Opened 11 years ago
Closed 11 years ago
#2905 closed defect (fixed)
Regression: Double free
Reported by: | Andrey Utkin | Owned by: | |
---|---|---|---|
Priority: | important | Component: | undetermined |
Version: | git-master | Keywords: | crash regression |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | no |
Description
Summary of the bug:
How to reproduce:
% ffmpeg version N-55350-gdd9555e Copyright (c) 2000-2013 the FFmpeg developers built on Aug 26 2013 22:06:56 with gcc 4.6.3 (Gentoo 4.6.3 p1.13, pie-0.5.2) configuration: --enable-gpl --enable-libx264 --enable-encoder=libx264 --disable-stripping --enable-debug --extra-cflags='-O0 -g -ggdb' libavutil 52. 41.100 / 52. 41.100 libavcodec 55. 23.100 / 55. 23.100 libavformat 55. 13.102 / 55. 13.102 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.100 / 3. 82.100 libswscale 2. 4.100 / 2. 4.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 Input #0, mpegts, from '/home/krieger/work/own_projects/demo_skipfail_noreverse.ts': Duration: 01:27:25.64, start: 1.400000, bitrate: 1105 kb/s Program 1 Metadata: service_name : Service01 service_provider: FFmpeg Stream #0:0[0x100]: Video: h264 (High 4:4:4 Predictive) ([27][0][0][0] / 0x001B), yuv444p, 1280x1024, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc No pixel format specified, yuv444p for H.264 encoding chosen. Use -pix_fmt yuv420p for compatibility with outdated media players. [libx264 @ 0x1e90f80] using cpu capabilities: none! [libx264 @ 0x1e90f80] profile High 4:4:4 Predictive, level 3.2, 4:4:4 8-bit Output #0, mpegts, to 'demo_skipfail_noreverse_edited_p1.ts': Metadata: encoder : Lavf55.13.102 Stream #0:0: Video: h264 (libx264), yuv444p, 1280x1024, q=-1--1, 2000 kb/s, 90k tbn, 30 tbc Stream mapping: Stream #0:0 -> #0:0 (h264 -> libx264) Press [q] to stop, [?] for help *** glibc detected *** /usr/local/src/ffmpeg/ffmpeg: double free or corruption (out): 0x00000000043b91f0 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7afe6)[0x7f98e065afe6] /usr/local/src/ffmpeg/ffmpeg[0xb7761c] /usr/local/src/ffmpeg/ffmpeg[0xb713e4] /usr/local/src/ffmpeg/ffmpeg[0xb71a36] /usr/local/src/ffmpeg/ffmpeg[0x481fde] /usr/local/src/ffmpeg/ffmpeg[0x4821b1] /usr/local/src/ffmpeg/ffmpeg[0x481e4d] /usr/local/src/ffmpeg/ffmpeg[0x483ff9] /usr/local/src/ffmpeg/ffmpeg[0x4a2dc0] /usr/local/src/ffmpeg/ffmpeg[0x481e4d] /usr/local/src/ffmpeg/ffmpeg[0x483ff9] /usr/local/src/ffmpeg/ffmpeg[0x487aa2] /usr/local/src/ffmpeg/ffmpeg[0x487da6] /usr/local/src/ffmpeg/ffmpeg[0x487ece] /usr/local/src/ffmpeg/ffmpeg[0x46e89e] /usr/local/src/ffmpeg/ffmpeg[0x45f484] /lib64/libc.so.6(__libc_start_main+0xfd)[0x7f98e06024bd] /usr/local/src/ffmpeg/ffmpeg[0x45fd19] ======= Memory map: ======== 00400000-00def000 r-xp 00000000 08:01 1183119 /usr/local/src/ffmpeg/ffmpeg 00fee000-00fef000 r--p 009ee000 08:01 1183119 /usr/local/src/ffmpeg/ffmpeg 00fef000-0101f000 rw-p 009ef000 08:01 1183119 /usr/local/src/ffmpeg/ffmpeg 0101f000-01613000 rw-p 00000000 00:00 0 01e75000-04464000 rw-p 00000000 00:00 0 [heap] 7f98ae9ea000-7f98ae9ff000 r-xp 00000000 08:01 4350386 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f98ae9ff000-7f98aebfe000 ---p 00015000 08:01 4350386 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f98aebfe000-7f98aebff000 r--p 00014000 08:01 4350386 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f98aebff000-7f98aec00000 rw-p 00015000 08:01 4350386 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f98aec00000-7f98b8000000 rw-p 00000000 00:00 0 7f98b8000000-7f98b85e4000 rw-p 00000000 00:00 0 7f98b85e4000-7f98bc000000 ---p 00000000 00:00 0 7f98bc000000-7f98bc5e4000 rw-p 00000000 00:00 0 7f98bc5e4000-7f98c0000000 ---p 00000000 00:00 0 7f98c0000000-7f98c05e4000 rw-p 00000000 00:00 0 7f98c05e4000-7f98c4000000 ---p 00000000 00:00 0 7f98c4000000-7f98c45e4000 rw-p 00000000 00:00 0 7f98c45e4000-7f98c8000000 ---p 00000000 00:00 0 7f98c8000000-7f98c8a6c000 rw-p 00000000 00:00 0 7f98c8a6c000-7f98cc000000 ---p 00000000 00:00 0 7f98cc10f000-7f98cd971000 rw-p 00000000 00:00 0 7f98cd971000-7f98cd972000 ---p 00000000 00:00 0 7f98cd972000-7f98ce172000 rw-p 00000000 00:00 0 [stack:17465] 7f98ce172000-7f98ce173000 ---p 00000000 00:00 0 7f98ce173000-7f98ce973000 rw-p 00000000 00:00 0 [stack:17464] 7f98ce973000-7f98ce974000 ---p 00000000 00:00 0 7f98ce974000-7f98cf174000 rw-p 00000000 00:00 0 [stack:17463] 7f98cf174000-7f98cf175000 ---p 00000000 00:00 0 7f98cf175000-7f98cf975000 rw-p 00000000 00:00 0 [stack:17462] 7f98cf975000-7f98cf976000 ---p 00000000 00:00 0 7f98cf976000-7f98d0176000 rw-p 00000000 00:00 0 [stack:17461] 7f98d0176000-7f98d0177000 ---p 00000000 00:00 0 7f98d0177000-7f98d9e25000 rw-p 00000000 00:00 0 [stack:17460] 7f98d9e25000-7f98d9e26000 ---p 00000000 00:00 0 7f98d9e26000-7f98da626000 rw-p 00000000 00:00 0 [stack:17459] 7f98da626000-7f98da627000 ---p 00000000 00:00 0 7f98da627000-7f98dae27000 rw-p 00000000 00:00 0 [stack:17458] 7f98dae27000-7f98dae28000 ---p 00000000 00:00 0 7f98dae28000-7f98db628000 rw-p 00000000 00:00 0 [stack:17457] 7f98db628000-7f98db629000 ---p 00000000 00:00 0 7f98db629000-7f98dbe29000 rw-p 00000000 00:00 0 [stack:17456] 7f98dbe29000-7f98dbe2a000 ---p 00000000 00:00 0 7f98dbe2a000-7f98dc62a000 rw-p 00000000 00:00 0 [stack:17455] 7f98dc62a000-7f98dc62b000 ---p 00000000 00:00 0 7f98dc62b000-7f98dd5ac000 rw-p 00000000 00:00 0 [stack:17454] 7f98dd5ac000-7f98dd5ad000 ---p 00000000 00:00 0 7f98dd5ad000-7f98dddad000 rw-p 00000000 00:00 0 [stack:17453] 7f98dddad000-7f98dddae000 ---p 00000000 00:00 0 7f98dddae000-7f98de5ae000 rw-p 00000000 00:00 0 [stack:17452] 7f98de5ae000-7f98de5af000 ---p 00000000 00:00 0 7f98de5af000-7f98dedaf000 rw-p 00000000 00:00 0 [stack:17451] 7f98dedaf000-7f98dedb0000 ---p 00000000 00:00 0 7f98dedb0000-7f98df5b0000 rw-p 00000000 00:00 0 [stack:17450] 7f98df5b0000-7f98df5b1000 ---p 00000000 00:00 0 7f98df5b1000-7f98dfdb1000 rw-p 00000000 00:00 0 [stack:17449] 7f98dfdb1000-7f98dfdb6000 r-xp 00000000 08:01 4205259 /usr/lib64/libXdmcp.so.6.0.0 7f98dfdb6000-7f98dffb5000 ---p 00005000 08:01 4205259 /usr/lib64/libXdmcp.so.6.0.0 7f98dffb5000-7f98dffb6000 r--p 00004000 08:01 4205259 /usr/lib64/libXdmcp.so.6.0.0 7f98dffb6000-7f98dffb7000 rw-p 00005000 08:01 4205259 /usr/lib64/libXdmcp.so.6.0.0 7f98dffb7000-7f98dffb9000 r-xp 00000000 08:01 4205216 /usr/lib64/libXau.so.6.0.0 7f98dffb9000-7f98e01b9000 ---p 00002000 08:01 4205216 /usr/lib64/libXau.so.6.0.0 7f98e01b9000-7f98e01ba000 r--p 00002000 08:01 4205216 /usr/lib64/libXau.so.6.0.0 7f98e01ba000-7f98e01bb000 rw-p 00003000 08:01 4205216 /usr/lib64/libXau.so.6.0.0 7f98e01bb000-7f98e01bd000 r-xp 00000000 08:01 5652191 /lib64/libdl-2.15.so 7f98e01bd000-7f98e03bd000 ---p 00002000 08:01 5652191 /lib64/libdl-2.15.so 7f98e03bd000-7f98e03be000 r--p 00002000 08:01 5652191 /lib64/libdl-2.15.so 7f98e03be000-7f98e03bf000 rw-p 00003000 08:01 5652191 /lib64/libdl-2.15.so 7f98e03bf000-7f98e03df000 r-xp 00000000 08:01 4212757 /usr/lib64/libxcb.so.1.1.0 7f98e03df000-7f98e05de000 ---p 00020000 08:01 4212757 /usr/lib64/libxcb.so.1.1.0 7f98e05de000-7f98e05df000 r--p 0001f000 08:01 4212757 /usr/lib64/libxcb.so.1.1.0 7f98e05df000-7f98e05e0000 rw-p 00020000 08:01 4212757 /usr/lib64/libxcb.so.1.1.0 7f98e05e0000-7f98e0781000 r-xp 00000000 08:01 5652197 /lib64/libc-2.15.so 7f98e0781000-7f98e0981000 ---p 001a1000 08:01 5652197 /lib64/libc-2.15.so 7f98e0981000-7f98e0985000 r--p 001a1000 08:01 5652197 /lib64/libc-2.15.so 7f98e0985000-7f98e0987000 rw-p 001a5000 08:01 5652197 /lib64/libc-2.15.so 7f98e0987000-7f98e098b000 rw-p 00000000 00:00 0 7f98e098b000-7f98e0993000 r-xp 00000000 08:01 5652201 /lib64/librt-2.15.so 7f98e0993000-7f98e0b92000 ---p 00008000 08:01 5652201 /lib64/librt-2.15.so 7f98e0b92000-7f98e0b93000 r--p 00007000 08:01 5652201 /lib64/librt-2.15.so 7f98e0b93000-7f98e0b94000 rw-p 00008000 08:01 5652201 /lib64/librt-2.15.so 7f98e0b94000-7f98e0ba8000 r-xp 00000000 08:01 4200269 /lib64/libz.so.1.2.7 7f98e0ba8000-7f98e0da8000 ---p 00014000 08:01 4200269 /lib64/libz.so.1.2.7 7f98e0da8000-7f98e0da9000 r--p 00014000 08:01 4200269 /lib64/libz.so.1.2.7 7f98e0da9000-7f98e0daa000 rw-p 00015000 08:01 4200269 /lib64/libz.so.1.2.7 7f98e0daa000-7f98e0db9000 r-xp 00000000 08:01 5636300 /lib64/libbz2.so.1.0.6 7f98e0db9000-7f98e0fb8000 ---p 0000f000 08:01 5636300 /lib64/libbz2.so.1.0.6 7f98e0fb8000-7f98e0fb9000 r--p 0000e000 08:01 5636300 /lib64/libbz2.so.1.0.6 7f98e0fb9000-7f98e0fba000 rw-p 0000f000 08:01 5636300 /lib64/libbz2.so.1.0.6 7f98e0fba000-7f98e10b0000 r-xp 00000000 08:01 5652193 /lib64/libm-2.15.so 7f98e10b0000-7f98e12af000 ---p 000f6000 08:01 5652193 /lib64/libm-2.15.so 7f98e12af000-7f98e12b0000 r--p 000f5000 08:01 5652193 /lib64/libm-2.15.so 7f98e12b0000-7f98e12b1000 rw-p 000f6000 08:01 5652193 /lib64/libm-2.15.so 7f98e12b1000-7f98e134f000 r-xp 00000000 08:01 1051330 /usr/lib64/libx264.so.125 7f98e134f000-7f98e154f000 ---p 0009e000 08:01 1051330 /usr/lib64/libx264.so.125 7f98e154f000-7f98e1550000 r--p 0009e000 08:01 1051330 /usr/lib64/libx264.so.125 7f98e1550000-7f98e1551000 rw-p 0009f000 08:01 1051330 /usr/lib64/libx264.so.125 7f98e1551000-7f98e15cc000 rw-p 00000000 00:00 0 7f98e15cc000-7f98e15e4000 r-xp 00000000 08:01 5652189 /lib64/libpthread-2.15.so 7f98e15e4000-7f98e17e3000 ---p 00018000 08:01 5652189 /lib64/libpthread-2.15.so 7f98e17e3000-7f98e17e4000 r--p 00017000 08:01 5652189 /lib64/libpthread-2.15.so 7f98e17e4000-7f98e17e5000 rw-p 00018000 08:01 5652189 /lib64/libpthread-2.15.so 7f98e17e5000-7f98e17e9000 rw-p 00000000 00:00 0 7f98e17e9000-7f98e183f000 r-xp 00000000 08:01 4227243 /usr/lib64/libSDL-1.2.so.0.11.4 7f98e183f000-7f98e1a3e000 ---p 00056000 08:01 4227243 /usr/lib64/libSDL-1.2.so.0.11.4 7f98e1a3e000-7f98e1a3f000 r--p 00055000 08:01 4227243 /usr/lib64/libSDL-1.2.so.0.11.4 7f98e1a3f000-7f98e1a40000 rw-p 00056000 08:01 4227243 /usr/lib64/libSDL-1.2.so.0.11.4 7f98e1a40000-7f98e1a49000 rw-p 00000000 00:00 0 7f98e1a49000-7f98e1b22000 r-xp 00000000 08:01 4616285 /usr/lib64/libasound.so.2.0.0 7f98e1b22000-7f98e1d21000 ---p 000d9000 08:01 4616285 /usr/lib64/libasound.so.2.0.0 7f98e1d21000-7f98e1d27000 r--p 000d8000 08:01 4616285 /usr/lib64/libasound.so.2.0.0 7f98e1d27000-7f98e1d29000 rw-p 000de000 08:01 4616285 /usr/lib64/libasound.so.2.0.0 7f98e1d29000-7f98e1d3a000 r-xp 00000000 08:01 4209082 /usr/lib64/libXext.so.6.4.0 7f98e1d3a000-7f98e1f39000 ---p 00011000 08:01 4209082 /usr/lib64/libXext.so.6.4.0 7f98e1f39000-7f98e1f3a000 r--p 00010000 08:01 4209082 /usr/lib64/libXext.so.6.4.0 7f98e1f3a000-7f98e1f3b000 rw-p 00011000 08:01 4209082 /usr/lib64/libXext.so.6.4.0 7f98e1f3b000-7f98e2074000 r-xp 00000000 08:01 4218152 /usr/lib64/libX11.so.6.3.0 7f98e2074000-7f98e2274000 ---p 00139000 08:01 4218152 /usr/lib64/libX11.so.6.3.0 7f98e2274000-7f98e2275000 r--p 00139000 08:01 4218152 /usr/lib64/libX11.so.6.3.0 7f98e2275000-7f98e227a000 rw-p 0013a000 08:01 4218152 /usr/lib64/libX11.so.6.3.0 7f98e227a000-7f98e227f000 r-xp 00000000 08:01 4212857 /usr/lib64/libXv.so.1.0.0 7f98e227f000-7f98e247e000 ---p 00005000 08:01 4212857 /usr/lib64/libXv.so.1.0.0 7f98e247e000-7f98e247f000 r--p 00004000 08:01 4212857 /usr/lib64/libXv.so.1.0.0 7f98e247f000-7f98e2480000 rw-p 00005000 08:01 4212857 /usr/lib64/libXv.so.1.0.0 7f98e2480000-7f98e24a2000 r-xp 00000000 08:01 5652212 /lib64/ld-2.15.so 7f98e2504000-7f98e2673000 rw-p 00000000 00:00 0 7f98e269f000-7f98e26a1000 rw-p 00000000 00:00 0 7f98e26a1000-7f98e26a2000 r--p 00021000 08:01 5652212 /lib64/ld-2.15.so 7f98e26a2000-7f98e26a3000 rw-p 00022000 08:01 5652212 /lib64/ld-2.15.so 7f98e26a3000-7f98e26a4000 rw-p 00000000 00:00 0 7fff26b24000-7fff26b45000 rw-p 00000000 00:00 0 [stack] 7fff26bff000-7fff26c00000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Reverting commit dd9555e94b1481a6992ee89b285232e5abcf9089 fixes the issue.
Change History (7)
comment:1 by , 11 years ago
Keywords: | crash regression added |
---|---|
Priority: | normal → important |
Summary: | Regression in dd9555e94b1481a6992ee89b285232e5abcf9089 → Regression: Double free |
comment:3 by , 11 years ago
At the moment i cannot attach original sample, maybe tomorrow if you can't deal without it.
I assumed it would reproduce with any file.
comment:4 by , 11 years ago
$ cat ~/.valgrindrc
--memcheck:num-callers=50
--memcheck:leak-check=full
--memcheck:leak-resolution=high
--memcheck:track-origins=yes
--memcheck:show-reachable=yes
--memcheck:show-possibly-lost=yes
--memcheck:malloc-fill=11
--memcheck:free-fill=33
[OK]
18:15:40krieger@zver /usr/local/src/ffmpeg
$ valgrind /usr/local/src/ffmpeg/ffmpeg -i sample.ts -t 0.1 -filter:v fps=fps=30 -vcodec libx264 -b:v 2000000 -y out.ts
==9253== Memcheck, a memory error detector
==9253== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==9253== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==9253== Command: /usr/local/src/ffmpeg/ffmpeg -i sample.ts -t 0.1 -filter:v fps=fps=30 -vcodec libx264 -b:v 2000000 -y out.ts
==9253==
ffmpeg version N-55787-gabe76b8 Copyright (c) 2000-2013 the FFmpeg developers
built on Aug 29 2013 17:45:47 with gcc 4.6.3 (Gentoo 4.6.3 p1.13, pie-0.5.2)
configuration: --enable-gpl --enable-libx264 --enable-encoder=libx264 --disable-stripping --enable-debug --extra-cflags='-O0 -g -ggdb'
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 14.102 / 55. 14.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[mpegts @ 0x7519e60] PES packet size mismatch
Last message repeated 1 times
Input #0, mpegts, from 'sample.ts':
Duration: 00:00:00.43, start: 1.400000, bitrate: 1888 kb/s
Program 1
Metadata:
service_name : Service01
service_provider: FFmpeg
Stream #0:0[0x100]: Video: h264 (High 4:4:4 Predictive) ([27][0][0][0] / 0x001B), yuv444p, 1280x1024, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc
No pixel format specified, yuv444p for H.264 encoding chosen.
Use -pix_fmt yuv420p for compatibility with outdated media players.
[libx264 @ 0x81785c0] using cpu capabilities: none!
[libx264 @ 0x81785c0] profile High 4:4:4 Predictive, level 3.2, 4:4:4 8-bit
Output #0, mpegts, to 'out.ts':
Metadata:
encoder : Lavf55.14.102
Stream #0:0: Video: h264 (libx264), yuv444p, 1280x1024, q=-1--1, 2000 kb/s, 90k tbn, 30 tbc
Stream mapping:
Press [q] to stop, ? for help
==9253== Invalid write of size 8 0kB time=00:00:00.00 bitrate=N/A
==9253== at 0x4A35C4: filter_frame (vf_fps.c:255)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1628 is 200 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0x482650: ff_filter_frame_framed (avfilter.c:1030)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1628 is 200 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 4
==9253== at 0xB828D4: av_frame_unref (frame.c:339)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1788 is 552 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0xB828F0: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1780 is 544 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0xB828FB: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x3333333333333333 is not stack'd, malloc'd or (recently) free'd
==9253==
==9253==
==9253== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==9253== General Protection Fault
==9253== at 0xB828FB: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
comment:5 by , 11 years ago
sample.ts is there: https://dl.dropboxusercontent.com/u/43104344/sample.ts
comment:6 by , 11 years ago
Reproduced by developer: | set |
---|---|
Status: | new → open |
Needs a high number of decoding threads (>2).
(gdb) r -i sample.ts -t 0.1 -vf fps=30 -f null - Starting program: ffmpeg_g -i sample.ts -t 0.1 -vf fps=30 -f null - [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". ffmpeg version N-55890-g259292f Copyright (c) 2000-2013 the FFmpeg developers built on Aug 30 2013 02:09:45 with gcc 4.7 (SUSE Linux) configuration: --enable-gpl --disable-indev=jack --enable-libx264 libavutil 52. 42.100 / 52. 42.100 libavcodec 55. 29.100 / 55. 29.100 libavformat 55. 15.100 / 55. 15.100 libavdevice 55. 3.100 / 55. 3.100 libavfilter 3. 82.102 / 3. 82.102 libswscale 2. 5.100 / 2. 5.100 libswresample 0. 17.103 / 0. 17.103 libpostproc 52. 3.100 / 52. 3.100 [mpegts @ 0x16e9880] PES packet size mismatch Last message repeated 1 times Input #0, mpegts, from 'sample.ts': Duration: 00:00:00.43, start: 1.400000, bitrate: 1888 kb/s Program 1 Metadata: service_name : Service01 service_provider: FFmpeg Stream #0:0[0x100]: Video: h264 (High 4:4:4 Predictive) ([27][0][0][0] / 0x001B), yuv444p, 1280x1024, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc [New Thread 0x7ffff569c700 (LWP 6820)] [New Thread 0x7ffff4e9b700 (LWP 6821)] [New Thread 0x7ffff469a700 (LWP 6822)] [New Thread 0x7ffff3e99700 (LWP 6823)] [New Thread 0x7ffff3698700 (LWP 6824)] [New Thread 0x7ffff2e97700 (LWP 6825)] [New Thread 0x7ffff2696700 (LWP 6826)] [New Thread 0x7ffff1e95700 (LWP 6827)] [New Thread 0x7ffff1694700 (LWP 6828)] [New Thread 0x7ffff0e93700 (LWP 6829)] [New Thread 0x7ffff0692700 (LWP 6830)] [New Thread 0x7fffefe91700 (LWP 6831)] [New Thread 0x7fffef690700 (LWP 6832)] [New Thread 0x7fffeee8f700 (LWP 6833)] [New Thread 0x7fffee68e700 (LWP 6834)] [New Thread 0x7fffede8d700 (LWP 6835)] [New Thread 0x7fffed68c700 (LWP 6836)] [New Thread 0x7fffece8b700 (LWP 6837)] Output #0, null, to 'pipe:': Metadata: encoder : Lavf55.15.100 Stream #0:0: Video: rawvideo (444P / 0x50343434), yuv444p, 1280x1024, q=2-31, 200 kb/s, 90k tbn, 30 tbc Stream mapping: Stream #0:0 -> #0:0 (h264 -> rawvideo) Press [q] to stop, [?] for help [null @ 0x16f1100] Encoder did not produce proper pts, making some up. [mpegts @ 0x16e9880] PES packet size mismatch Program received signal SIGSEGV, Segmentation fault. av_frame_unref (frame=0x20189a0) at libavutil/frame.c:340 340 av_freep(&frame->side_data[i]->data);
comment:7 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | open → closed |
Please provide the input sample.