Opened 4 years ago

Closed 4 years ago

#1038 closed defect (fixed)

Invalid reads when using vfilters pad&settb

Reported by: Krieger Owned by:
Priority: normal Component: avfilter
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Valgrind reports reading already freed memory. Sometimes i get crashes, and core backtrace shows the same path.
See valgrind reports in bottom.
Workaround: insert 'fifo' filter between pad & settb.

LD_LIBRARY_PATH=. valgrind --log-file=valgrind.log --num-callers=50 ./ffmpeg -i http://sokolov.me/tmp/video-mpeg4_720x544-audio_ac3_48000_stereo.avi -an -c:v mpeg4 -vf pad=740:600:8:0,settb=1/90000 -t 1 -y out.ts -loglevel debug
ffmpeg version N-38553-g1007a80 Copyright (c) 2000-2012 the FFmpeg developers
  built on Mar  5 2012 17:39:26 with gcc 4.5.3
  configuration: --disable-static --enable-shared --enable-gpl --enable-version3 --enable-avfilter --disable-doc --disable-avplay --enable-gnutls --disable-vdpau --enable-libmp3lame --enable-libfaac --enable-nonfree --enable-libvo-aacenc --enable-libvorbis --enable-libx264 --enable-libxvid --disable-indev=v4l --disable-indev=v4l2 --disable-indev=oss --disable-indev=jack --disable-outdev=oss --enable-libfreetype --disable-altivec --disable-avx --disable-vis --disable-neon --disable-iwmmxt --enable-pic --cpu=core2 --enable-hardcoded-tables
  libavutil      51. 41.100 / 51. 41.100
  libavcodec     54.  8.100 / 54.  8.100
  libavformat    54.  2.100 / 54.  2.100
  libavdevice    53.  4.100 / 53.  4.100
  libavfilter     2. 63.100 /  2. 63.100
  libswscale      2.  1.100 /  2.  1.100
  libswresample   0.  7.100 /  0.  7.100
  libpostproc    52.  0.100 / 52.  0.100
[avi @ 0xa428940] Format avi probed with size=2048 and score=100
[AVI demuxer @ 0xa43ec50] use odml:1
[avi @ 0xa428940] All info found
Input #0, avi, from 'http://sokolov.me/tmp/video-mpeg4_720x544-audio_ac3_48000_stereo.avi':
  Metadata:
    encoder         : VirtualDubMod 1.5.4.1 (build 2178/release)
  Duration: 00:09:58.84, start: 0.000000, bitrate: 1952 kb/s
    Stream #0:0, 1, 1/25: Video: mpeg4 (Advanced Simple Profile) (XVID / 0x44495658), yuv420p, 720x544 [SAR 1:1 DAR 45:34], 1/25, 25 tbr, 25 tbn, 25 tbc
    Stream #0:1, 3, 1/24000: Audio: ac3 ([0] [0][0] / 0x2000), 48000 Hz, stereo, s16, 192 kb/s
[buffer @ 0xb2ff270] w:720 h:544 pixfmt:yuv420p tb:1/1000000 sar:1/1 sws_param:
[pad @ 0xb2ffc60] w:720 h:544 -> w:740 h:600 x:8 y:0 color:0x108080FF[yuva]
[settb @ 0xb300670] tb:1/1000000 -> tb:1/90000
[mpeg4 @ 0xb2eb640] detected 2 logical cores
[mpeg4 @ 0xb2eb640] intra_quant_bias = 0 inter_quant_bias = -64                                                           
[mpeg4 @ 0xa444ae0] detected 2 logical cores                                                                              
[mpegts @ 0xb2e5230] muxrate VBR, pcr every 2 pkts, sdt every 200, pat/pmt every 40 pkts                                  
Output #0, mpegts, to 'out.ts':
  Metadata:
    encoder         : Lavf54.2.100
    Stream #0:0, 0, 1/90000: Video: mpeg4, yuv420p, 740x600 [SAR 1:1 DAR 37:30], 1/25, q=2-31, 200 kb/s, 90k tbn, 25 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 -> mpeg4)
Press [q] to stop, [?] for help
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame
[settb @ 0xb300670] tb:1/1000000 pts:40000 -> tb:1/90000 pts:3600                                                         
*** 1 dup!                                                                                                                
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame
[settb @ 0xb300670] tb:1/1000000 pts:80000 -> tb:1/90000 pts:7200                                                         
Direct padding impossible allocating new frame=00:00:00.12 bitrate=1591.7kbits/s dup=1 drop=0                             
[settb @ 0xb300670] tb:1/1000000 pts:120000 -> tb:1/90000 pts:10800                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:160000 -> tb:1/90000 pts:14400                                                       
Direct padding impossible allocating new frame=00:00:00.20 bitrate=1707.0kbits/s dup=1 drop=0                             
[settb @ 0xb300670] tb:1/1000000 pts:200000 -> tb:1/90000 pts:18000                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:240000 -> tb:1/90000 pts:21600                                                       
Direct padding impossible allocating new frame=00:00:00.28 bitrate=1649.0kbits/s dup=1 drop=0                             
[settb @ 0xb300670] tb:1/1000000 pts:280000 -> tb:1/90000 pts:25200                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:320000 -> tb:1/90000 pts:28800                                                       
Direct padding impossible allocating new framee=00:00:00.36 bitrate=1570.8kbits/s dup=1 drop=0                            
[settb @ 0xb300670] tb:1/1000000 pts:360000 -> tb:1/90000 pts:32400                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:400000 -> tb:1/90000 pts:36000                                                       
Direct padding impossible allocating new framee=00:00:00.44 bitrate=1493.7kbits/s dup=1 drop=0                            
[settb @ 0xb300670] tb:1/1000000 pts:440000 -> tb:1/90000 pts:39600                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:480000 -> tb:1/90000 pts:43200                                                       
Direct padding impossible allocating new framee=00:00:00.52 bitrate=1428.8kbits/s dup=1 drop=0                            
[settb @ 0xb300670] tb:1/1000000 pts:520000 -> tb:1/90000 pts:46800                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:560000 -> tb:1/90000 pts:50400                                                       
Direct padding impossible allocating new framee=00:00:00.60 bitrate=1388.7kbits/s dup=1 drop=0                            
[settb @ 0xb300670] tb:1/1000000 pts:600000 -> tb:1/90000 pts:54000                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:640000 -> tb:1/90000 pts:57600                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:680000 -> tb:1/90000 pts:61200                                                       
Direct padding impossible allocating new framee=00:00:00.72 bitrate=1178.1kbits/s dup=1 drop=0                            
[settb @ 0xb300670] tb:1/1000000 pts:720000 -> tb:1/90000 pts:64800                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:760000 -> tb:1/90000 pts:68400                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:800000 -> tb:1/90000 pts:72000                                                       
Direct padding impossible allocating new framee=00:00:00.84 bitrate=1025.9kbits/s dup=1 drop=0                            
[settb @ 0xb300670] tb:1/1000000 pts:840000 -> tb:1/90000 pts:75600                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:880000 -> tb:1/90000 pts:79200                                                       
[pad @ 0xb2ffc60] Direct padding impossible allocating new frame                                                          
[settb @ 0xb300670] tb:1/1000000 pts:920000 -> tb:1/90000 pts:82800                                                       
Direct padding impossible allocating new framee=00:00:00.96 bitrate= 918.1kbits/s dup=1 drop=0                            
[settb @ 0xb300670] tb:1/1000000 pts:960000 -> tb:1/90000 pts:86400                                                       
frame=   25 fps=  3 q=18.4 Lsize=     108kB time=00:00:01.00 bitrate= 887.4kbits/s dup=1 drop=0                           
video:97kB audio:0kB global headers:0kB muxing overhead 11.282782%
[OK]
17:40krieger@utkin_desktop /usr/local/src/ffmpeg_for_anything
 $ cat valgrind.log 
==7497== Memcheck, a memory error detector
==7497== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==7497== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==7497== Command: ./ffmpeg -i http://sokolov.me/tmp/video-mpeg4_720x544-audio_ac3_48000_stereo.avi -an -c:v mpeg4 -vf pad=740:600:8:0,settb=1/90000 -t 1 -y out.ts -loglevel debug
==7497== Parent PID: 7139
==7497== 
==7497== Invalid read of size 8
==7497==    at 0x50572A6: ff_draw_rectangle (drawutils.c:91)
==7497==    by 0x509463B: draw_slice (vf_pad.c:387)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87218 is 8 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x50572D4: ff_draw_rectangle (drawutils.c:95)
==7497==    by 0x509463B: draw_slice (vf_pad.c:387)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x5057354: ff_draw_rectangle (drawutils.c:99)
==7497==    by 0x509463B: draw_slice (vf_pad.c:387)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 8
==7497==    at 0x50573C7: ff_copy_rectangle (drawutils.c:111)
==7497==    by 0x509474D: draw_slice (vf_pad.c:391)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87218 is 8 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x50573FA: ff_copy_rectangle (drawutils.c:115)
==7497==    by 0x509474D: draw_slice (vf_pad.c:391)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x50574A0: ff_copy_rectangle (drawutils.c:119)
==7497==    by 0x509474D: draw_slice (vf_pad.c:391)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 8
==7497==    at 0x50572A6: ff_draw_rectangle (drawutils.c:91)
==7497==    by 0x5094699: draw_slice (vf_pad.c:398)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87218 is 8 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x50572D4: ff_draw_rectangle (drawutils.c:95)
==7497==    by 0x5094699: draw_slice (vf_pad.c:398)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x5057354: ff_draw_rectangle (drawutils.c:99)
==7497==    by 0x5094699: draw_slice (vf_pad.c:398)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 8
==7497==    at 0x50572A6: ff_draw_rectangle (drawutils.c:91)
==7497==    by 0x50944EE: draw_send_bar_slice.clone.0 (vf_pad.c:363)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87218 is 8 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x50572D4: ff_draw_rectangle (drawutils.c:95)
==7497==    by 0x50944EE: draw_send_bar_slice.clone.0 (vf_pad.c:363)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== Invalid read of size 4
==7497==    at 0x5057354: ff_draw_rectangle (drawutils.c:99)
==7497==    by 0x50944EE: draw_send_bar_slice.clone.0 (vf_pad.c:363)
==7497==    by 0x5055073: avfilter_draw_slice (avfilter.c:662)
==7497==    by 0x509AB1F: request_frame (vsrc_buffer.c:225)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497==  Address 0xeb87258 is 72 bytes inside a block of size 152 free'd
==7497==    at 0x4C280BC: free (vg_replace_malloc.c:427)
==7497==    by 0x5096E27: start_frame (vf_settb.c:109)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x5055390: avfilter_start_frame (avfilter.c:604)
==7497==    by 0x509AB0D: request_frame (vsrc_buffer.c:224)
==7497==    by 0x5054C8D: avfilter_request_frame (avfilter.c:541)
==7497==    by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129)
==7497==    by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg)
==7497==    by 0x717209C: (below main) (in /lib64/libc-2.13.so)
==7497== 
==7497== 
==7497== HEAP SUMMARY:
==7497==     in use at exit: 3,392 bytes in 46 blocks
==7497==   total heap usage: 3,511 allocs, 3,465 frees, 162,601,434 bytes allocated
==7497== 
==7497== LEAK SUMMARY:
==7497==    definitely lost: 0 bytes in 0 blocks
==7497==    indirectly lost: 0 bytes in 0 blocks
==7497==      possibly lost: 0 bytes in 0 blocks
==7497==    still reachable: 3,392 bytes in 46 blocks
==7497==         suppressed: 0 bytes in 0 blocks
==7497== Rerun with --leak-check=full to see details of leaked memory
==7497== 
==7497== For counts of detected and suppressed errors, rerun with: -v
==7497== ERROR SUMMARY: 81696 errors from 12 contexts (suppressed: 6 from 6)

Attachments (1)

video-mpeg4_720x544-audio_ac3_48000_stereo_cut.avi (100.0 KB) - added by cehoyos 4 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 4 years ago by cehoyos

  • Reproduced by developer set
  • Status changed from new to open
  • Summary changed from Reading already freed mem when using vfilters pad&settb to Invalid reads when using vfilters pad&settb

Reproducible with ffmpeg -i video-mpeg4_720x544-audio_ac3_48000_stereo_cut.avi -an -vf pad=740:600:8:0,settb=1/90000 -t 1 -f null -

comment:2 Changed 4 years ago by Cigaes

The patch in http://ffmpeg.org/pipermail/ffmpeg-devel/2012-March/121690.html should fix this. Can you confirm?

comment:3 Changed 4 years ago by cehoyos

The patch fixes the invalid reads here.

comment:4 Changed 4 years ago by cehoyos

  • Resolution set to fixed
  • Status changed from open to closed

Fixed by Nicolas George.

Note: See TracTickets for help on using tickets.