Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#255 closed defect (fixed)

incorrect checksum for freed object

Reported by: zimbatm Owned by:
Priority: normal Component: avutil
Version: git-master Keywords: malloc
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Just took the time to properly bisect that issue that I saw last day.

I will attach the relevant files but
the culprit commit seems to be:

commit c8981edd902e40185b80ddb77a229104deb7c7e1
Author: Michael Niedermayer <michaelni@gmx.at>
Date:   Sat May 7 15:28:39 2011 +0200

    Only add 1 byte to av_malloc(0) when it actually returned NULL
    Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Attachments (5)

bisect.log (2.4 KB) - added by zimbatm 6 years ago.
Bisect log history
bisect.sh (158 bytes) - added by zimbatm 6 years ago.
Bisect script (needs some adaptations)
kites.mp4 (234.8 KB) - added by zimbatm 6 years ago.
The failing video
error.log (1.3 KB) - added by zimbatm 6 years ago.
FFmpeg console error
gdb.log (6.5 KB) - added by zimbatm 6 years ago.
Details from GDB

Download all attachments as: .zip

Change History (11)

Changed 6 years ago by zimbatm

Bisect log history

Changed 6 years ago by zimbatm

Bisect script (needs some adaptations)

Changed 6 years ago by zimbatm

The failing video

Changed 6 years ago by zimbatm

FFmpeg console error

Changed 6 years ago by zimbatm

Details from GDB

comment:1 Changed 6 years ago by michael

AFAIK theres a bug in macosx posix_memalign(), maybe you could try to investigate how to fix this. or how we can workaround it. but not calling malloc(1) there is not really a solution.
thanks

comment:2 Changed 6 years ago by zimbatm

Ok, apparently OSX seems to be 16-byte mem aligned [1]. If I turn HAVE_POSIX_MEMALIGN in the config.h, then the error disappears but I don't really understand the implications of this, it's a bit too low-level for me. I tried hacking the ./configure script to disable posix_memalign on darwin, but the have_func check is run after the platform-specific checks. What else could I try ?

[1] : http://stackoverflow.com/questions/196329/osx-lacks-memalign

comment:3 Changed 6 years ago by cehoyos

  • Status changed from new to open

I fear at least AVX needs more then 16-byte alignment.

Is calling av_malloc(1) from main() enough to trigger the error?

comment:4 Changed 6 years ago by zimbatm

Just changed and compiled the following, but no error on startup

diff --git a/ffmpeg.c b/ffmpeg.c
index 220feb2..19d0892 100644
--- a/ffmpeg.c
+++ b/ffmpeg.c
@@ -4475,6 +4475,9 @@ int main(int argc, char **argv)
 {
     int64_t ti;
 
+    int ret = av_malloc(1);
+    printf("malloc ret: %d\n", ret);
+
     av_log_set_flags(AV_LOG_SKIP_REPEATED);
 
     if(argc>1 && !strcmp(argv[1], "-d")){
./ffmpeg -i kites.mp4                                                                                                                    ffmpeg
malloc ret: 21042336
ffmpeg version git-N-30430-ga52f598, Copyright (c) 2000-2011 the FFmpeg developers
  built on Jun  1 2011 12:17:58 with gcc 4.2.1 (Apple Inc. build 5666) (dot 3)
  configuration: --prefix=/Users/zimbatm/code/panda/ffmpeg-head/runtime --enable-static --disable-shared --enable-postproc --enable-nonfree --enable-libx264 --enable-gpl --enable-libfaac --enable-libmp3lame --enable-libtheora --enable-libxvid --enable-libvorbis --enable-libgsm --enable-avfilter --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-version3 --disable-ffplay --disable-ffserver --disable-ffprobe --disable-network --disable-devices --disable-doc --extra-cflags=--static --extra-ldflags= --bindir=/Users/zimbatm/code/panda/ffmpeg-head/dist/bin --incdir=/Users/zimbatm/code/panda/ffmpeg-head/dist/include --libdir=/Users/zimbatm/code/panda/ffmpeg-head/dist/lib --prefix=/usr/local
  libavutil    51.  3. 0 / 51.  3. 0
  libavcodec   53.  6. 1 / 53.  6. 1
  libavformat  53.  2. 0 / 53.  2. 0
  libavdevice  53.  1. 0 / 53.  1. 0
  libavfilter   2. 11. 0 /  2. 11. 0
  libswscale    0. 14. 0 /  0. 14. 0
  libpostproc  51.  2. 0 / 51.  2. 0
ffmpeg(59911) malloc: *** error for object 0x101412138: incorrect checksum for freed object - object was probably modified after being freed.
*** set a breakpoint in malloc_error_break to debug
[1]    59911 abort      ./ffmpeg -i kites.mp4

comment:5 Changed 5 years ago by cehoyos

  • Component changed from undetermined to avutil
  • Resolution set to fixed
  • Status changed from open to closed
  • Version changed from git to git-master

A work-around was applied to current git head.

comment:6 Changed 5 years ago by zimbatm

Note: See TracTickets for help on using tickets.