#7472 closed defect (invalid)
double free detected in avcodec_close after rtmp streaming with h264 codec
Reported by: | andreanobile | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avcodec |
Version: | unspecified | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
How to reproduce:
./streamer <video file> ffmpeg version: git master compiled with: PATH="$HOME/bin:$PATH" PKG_CONFIG_PATH="$HOME/ffmpeg_build/lib/pkgconfig" ./configure --prefix="$HOME/ffmpeg_build" --extra-cflags="-I$HOME/ffmpeg_build/include" --extra-ldflags="-L$HOME/ffmpeg_build/lib" --extra-libs="-lpthread -lm" --bindir="$HOME/bin" --enable-gpl --enable-libaom --enable-libass --enable-libfdk-aac --enable-libfreetype --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-shared --enable-nonfree --enable-pic --extra-ldexeflags=-pie --pkg-config-flags="--static" --enable-debug && PATH="$HOME/bin:$PATH" make -j4 && make install address sanitizer output: ==4937==ERROR: AddressSanitizer: attempting double-free on 0x618000001480 in thread T0: #0 0x7f33dab397b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) #1 0x7f33d8cb8ff9 (/home/andrea/ffmpeg_build/lib/libavcodec.so.58+0xb1ff9) #2 0x7f33d8cd4a4d in avcodec_close (/home/andrea/ffmpeg_build/lib/libavcodec.so.58+0xcda4d) #3 0x5632c2af4406 in Streamer::~Streamer() /home/andrea/computer_vision/streamer/main.cpp:280 #4 0x5632c2af520e in main /home/andrea/computer_vision/streamer/main.cpp:292 #5 0x7f33d5ab8b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #6 0x5632c2af05d9 in _start (/home/andrea/computer_vision/streamer/build/streamer+0x205d9) 0x618000001480 is located 0 bytes inside of 731-byte region [0x618000001480,0x61800000175b) freed by thread T0 here: #0 0x7f33dab397b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) #1 0x7f33d92d3225 in avcodec_parameters_free (/home/andrea/ffmpeg_build/lib/libavcodec.so.58+0x6cc225) previously allocated by thread T0 here: #0 0x7f33dab3a7a0 in posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdf7a0) #1 0x7f33d8566532 in av_malloc (/home/andrea/ffmpeg_build/lib/libavutil.so.56+0x2d532) SUMMARY: AddressSanitizer: double-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) in __interceptor_free ==4937==ABORTING
Attachments (2)
Change History (6)
by , 6 years ago
comment:1 by , 6 years ago
https://trac.ffmpeg.org/attachment/ticket/7472/main.cpp#L229
This is the offending line. If you assign the same extradata buffer to both structures, it'll be free'ed twice. Both of those structures are documented to "own" the extradata buffer, so both of them will free it. Hence, you have to use separate buffers.
avcodec_parameters_from_context will already copy the extradata, I would recommend to move that line after opening the encoder, then there is no need to manually touch it, and nothing bad happens.
comment:2 by , 6 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:4 by , 6 years ago
Keywords: | double free removed |
---|
Note:
See TracTickets
for help on using tickets.
source code of program