Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#7472 closed defect (invalid)

double free detected in avcodec_close after rtmp streaming with h264 codec

Reported by: andreanobile Owned by:
Priority: important Component: avcodec
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:
How to reproduce:

./streamer <video file>
ffmpeg version: git master

compiled with:
PATH="$HOME/bin:$PATH" PKG_CONFIG_PATH="$HOME/ffmpeg_build/lib/pkgconfig" ./configure   --prefix="$HOME/ffmpeg_build"    --extra-cflags="-I$HOME/ffmpeg_build/include"   --extra-ldflags="-L$HOME/ffmpeg_build/lib"   --extra-libs="-lpthread -lm"   --bindir="$HOME/bin"   --enable-gpl   --enable-libaom   --enable-libass   --enable-libfdk-aac   --enable-libfreetype   --enable-libmp3lame   --enable-libopus   --enable-libvorbis   --enable-libvpx   --enable-libx264   --enable-libx265 --enable-shared  --enable-nonfree --enable-pic --extra-ldexeflags=-pie --pkg-config-flags="--static" --enable-debug && PATH="$HOME/bin:$PATH" make -j4 && make install

address sanitizer output:
==4937==ERROR: AddressSanitizer: attempting double-free on 0x618000001480 in thread T0:
    #0 0x7f33dab397b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x7f33d8cb8ff9  (/home/andrea/ffmpeg_build/lib/libavcodec.so.58+0xb1ff9)
    #2 0x7f33d8cd4a4d in avcodec_close (/home/andrea/ffmpeg_build/lib/libavcodec.so.58+0xcda4d)
    #3 0x5632c2af4406 in Streamer::~Streamer() /home/andrea/computer_vision/streamer/main.cpp:280
    #4 0x5632c2af520e in main /home/andrea/computer_vision/streamer/main.cpp:292
    #5 0x7f33d5ab8b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #6 0x5632c2af05d9 in _start (/home/andrea/computer_vision/streamer/build/streamer+0x205d9)

0x618000001480 is located 0 bytes inside of 731-byte region [0x618000001480,0x61800000175b)
freed by thread T0 here:
    #0 0x7f33dab397b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x7f33d92d3225 in avcodec_parameters_free (/home/andrea/ffmpeg_build/lib/libavcodec.so.58+0x6cc225)

previously allocated by thread T0 here:
    #0 0x7f33dab3a7a0 in posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdf7a0)
    #1 0x7f33d8566532 in av_malloc (/home/andrea/ffmpeg_build/lib/libavutil.so.56+0x2d532)

SUMMARY: AddressSanitizer: double-free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) in __interceptor_free
==4937==ABORTING

Attachments (2)

main.cpp (8.3 KB) - added by andreanobile 2 months ago.
source code of program
CMakeLists.txt (1.6 KB) - added by andreanobile 2 months ago.
cmake file

Download all attachments as: .zip

Change History (6)

Changed 2 months ago by andreanobile

source code of program

Changed 2 months ago by andreanobile

cmake file

comment:1 Changed 2 months ago by heleppkes

https://trac.ffmpeg.org/attachment/ticket/7472/main.cpp#L229

This is the offending line. If you assign the same extradata buffer to both structures, it'll be free'ed twice. Both of those structures are documented to "own" the extradata buffer, so both of them will free it. Hence, you have to use separate buffers.

avcodec_parameters_from_context will already copy the extradata, I would recommend to move that line after opening the encoder, then there is no need to manually touch it, and nothing bad happens.

Last edited 2 months ago by heleppkes (previous) (diff)

comment:2 Changed 2 months ago by heleppkes

  • Resolution set to invalid
  • Status changed from new to closed

comment:3 Changed 2 months ago by andreanobile

Thank you!

comment:4 Changed 2 months ago by cehoyos

  • Keywords double free removed
Note: See TracTickets for help on using tickets.