpeg developers

built with gcc 4.9.2 (Debian 4.9.2-10)
configuration: --prefix=/tmp/ffmpeg --enable-static --disable-shared --enable-pic --disable-x86asm --disable-stripping --disable-optimizations
libavutil 56. 0.100 / 56. 0.100
libavcodec 58. 3.103 / 58. 3.103
libavformat 58. 2.100 / 58. 2.100
libavdevice 58. 0.100 / 58. 0.100
libavfilter 7. 1.100 / 7. 1.100
libswscale 5. 0.101 / 5. 0.101
libswresample 3. 0.101 / 3. 0.101

Input #0, mpeg, from 'foobar.vob':

Duration: 00:18:32.19, start: 0.287267, bitrate: 8060 kb/s

Stream #0:0[0x1e0]: Video: mpeg2video (Main), yuv420p(tv, top first), 720x576 [SAR 64:45 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc
Stream #0:1[0x80]: Audio: ac3, 48000 Hz, 5.1(side), fltp, 384 kb/s
Stream #0:2[0x21]: Subtitle: dvd_subtitle
Stream #0:3[0x22]: Subtitle: dvd_subtitle
Stream #0:4[0x24]: Subtitle: dvd_subtitle
Stream #0:5[0x26]: Subtitle: dvd_subtitle
Stream #0:6[0x28]: Subtitle: dvd_subtitle
Stream #0:7[0x23]: Subtitle: dvd_subtitle
Stream #0:8[0x20]: Subtitle: dvd_subtitle
Stream #0:9[0x25]: Subtitle: dvd_subtitle
Stream #0:10[0x27]: Subtitle: dvd_subtitle

File 'out.vob' already exists. Overwrite ? [y/N] y
[dvd @ 0x23f7de0] VBV buffer size not set, using default size of 130KB
If you want the mpeg file to be compliant to some specification
Like DVD, VCD or others, make sure you set the correct buffer size
Output #0, dvd, to 'out.vob':

Metadata:

encoder : Lavf58.2.100
Stream #0:0: Video: mpeg2video (Main), yuv420p(tv, top first), 720x576 [SAR

64:45 DAR 16:9], q=2-31, 6000 kb/s, 25 fps, 25 tbr, 90k tbn, 25 tbc

Stream #0:1: Audio: ac3, 48000 Hz, 5.1(side), fltp, 448 kb/s
Stream #0:2(fin): Subtitle: dvb_subtitle (dvbsub), 720x576
Metadata:

encoder : Lavc58.3.103 dvbsub

Stream mapping:

Stream #0:0 -> #0:0 (copy)
Stream #0:1 -> #0:1 (copy)
Stream #0:7 -> #0:2 (dvd_subtitle (dvdsub) -> dvb_subtitle (dvbsub))

Press [q] to stop, ? for help
[dvd @ 0x23f7de0] Timestamps are unset in a packet for stream 0. This is deprecated and will stop working in the future. Fix your code to set the timestamps properly
* Error in `/tmp/ffmpeg/bin/ffmpeg': double free or corruption (fasttop): 0x000000000240be60 *

Program received signal SIGABRT, Aborted.
0x00007ffff5ea5067 in GI_raise (sig=sig@entry=6)

at ../nptl/sysdeps/unix/sysv/linux/raise.c:56

56 ../nptl/sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole.
(gdb) bt
#0 0x00007ffff5ea5067 in GI_raise (sig=sig@entry=6)

at ../nptl/sysdeps/unix/sysv/linux/raise.c:56

#1 0x00007ffff5ea6448 in GI_abort () at abort.c:89
#2 0x00007ffff5ee31b4 in libc_message (do_abort=do_abort@entry=1,

fmt=fmt@entry=0x7ffff5fd8210 "* Error in `%s': %s: 0x%s *\n")
at ../sysdeps/posix/libc_fatal.c:175

#3 0x00007ffff5ee898e in malloc_printerr (action=1,

str=0x7ffff5fd83f8 "double free or corruption (fasttop)",
ptr=<optimized out>) at malloc.c:4996

#4 0x00007ffff5ee9696 in _int_free (av=<optimized out>, p=<optimized out>,

have_lock=0) at malloc.c:3840

#5 0x000000000149a494 in av_free (ptr=0x240be60) at libavutil/mem.c:223
#6 0x000000000149a4cc in av_freep (arg=0x7fffffffd600) at libavutil/mem.c:233
#7 0x000000000076b85c in remove_decoded_packets (ctx=0x23f7de0, scr=8033041)

at libavformat/mpegenc.c:954

#8 0x000000000076bc70 in output_packet (ctx=0x23f7de0, flush=0)

at libavformat/mpegenc.c:1031

#9 0x000000000076c501 in mpeg_mux_write_packet (ctx=0x23f7de0,

pkt=0x7fffffffd870) at libavformat/mpegenc.c:1176

#10 0x000000000077f713 in write_packet (s=0x23f7de0, pkt=0x7fffffffd870)

at libavformat/mux.c:754

#11 0x0000000000781006 in av_interleaved_write_frame (s=0x23f7de0, pkt=0x0)

at libavformat/mux.c:1245

#12 0x0000000000421615 in write_packet (of=0x2548e20, pkt=0x7fffffffdb50,

ost=0x255cc60, unqueue=0) at fftools/ffmpeg.c:797

#13 0x0000000000421897 in output_packet (of=0x2548e20, pkt=0x7fffffffdb50,

ost=0x255cc60, eof=0) at fftools/ffmpeg.c:868

#14 0x0000000000426c53 in do_streamcopy (ist=0x25215a0, ost=0x255cc60,

pkt=0x7fffffffde70) at fftools/ffmpeg.c:2065

#15 0x00000000004292fa in process_input_packet (ist=0x25215a0,

pkt=0x7fffffffde70, no_eof=0) at fftools/ffmpeg.c:2734

#16 0x000000000042f772 in process_input (file_index=0) at fftools/ffmpeg.c:4422
#17 0x000000000042fc80 in transcode_step () at fftools/ffmpeg.c:4542
#18 0x000000000042fdad in transcode () at fftools/ffmpeg.c:4596
#19 0x00000000004304ec in main (argc=22, argv=0x7fffffffe948)

at fftools/ffmpeg.c:4802

Change History (0)

Note: See TracTickets for help on using tickets.