Opened 6 years ago

Closed 6 years ago

#7338 closed defect (fixed)

dashenc: double free or corruption

Reported by: satbaby Owned by:
Priority: important Component: avformat
Version: git-master Keywords: dash crash abort regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description (last modified by Carl Eugen Hoyos)

Summary of the bug:
How to reproduce:

ffprobe_g 'http://freenettvcon06-i.akamaihd.net/dash/live/495222/freenet06/dash.mpd'
ffprobe version N-91543-ga9a433564d Copyright (c) 2007-2018 the FFmpeg developers
  built with gcc 7.3.0 (Gentoo 7.3.0-r3 p1.4)
  configuration: --disable-doc --disable-stripping --enable-debug=1 --enable-libxml2 --enable-demuxer=dash --enable-openssl
  libavutil      56. 18.102 / 56. 18.102
  libavcodec     58. 22.100 / 58. 22.100
  libavformat    58. 17.101 / 58. 17.101
  libavdevice    58.  4.101 / 58.  4.101
  libavfilter     7. 26.100 /  7. 26.100
  libswscale      5.  2.100 /  5.  2.100
  libswresample   3.  2.100 /  3.  2.100
[dash @ 0xbd16580] Could not read complete fragment.
    Last message repeated 1 times
[h264 @ 0xbdae780] Increasing reorder buffer to 2
[h264 @ 0xbde43c0] Increasing reorder buffer to 2
Input #0, dash, from 'http://freenettvcon06-i.akamaihd.net/dash/live/495222/freenet06/dash.mpd':
  Duration: N/A, start: 242682.017188, bitrate: 0 kb/s
  Program 0 
    Stream #0:0: Video: h264 (Main) (avc1 / 0x31637661), yuv420p(tv, bt709), 544x576 [SAR 32:17 DAR 16:9], 0 kb/s, 50 fps, 50 tbr, 10000k tbn, 100 tbc
    Metadata:
      variant_bitrate : 1400000
      id              : video_00
    Stream #0:1: Video: h264 (Main) (avc1 / 0x31637661), yuv420p(tv, bt709), 544x576 [SAR 32:17 DAR 16:9], 0 kb/s, 50 fps, 50 tbr, 10000k tbn, 100 tbc
    Metadata:
      variant_bitrate : 2200000
      id              : video_01
    Stream #0:2: Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz, stereo, fltp
    Metadata:
      variant_bitrate : 96000
      id              : audio_02

==11335== Memcheck, a memory error detector
==11335== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==11335== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==11335== Command: ./ffprobe_g http://freenettvcon06-i.akamaihd.net/dash/live/495222/freenet06/dash.mpd
==11335== Parent PID: 3277
==11335== 
--11335-- 
--11335-- Valgrind options:
--11335--    --leak-check=full
--11335--    --log-file=log.txt
--11335--    -v
--11335-- Contents of /proc/version:
--11335--   Linux version 4.18.0-rc6+ (root@localhost.localdomain) (gcc version 7.3.0 (Gentoo 7.3.0-r3 p1.4)) #5 SMP Sun Jul 29 12:35:48 CEST 2018
--11335-- 
--11335-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-avx-avx2-bmi
--11335-- Page sizes: currently 4096, max supported 4096
--11335-- Valgrind library directory: /usr/lib64/valgrind
--11335-- Reading syms from /mnt/BIG/ffmpeg/ffprobe_g
--11335-- Reading syms from /lib64/ld-2.27.so
--11335--   Considering /usr/lib/debug/lib64/ld-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/valgrind/memcheck-amd64-linux
--11335--   Considering /usr/lib/debug/usr/lib64/valgrind/memcheck-amd64-linux.debug ..
--11335--   .. CRC is valid
--11335--    object doesn't have a dynamic symbol table
--11335-- Scheduler: using generic scheduler lock implementation.
--11335-- Reading suppressions file: /usr/lib64/valgrind/default.supp
==11335== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-11335-by-kos-on-???
==11335== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-11335-by-kos-on-???
==11335== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-11335-by-kos-on-???
==11335== 
==11335== TO CONTROL THIS PROCESS USING vgdb (which you probably
==11335== don't want to do, unless you know exactly what you're doing,
==11335== or are doing some strange experiment):
==11335==   /usr/lib64/valgrind/../../bin/vgdb --pid=11335 ...command...
==11335== 
==11335== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==11335==   /path/to/gdb ./ffprobe_g
==11335== and then give GDB the following command
==11335==   target remote | /usr/lib64/valgrind/../../bin/vgdb --pid=11335
==11335== --pid is optional if only one valgrind process is running
==11335== 
--11335-- REDIR: 0x401c650 (ld-linux-x86-64.so.2:strlen) redirected to 0x5807ce41 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--11335-- REDIR: 0x401c430 (ld-linux-x86-64.so.2:index) redirected to 0x5807ce5b (vgPlain_amd64_linux_REDIR_FOR_index)
--11335-- Reading syms from /usr/lib64/valgrind/vgpreload_core-amd64-linux.so
--11335--   Considering /usr/lib/debug/usr/lib64/valgrind/vgpreload_core-amd64-linux.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
--11335--   Considering /usr/lib/debug/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so.debug ..
--11335--   .. CRC is valid
==11335== WARNING: new redirection conflicts with existing -- ignoring it
--11335--     old: 0x0401c650 (strlen              ) R-> (0000.0) 0x5807ce41 vgPlain_amd64_linux_REDIR_FOR_strlen
--11335--     new: 0x0401c650 (strlen              ) R-> (2007.0) 0x04c30120 strlen
--11335-- REDIR: 0x401a6c0 (ld-linux-x86-64.so.2:strcmp) redirected to 0x4c31a80 (strcmp)
--11335-- REDIR: 0x401cc70 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4c3fcd0 (mempcpy)
--11335-- Reading syms from /lib64/libm-2.27.so
--11335--   Considering /usr/lib/debug/lib64/libm-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libxcb.so.1.1.0
--11335--   Considering /usr/lib/debug/usr/lib64/libxcb.so.1.1.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libxcb-shm.so.0.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libxcb-shm.so.0.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libxcb-shape.so.0.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libxcb-shape.so.0.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libxcb-xfixes.so.0.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libxcb-xfixes.so.0.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libasound.so.2.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libasound.so.2.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libSDL2-2.0.so.0.8.0
--11335--   Considering /usr/lib/debug/usr/lib64/libSDL2-2.0.so.0.8.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXv.so.1.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXv.so.1.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libX11.so.6.3.0
--11335--   Considering /usr/lib/debug/usr/lib64/libX11.so.6.3.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXext.so.6.4.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXext.so.6.4.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libxml2.so.2.9.8
--11335--   Considering /usr/lib/debug/usr/lib64/libxml2.so.2.9.8.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/libbz2.so.1.0.6
--11335--   Considering /usr/lib/debug/lib64/libbz2.so.1.0.6.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/libz.so.1.2.11
--11335--   Considering /usr/lib/debug/lib64/libz.so.1.2.11.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libssl.so.1.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libssl.so.1.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libcrypto.so.1.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libcrypto.so.1.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/liblzma.so.5.2.4
--11335--   Considering /usr/lib/debug/lib64/liblzma.so.5.2.4.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libvdpau.so.1.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libvdpau.so.1.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/libpthread-2.27.so
--11335--   Considering /usr/lib/debug/lib64/libpthread-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/libc-2.27.so
--11335--   Considering /usr/lib/debug/lib64/libc-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXau.so.6.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXau.so.6.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXdmcp.so.6.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXdmcp.so.6.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/libdl-2.27.so
--11335--   Considering /usr/lib/debug/lib64/libdl-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/librt-2.27.so
--11335--   Considering /usr/lib/debug/lib64/librt-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXcursor.so.1.0.2
--11335--   Considering /usr/lib/debug/usr/lib64/libXcursor.so.1.0.2.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXi.so.6.1.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXi.so.6.1.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXrandr.so.2.2.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXrandr.so.2.2.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXxf86vm.so.1.0.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXxf86vm.so.1.0.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libicuuc.so.60.2
--11335--   Considering /usr/lib/debug/usr/lib64/libicuuc.so.60.2.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libbsd.so.0.9.1
--11335--   Considering /usr/lib/debug/usr/lib64/libbsd.so.0.9.1.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXrender.so.1.3.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXrender.so.1.3.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libXfixes.so.3.1.0
--11335--   Considering /usr/lib/debug/usr/lib64/libXfixes.so.3.1.0.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib64/libicudata.so.60.2
--11335--   Considering /usr/lib/debug/usr/lib64/libicudata.so.60.2.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib/gcc/x86_64-pc-linux-gnu/7.3.0/libstdc++.so.6.0.24
--11335--   Considering /usr/lib/debug/usr/lib/gcc/x86_64-pc-linux-gnu/7.3.0/libstdc++.so.6.0.24.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /usr/lib/gcc/x86_64-pc-linux-gnu/7.3.0/libgcc_s.so.1
--11335--   Considering /usr/lib/debug/usr/lib/gcc/x86_64-pc-linux-gnu/7.3.0/libgcc_s.so.1.debug ..
--11335--   .. CRC is valid
--11335-- REDIR: 0x7d56f60 (libc.so.6:strlen) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d57f60 (libc.so.6:memmove) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d57030 (libc.so.6:strncpy) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d58290 (libc.so.6:strcasecmp) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d56970 (libc.so.6:strcat) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d57060 (libc.so.6:rindex) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d599c0 (libc.so.6:rawmemchr) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d580d0 (libc.so.6:mempcpy) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d57f00 (libc.so.6:bcmp) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d56ff0 (libc.so.6:strncmp) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d569e0 (libc.so.6:strcmp) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d58030 (libc.so.6:memset) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d72540 (libc.so.6:wcschr) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d56f90 (libc.so.6:strnlen) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d56a80 (libc.so.6:strcspn) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d582e0 (libc.so.6:strncasecmp) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d56a50 (libc.so.6:strcpy) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d58460 (libc.so.6:memcpy@@GLIBC_2.14) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d57090 (libc.so.6:strpbrk) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d569a0 (libc.so.6:index) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d5e940 (libc.so.6:memrchr) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d58330 (libc.so.6:strcasecmp_l) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d57ed0 (libc.so.6:memchr) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d73360 (libc.so.6:wcslen) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d573c0 (libc.so.6:strspn) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d58260 (libc.so.6:stpncpy) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d58230 (libc.so.6:stpcpy) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d599f0 (libc.so.6:strchrnul) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d58380 (libc.so.6:strncasecmp_l) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7e31fe0 (libc.so.6:__strrchr_avx2) redirected to 0x4c2fa50 (rindex)
--11335-- REDIR: 0x7d52990 (libc.so.6:malloc) redirected to 0x4c2caf0 (malloc)
--11335-- REDIR: 0x7e321b0 (libc.so.6:__strlen_avx2) redirected to 0x4c30060 (strlen)
--11335-- REDIR: 0x7e29060 (libc.so.6:__strncmp_sse42) redirected to 0x4c310b0 (__strncmp_sse42)
--11335-- REDIR: 0x7d53260 (libc.so.6:realloc) redirected to 0x4c2ef30 (realloc)
--11335-- REDIR: 0x7e32b70 (libc.so.6:__memset_avx2_unaligned_erms) redirected to 0x4c3a880 (memset)
--11335-- REDIR: 0x7e0d8b0 (libc.so.6:__strcmp_ssse3) redirected to 0x4c31940 (strcmp)
--11335-- REDIR: 0x7d530d0 (libc.so.6:free) redirected to 0x4c2de00 (free)
--11335-- REDIR: 0x7e30210 (libc.so.6:__strncasecmp_avx) redirected to 0x4c31240 (strncasecmp)
--11335-- REDIR: 0x7e237d0 (libc.so.6:__stpcpy_ssse3) redirected to 0x4c39fb0 (stpcpy)
--11335-- REDIR: 0x7e326d0 (libc.so.6:__mempcpy_avx_unaligned_erms) redirected to 0x4c3e390 (mempcpy)
--11335-- REDIR: 0x7e20c50 (libc.so.6:__strncpy_ssse3) redirected to 0x4c30340 (strncpy)
--11335-- REDIR: 0x7e326f0 (libc.so.6:__memcpy_avx_unaligned_erms) redirected to 0x4c3a9c0 (memmove)
--11335-- REDIR: 0x7d54600 (libc.so.6:posix_memalign) redirected to 0x4c2f210 (posix_memalign)
--11335-- REDIR: 0x7e31df0 (libc.so.6:__strchrnul_avx2) redirected to 0x4c3e280 (strchrnul)
--11335-- REDIR: 0x7ddd980 (libc.so.6:__strcpy_chk) redirected to 0x4c3e2f0 (__strcpy_chk)
--11335-- REDIR: 0x7d57d80 (libc.so.6:strstr) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7d578f0 (libc.so.6:__GI_strstr) redirected to 0x4c40a00 (__strstr_sse2)
--11335-- REDIR: 0x7e2dee0 (libc.so.6:__strspn_sse42) redirected to 0x4c40c10 (strspn)
--11335-- REDIR: 0x7e2dbc0 (libc.so.6:__strcspn_sse42) redirected to 0x4c40b50 (strcspn)
--11335-- REDIR: 0x7e31bc0 (libc.so.6:__strchr_avx2) redirected to 0x4c2fcb0 (index)
--11335-- REDIR: 0x7e1f4a0 (libc.so.6:__strcpy_ssse3) redirected to 0x4c30140 (strcpy)
--11335-- REDIR: 0x7e2e040 (libc.so.6:__memchr_avx2) redirected to 0x4c31b20 (memchr)
--11335-- REDIR: 0x7d538a0 (libc.so.6:calloc) redirected to 0x4c2ece0 (calloc)
--11335-- Reading syms from /lib64/libnss_files-2.27.so
--11335--   Considering /usr/lib/debug/lib64/libnss_files-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- REDIR: 0x7e2dd60 (libc.so.6:__strpbrk_sse42) redirected to 0x4c40b00 (strpbrk)
--11335-- REDIR: 0x7e2eba0 (libc.so.6:__strcasecmp_avx) redirected to 0x4c31140 (strcasecmp)
--11335-- Reading syms from /lib64/libnss_dns-2.27.so
--11335--   Considering /usr/lib/debug/lib64/libnss_dns-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- Reading syms from /lib64/libresolv-2.27.so
--11335--   Considering /usr/lib/debug/lib64/libresolv-2.27.so.debug ..
--11335--   .. CRC is valid
--11335-- REDIR: 0x7e2e7c0 (libc.so.6:__memcmp_avx2_movbe) redirected to 0x4c39e30 (bcmp)
--11335-- REDIR: 0x7e2e310 (libc.so.6:__rawmemchr_avx2) redirected to 0x4c3e2b0 (rawmemchr)
--11335-- REDIR: 0x7ddd560 (libc.so.6:__memcpy_chk) redirected to 0x4a27690 (_vgnU_ifunc_wrapper)
--11335-- REDIR: 0x7e326e0 (libc.so.6:__memcpy_chk_avx_unaligned_erms) redirected to 0x4c40320 (__memcpy_chk)
==11335== Invalid free() / delete / delete[] / realloc()
==11335==    at 0x4C2DE6F: free (vg_replace_malloc.c:530)
==11335==    by 0x408C39: free_fragment (dashdec.c:313)
==11335==    by 0x408C39: free_representation (dashdec.c:344)
==11335==    by 0x408D53: free_video_list (dashdec.c:363)
==11335==    by 0x408D53: dash_close (dashdec.c:2092)
==11335==    by 0x528715: avformat_close_input (utils.c:4447)
==11335==    by 0x25ED22: close_input_file (ffprobe.c:2953)
==11335==    by 0x25ED22: probe_file (ffprobe.c:3028)
==11335==    by 0x25ED22: main (ffprobe.c:3677)
==11335==  Address 0xbd54840 is 0 bytes inside a block of size 108 free'd
==11335==    at 0x4C2DE6F: free (vg_replace_malloc.c:530)
==11335==    by 0x408C39: free_fragment (dashdec.c:313)
==11335==    by 0x408C39: free_representation (dashdec.c:344)
==11335==    by 0x408D53: free_video_list (dashdec.c:363)
==11335==    by 0x408D53: dash_close (dashdec.c:2092)
==11335==    by 0x528715: avformat_close_input (utils.c:4447)
==11335==    by 0x25ED22: close_input_file (ffprobe.c:2953)
==11335==    by 0x25ED22: probe_file (ffprobe.c:3028)
==11335==    by 0x25ED22: main (ffprobe.c:3677)
==11335==  Block was alloc'd at
==11335==    at 0x4C2F106: memalign (vg_replace_malloc.c:857)
==11335==    by 0x4C2F249: posix_memalign (vg_replace_malloc.c:1020)
==11335==    by 0xEB0EE2: av_malloc (mem.c:87)
==11335==    by 0xE9E227: av_bprint_finalize (bprint.c:248)
==11335==    by 0xE9C066: av_strireplace (avstring.c:251)
==11335==    by 0x40878B: get_content_url.constprop.19 (dashdec.c:511)
==11335==    by 0x40B2BA: parse_manifest_representation (dashdec.c:901)
==11335==    by 0x40B2BA: parse_manifest_adaptationset (dashdec.c:1095)
==11335==    by 0x40B2BA: parse_manifest (dashdec.c:1272)
==11335==    by 0x40CDBA: dash_read_header (dashdec.c:1927)
==11335==    by 0x528F07: avformat_open_input (utils.c:631)
==11335==    by 0x25EF29: open_input_file (ffprobe.c:2838)
==11335==    by 0x25EF29: probe_file (ffprobe.c:2965)
==11335==    by 0x25EF29: main (ffprobe.c:3677)
==11335== 
--11335-- Discarding syms at 0xc0b82f0-0xc0bed94 in /lib64/libnss_files-2.27.so due to munmap()
--11335-- Discarding syms at 0xc2c2f60-0xc2c5fa0 in /lib64/libnss_dns-2.27.so due to munmap()
--11335-- Discarding syms at 0xc4cb800-0xc4d8127 in /lib64/libresolv-2.27.so due to munmap()
==11335== 
==11335== HEAP SUMMARY:
==11335==     in use at exit: 85,724 bytes in 2,841 blocks
==11335==   total heap usage: 6,157 allocs, 3,317 frees, 14,184,480 bytes allocated
==11335== 
==11335== Searching for pointers to 2,841 not-freed blocks
==11335== Checked 9,143,304 bytes
==11335== 
==11335== 108 bytes in 1 blocks are definitely lost in loss record 164 of 222
==11335==    at 0x4C2F106: memalign (vg_replace_malloc.c:857)
==11335==    by 0x4C2F249: posix_memalign (vg_replace_malloc.c:1020)
==11335==    by 0xEB0EE2: av_malloc (mem.c:87)
==11335==    by 0xE9E227: av_bprint_finalize (bprint.c:248)
==11335==    by 0xE9C066: av_strireplace (avstring.c:251)
==11335==    by 0x40878B: get_content_url.constprop.19 (dashdec.c:511)
==11335==    by 0x40B2BA: parse_manifest_representation (dashdec.c:901)
==11335==    by 0x40B2BA: parse_manifest_adaptationset (dashdec.c:1095)
==11335==    by 0x40B2BA: parse_manifest (dashdec.c:1272)
==11335==    by 0x40CDBA: dash_read_header (dashdec.c:1927)
==11335==    by 0x528F07: avformat_open_input (utils.c:631)
==11335==    by 0x25EF29: open_input_file (ffprobe.c:2838)
==11335==    by 0x25EF29: probe_file (ffprobe.c:2965)
==11335==    by 0x25EF29: main (ffprobe.c:3677)
==11335== 
==11335== LEAK SUMMARY:
==11335==    definitely lost: 108 bytes in 1 blocks
==11335==    indirectly lost: 0 bytes in 0 blocks
==11335==      possibly lost: 0 bytes in 0 blocks
==11335==    still reachable: 85,616 bytes in 2,840 blocks
==11335==         suppressed: 0 bytes in 0 blocks
==11335== Reachable blocks (those to which a pointer was found) are not shown.
==11335== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==11335== 
==11335== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==11335== 
==11335== 1 errors in context 1 of 2:
==11335== Invalid free() / delete / delete[] / realloc()
==11335==    at 0x4C2DE6F: free (vg_replace_malloc.c:530)
==11335==    by 0x408C39: free_fragment (dashdec.c:313)
==11335==    by 0x408C39: free_representation (dashdec.c:344)
==11335==    by 0x408D53: free_video_list (dashdec.c:363)
==11335==    by 0x408D53: dash_close (dashdec.c:2092)
==11335==    by 0x528715: avformat_close_input (utils.c:4447)
==11335==    by 0x25ED22: close_input_file (ffprobe.c:2953)
==11335==    by 0x25ED22: probe_file (ffprobe.c:3028)
==11335==    by 0x25ED22: main (ffprobe.c:3677)
==11335==  Address 0xbd54840 is 0 bytes inside a block of size 108 free'd
==11335==    at 0x4C2DE6F: free (vg_replace_malloc.c:530)
==11335==    by 0x408C39: free_fragment (dashdec.c:313)
==11335==    by 0x408C39: free_representation (dashdec.c:344)
==11335==    by 0x408D53: free_video_list (dashdec.c:363)
==11335==    by 0x408D53: dash_close (dashdec.c:2092)
==11335==    by 0x528715: avformat_close_input (utils.c:4447)
==11335==    by 0x25ED22: close_input_file (ffprobe.c:2953)
==11335==    by 0x25ED22: probe_file (ffprobe.c:3028)
==11335==    by 0x25ED22: main (ffprobe.c:3677)
==11335==  Block was alloc'd at
==11335==    at 0x4C2F106: memalign (vg_replace_malloc.c:857)
==11335==    by 0x4C2F249: posix_memalign (vg_replace_malloc.c:1020)
==11335==    by 0xEB0EE2: av_malloc (mem.c:87)
==11335==    by 0xE9E227: av_bprint_finalize (bprint.c:248)
==11335==    by 0xE9C066: av_strireplace (avstring.c:251)
==11335==    by 0x40878B: get_content_url.constprop.19 (dashdec.c:511)
==11335==    by 0x40B2BA: parse_manifest_representation (dashdec.c:901)
==11335==    by 0x40B2BA: parse_manifest_adaptationset (dashdec.c:1095)
==11335==    by 0x40B2BA: parse_manifest (dashdec.c:1272)
==11335==    by 0x40CDBA: dash_read_header (dashdec.c:1927)
==11335==    by 0x528F07: avformat_open_input (utils.c:631)
==11335==    by 0x25EF29: open_input_file (ffprobe.c:2838)
==11335==    by 0x25EF29: probe_file (ffprobe.c:2965)
==11335==    by 0x25EF29: main (ffprobe.c:3677)
==11335== 
==11335== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)

Change History (4)

comment:1 by Carl Eugen Hoyos, 6 years ago

Description: modified (diff)
Keywords: crash added
Priority: normalimportant

The stream is 403 here.

comment:3 by Carl Eugen Hoyos, 6 years ago

Description: modified (diff)
Keywords: abort regression added
Reproduced by developer: set
Status: newopen

Possible patch sent.

comment:4 by Carl Eugen Hoyos, 6 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.