Opened 12 years ago
Closed 12 years ago
#1038 closed defect (fixed)
Invalid reads when using vfilters pad&settb
Reported by: | Andrey Utkin | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avfilter |
Version: | git-master | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
Valgrind reports reading already freed memory. Sometimes i get crashes, and core backtrace shows the same path.
See valgrind reports in bottom.
Workaround: insert 'fifo' filter between pad & settb.
LD_LIBRARY_PATH=. valgrind --log-file=valgrind.log --num-callers=50 ./ffmpeg -i http://sokolov.me/tmp/video-mpeg4_720x544-audio_ac3_48000_stereo.avi -an -c:v mpeg4 -vf pad=740:600:8:0,settb=1/90000 -t 1 -y out.ts -loglevel debug ffmpeg version N-38553-g1007a80 Copyright (c) 2000-2012 the FFmpeg developers built on Mar 5 2012 17:39:26 with gcc 4.5.3 configuration: --disable-static --enable-shared --enable-gpl --enable-version3 --enable-avfilter --disable-doc --disable-avplay --enable-gnutls --disable-vdpau --enable-libmp3lame --enable-libfaac --enable-nonfree --enable-libvo-aacenc --enable-libvorbis --enable-libx264 --enable-libxvid --disable-indev=v4l --disable-indev=v4l2 --disable-indev=oss --disable-indev=jack --disable-outdev=oss --enable-libfreetype --disable-altivec --disable-avx --disable-vis --disable-neon --disable-iwmmxt --enable-pic --cpu=core2 --enable-hardcoded-tables libavutil 51. 41.100 / 51. 41.100 libavcodec 54. 8.100 / 54. 8.100 libavformat 54. 2.100 / 54. 2.100 libavdevice 53. 4.100 / 53. 4.100 libavfilter 2. 63.100 / 2. 63.100 libswscale 2. 1.100 / 2. 1.100 libswresample 0. 7.100 / 0. 7.100 libpostproc 52. 0.100 / 52. 0.100 [avi @ 0xa428940] Format avi probed with size=2048 and score=100 [AVI demuxer @ 0xa43ec50] use odml:1 [avi @ 0xa428940] All info found Input #0, avi, from 'http://sokolov.me/tmp/video-mpeg4_720x544-audio_ac3_48000_stereo.avi': Metadata: encoder : VirtualDubMod 1.5.4.1 (build 2178/release) Duration: 00:09:58.84, start: 0.000000, bitrate: 1952 kb/s Stream #0:0, 1, 1/25: Video: mpeg4 (Advanced Simple Profile) (XVID / 0x44495658), yuv420p, 720x544 [SAR 1:1 DAR 45:34], 1/25, 25 tbr, 25 tbn, 25 tbc Stream #0:1, 3, 1/24000: Audio: ac3 ([0] [0][0] / 0x2000), 48000 Hz, stereo, s16, 192 kb/s [buffer @ 0xb2ff270] w:720 h:544 pixfmt:yuv420p tb:1/1000000 sar:1/1 sws_param: [pad @ 0xb2ffc60] w:720 h:544 -> w:740 h:600 x:8 y:0 color:0x108080FF[yuva] [settb @ 0xb300670] tb:1/1000000 -> tb:1/90000 [mpeg4 @ 0xb2eb640] detected 2 logical cores [mpeg4 @ 0xb2eb640] intra_quant_bias = 0 inter_quant_bias = -64 [mpeg4 @ 0xa444ae0] detected 2 logical cores [mpegts @ 0xb2e5230] muxrate VBR, pcr every 2 pkts, sdt every 200, pat/pmt every 40 pkts Output #0, mpegts, to 'out.ts': Metadata: encoder : Lavf54.2.100 Stream #0:0, 0, 1/90000: Video: mpeg4, yuv420p, 740x600 [SAR 1:1 DAR 37:30], 1/25, q=2-31, 200 kb/s, 90k tbn, 25 tbc Stream mapping: Stream #0:0 -> #0:0 (mpeg4 -> mpeg4) Press [q] to stop, [?] for help [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:40000 -> tb:1/90000 pts:3600 *** 1 dup! [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:80000 -> tb:1/90000 pts:7200 Direct padding impossible allocating new frame=00:00:00.12 bitrate=1591.7kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:120000 -> tb:1/90000 pts:10800 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:160000 -> tb:1/90000 pts:14400 Direct padding impossible allocating new frame=00:00:00.20 bitrate=1707.0kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:200000 -> tb:1/90000 pts:18000 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:240000 -> tb:1/90000 pts:21600 Direct padding impossible allocating new frame=00:00:00.28 bitrate=1649.0kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:280000 -> tb:1/90000 pts:25200 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:320000 -> tb:1/90000 pts:28800 Direct padding impossible allocating new framee=00:00:00.36 bitrate=1570.8kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:360000 -> tb:1/90000 pts:32400 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:400000 -> tb:1/90000 pts:36000 Direct padding impossible allocating new framee=00:00:00.44 bitrate=1493.7kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:440000 -> tb:1/90000 pts:39600 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:480000 -> tb:1/90000 pts:43200 Direct padding impossible allocating new framee=00:00:00.52 bitrate=1428.8kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:520000 -> tb:1/90000 pts:46800 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:560000 -> tb:1/90000 pts:50400 Direct padding impossible allocating new framee=00:00:00.60 bitrate=1388.7kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:600000 -> tb:1/90000 pts:54000 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:640000 -> tb:1/90000 pts:57600 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:680000 -> tb:1/90000 pts:61200 Direct padding impossible allocating new framee=00:00:00.72 bitrate=1178.1kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:720000 -> tb:1/90000 pts:64800 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:760000 -> tb:1/90000 pts:68400 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:800000 -> tb:1/90000 pts:72000 Direct padding impossible allocating new framee=00:00:00.84 bitrate=1025.9kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:840000 -> tb:1/90000 pts:75600 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:880000 -> tb:1/90000 pts:79200 [pad @ 0xb2ffc60] Direct padding impossible allocating new frame [settb @ 0xb300670] tb:1/1000000 pts:920000 -> tb:1/90000 pts:82800 Direct padding impossible allocating new framee=00:00:00.96 bitrate= 918.1kbits/s dup=1 drop=0 [settb @ 0xb300670] tb:1/1000000 pts:960000 -> tb:1/90000 pts:86400 frame= 25 fps= 3 q=18.4 Lsize= 108kB time=00:00:01.00 bitrate= 887.4kbits/s dup=1 drop=0 video:97kB audio:0kB global headers:0kB muxing overhead 11.282782% [OK] 17:40krieger@utkin_desktop /usr/local/src/ffmpeg_for_anything $ cat valgrind.log ==7497== Memcheck, a memory error detector ==7497== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==7497== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==7497== Command: ./ffmpeg -i http://sokolov.me/tmp/video-mpeg4_720x544-audio_ac3_48000_stereo.avi -an -c:v mpeg4 -vf pad=740:600:8:0,settb=1/90000 -t 1 -y out.ts -loglevel debug ==7497== Parent PID: 7139 ==7497== ==7497== Invalid read of size 8 ==7497== at 0x50572A6: ff_draw_rectangle (drawutils.c:91) ==7497== by 0x509463B: draw_slice (vf_pad.c:387) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87218 is 8 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x50572D4: ff_draw_rectangle (drawutils.c:95) ==7497== by 0x509463B: draw_slice (vf_pad.c:387) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x5057354: ff_draw_rectangle (drawutils.c:99) ==7497== by 0x509463B: draw_slice (vf_pad.c:387) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 8 ==7497== at 0x50573C7: ff_copy_rectangle (drawutils.c:111) ==7497== by 0x509474D: draw_slice (vf_pad.c:391) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87218 is 8 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x50573FA: ff_copy_rectangle (drawutils.c:115) ==7497== by 0x509474D: draw_slice (vf_pad.c:391) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x50574A0: ff_copy_rectangle (drawutils.c:119) ==7497== by 0x509474D: draw_slice (vf_pad.c:391) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 8 ==7497== at 0x50572A6: ff_draw_rectangle (drawutils.c:91) ==7497== by 0x5094699: draw_slice (vf_pad.c:398) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87218 is 8 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x50572D4: ff_draw_rectangle (drawutils.c:95) ==7497== by 0x5094699: draw_slice (vf_pad.c:398) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x5057354: ff_draw_rectangle (drawutils.c:99) ==7497== by 0x5094699: draw_slice (vf_pad.c:398) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 8 ==7497== at 0x50572A6: ff_draw_rectangle (drawutils.c:91) ==7497== by 0x50944EE: draw_send_bar_slice.clone.0 (vf_pad.c:363) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87218 is 8 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x50572D4: ff_draw_rectangle (drawutils.c:95) ==7497== by 0x50944EE: draw_send_bar_slice.clone.0 (vf_pad.c:363) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== Invalid read of size 4 ==7497== at 0x5057354: ff_draw_rectangle (drawutils.c:99) ==7497== by 0x50944EE: draw_send_bar_slice.clone.0 (vf_pad.c:363) ==7497== by 0x5055073: avfilter_draw_slice (avfilter.c:662) ==7497== by 0x509AB1F: request_frame (vsrc_buffer.c:225) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== Address 0xeb87258 is 72 bytes inside a block of size 152 free'd ==7497== at 0x4C280BC: free (vg_replace_malloc.c:427) ==7497== by 0x5096E27: start_frame (vf_settb.c:109) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x5055390: avfilter_start_frame (avfilter.c:604) ==7497== by 0x509AB0D: request_frame (vsrc_buffer.c:224) ==7497== by 0x5054C8D: avfilter_request_frame (avfilter.c:541) ==7497== by 0x5086F03: av_buffersink_get_buffer_ref (sink_buffer.c:129) ==7497== by 0x40C0E2: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x41328F: ??? (in /usr/local/src/ffmpeg_for_anything/ffmpeg) ==7497== by 0x717209C: (below main) (in /lib64/libc-2.13.so) ==7497== ==7497== ==7497== HEAP SUMMARY: ==7497== in use at exit: 3,392 bytes in 46 blocks ==7497== total heap usage: 3,511 allocs, 3,465 frees, 162,601,434 bytes allocated ==7497== ==7497== LEAK SUMMARY: ==7497== definitely lost: 0 bytes in 0 blocks ==7497== indirectly lost: 0 bytes in 0 blocks ==7497== possibly lost: 0 bytes in 0 blocks ==7497== still reachable: 3,392 bytes in 46 blocks ==7497== suppressed: 0 bytes in 0 blocks ==7497== Rerun with --leak-check=full to see details of leaked memory ==7497== ==7497== For counts of detected and suppressed errors, rerun with: -v ==7497== ERROR SUMMARY: 81696 errors from 12 contexts (suppressed: 6 from 6)
Attachments (1)
Change History (5)
by , 12 years ago
Attachment: | video-mpeg4_720x544-audio_ac3_48000_stereo_cut.avi added |
---|
comment:1 by , 12 years ago
Reproduced by developer: | set |
---|---|
Status: | new → open |
Summary: | Reading already freed mem when using vfilters pad&settb → Invalid reads when using vfilters pad&settb |
comment:2 by , 12 years ago
The patch in http://ffmpeg.org/pipermail/ffmpeg-devel/2012-March/121690.html should fix this. Can you confirm?
Note:
See TracTickets
for help on using tickets.
Reproducible with ffmpeg -i video-mpeg4_720x544-audio_ac3_48000_stereo_cut.avi -an -vf pad=740:600:8:0,settb=1/90000 -t 1 -f null -