Opened 11 years ago

Closed 11 years ago

#2905 closed defect (fixed)

Regression: Double free

Reported by: Andrey Utkin Owned by:
Priority: important Component: undetermined
Version: git-master Keywords: crash regression
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Summary of the bug:
How to reproduce:

% ffmpeg version N-55350-gdd9555e Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 26 2013 22:06:56 with gcc 4.6.3 (Gentoo 4.6.3 p1.13, pie-0.5.2)
  configuration: --enable-gpl --enable-libx264 --enable-encoder=libx264 --disable-stripping --enable-debug --extra-cflags='-O0 -g -ggdb'
  libavutil      52. 41.100 / 52. 41.100
  libavcodec     55. 23.100 / 55. 23.100
  libavformat    55. 13.102 / 55. 13.102
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.100 /  3. 82.100
  libswscale      2.  4.100 /  2.  4.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
Input #0, mpegts, from '/home/krieger/work/own_projects/demo_skipfail_noreverse.ts':
  Duration: 01:27:25.64, start: 1.400000, bitrate: 1105 kb/s
  Program 1 
    Metadata:
      service_name    : Service01
      service_provider: FFmpeg
    Stream #0:0[0x100]: Video: h264 (High 4:4:4 Predictive) ([27][0][0][0] / 0x001B), yuv444p, 1280x1024, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc
No pixel format specified, yuv444p for H.264 encoding chosen.
Use -pix_fmt yuv420p for compatibility with outdated media players.
[libx264 @ 0x1e90f80] using cpu capabilities: none!
[libx264 @ 0x1e90f80] profile High 4:4:4 Predictive, level 3.2, 4:4:4 8-bit
Output #0, mpegts, to 'demo_skipfail_noreverse_edited_p1.ts':
  Metadata:
    encoder         : Lavf55.13.102
    Stream #0:0: Video: h264 (libx264), yuv444p, 1280x1024, q=-1--1, 2000 kb/s, 90k tbn, 30 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (h264 -> libx264)
Press [q] to stop, [?] for help
*** glibc detected *** /usr/local/src/ffmpeg/ffmpeg: double free or corruption (out): 0x00000000043b91f0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7afe6)[0x7f98e065afe6]
/usr/local/src/ffmpeg/ffmpeg[0xb7761c]
/usr/local/src/ffmpeg/ffmpeg[0xb713e4]
/usr/local/src/ffmpeg/ffmpeg[0xb71a36]
/usr/local/src/ffmpeg/ffmpeg[0x481fde]
/usr/local/src/ffmpeg/ffmpeg[0x4821b1]
/usr/local/src/ffmpeg/ffmpeg[0x481e4d]
/usr/local/src/ffmpeg/ffmpeg[0x483ff9]
/usr/local/src/ffmpeg/ffmpeg[0x4a2dc0]
/usr/local/src/ffmpeg/ffmpeg[0x481e4d]
/usr/local/src/ffmpeg/ffmpeg[0x483ff9]
/usr/local/src/ffmpeg/ffmpeg[0x487aa2]
/usr/local/src/ffmpeg/ffmpeg[0x487da6]
/usr/local/src/ffmpeg/ffmpeg[0x487ece]
/usr/local/src/ffmpeg/ffmpeg[0x46e89e]
/usr/local/src/ffmpeg/ffmpeg[0x45f484]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7f98e06024bd]
/usr/local/src/ffmpeg/ffmpeg[0x45fd19]
======= Memory map: ========
00400000-00def000 r-xp 00000000 08:01 1183119                            /usr/local/src/ffmpeg/ffmpeg
00fee000-00fef000 r--p 009ee000 08:01 1183119                            /usr/local/src/ffmpeg/ffmpeg
00fef000-0101f000 rw-p 009ef000 08:01 1183119                            /usr/local/src/ffmpeg/ffmpeg
0101f000-01613000 rw-p 00000000 00:00 0 
01e75000-04464000 rw-p 00000000 00:00 0                                  [heap]
7f98ae9ea000-7f98ae9ff000 r-xp 00000000 08:01 4350386                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1
7f98ae9ff000-7f98aebfe000 ---p 00015000 08:01 4350386                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1
7f98aebfe000-7f98aebff000 r--p 00014000 08:01 4350386                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1
7f98aebff000-7f98aec00000 rw-p 00015000 08:01 4350386                    /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1
7f98aec00000-7f98b8000000 rw-p 00000000 00:00 0 
7f98b8000000-7f98b85e4000 rw-p 00000000 00:00 0 
7f98b85e4000-7f98bc000000 ---p 00000000 00:00 0 
7f98bc000000-7f98bc5e4000 rw-p 00000000 00:00 0 
7f98bc5e4000-7f98c0000000 ---p 00000000 00:00 0 
7f98c0000000-7f98c05e4000 rw-p 00000000 00:00 0 
7f98c05e4000-7f98c4000000 ---p 00000000 00:00 0 
7f98c4000000-7f98c45e4000 rw-p 00000000 00:00 0 
7f98c45e4000-7f98c8000000 ---p 00000000 00:00 0 
7f98c8000000-7f98c8a6c000 rw-p 00000000 00:00 0 
7f98c8a6c000-7f98cc000000 ---p 00000000 00:00 0 
7f98cc10f000-7f98cd971000 rw-p 00000000 00:00 0 
7f98cd971000-7f98cd972000 ---p 00000000 00:00 0 
7f98cd972000-7f98ce172000 rw-p 00000000 00:00 0                          [stack:17465]
7f98ce172000-7f98ce173000 ---p 00000000 00:00 0 
7f98ce173000-7f98ce973000 rw-p 00000000 00:00 0                          [stack:17464]
7f98ce973000-7f98ce974000 ---p 00000000 00:00 0 
7f98ce974000-7f98cf174000 rw-p 00000000 00:00 0                          [stack:17463]
7f98cf174000-7f98cf175000 ---p 00000000 00:00 0 
7f98cf175000-7f98cf975000 rw-p 00000000 00:00 0                          [stack:17462]
7f98cf975000-7f98cf976000 ---p 00000000 00:00 0 
7f98cf976000-7f98d0176000 rw-p 00000000 00:00 0                          [stack:17461]
7f98d0176000-7f98d0177000 ---p 00000000 00:00 0 
7f98d0177000-7f98d9e25000 rw-p 00000000 00:00 0                          [stack:17460]
7f98d9e25000-7f98d9e26000 ---p 00000000 00:00 0 
7f98d9e26000-7f98da626000 rw-p 00000000 00:00 0                          [stack:17459]
7f98da626000-7f98da627000 ---p 00000000 00:00 0 
7f98da627000-7f98dae27000 rw-p 00000000 00:00 0                          [stack:17458]
7f98dae27000-7f98dae28000 ---p 00000000 00:00 0 
7f98dae28000-7f98db628000 rw-p 00000000 00:00 0                          [stack:17457]
7f98db628000-7f98db629000 ---p 00000000 00:00 0 
7f98db629000-7f98dbe29000 rw-p 00000000 00:00 0                          [stack:17456]
7f98dbe29000-7f98dbe2a000 ---p 00000000 00:00 0 
7f98dbe2a000-7f98dc62a000 rw-p 00000000 00:00 0                          [stack:17455]
7f98dc62a000-7f98dc62b000 ---p 00000000 00:00 0 
7f98dc62b000-7f98dd5ac000 rw-p 00000000 00:00 0                          [stack:17454]
7f98dd5ac000-7f98dd5ad000 ---p 00000000 00:00 0 
7f98dd5ad000-7f98dddad000 rw-p 00000000 00:00 0                          [stack:17453]
7f98dddad000-7f98dddae000 ---p 00000000 00:00 0 
7f98dddae000-7f98de5ae000 rw-p 00000000 00:00 0                          [stack:17452]
7f98de5ae000-7f98de5af000 ---p 00000000 00:00 0 
7f98de5af000-7f98dedaf000 rw-p 00000000 00:00 0                          [stack:17451]
7f98dedaf000-7f98dedb0000 ---p 00000000 00:00 0 
7f98dedb0000-7f98df5b0000 rw-p 00000000 00:00 0                          [stack:17450]
7f98df5b0000-7f98df5b1000 ---p 00000000 00:00 0 
7f98df5b1000-7f98dfdb1000 rw-p 00000000 00:00 0                          [stack:17449]
7f98dfdb1000-7f98dfdb6000 r-xp 00000000 08:01 4205259                    /usr/lib64/libXdmcp.so.6.0.0
7f98dfdb6000-7f98dffb5000 ---p 00005000 08:01 4205259                    /usr/lib64/libXdmcp.so.6.0.0
7f98dffb5000-7f98dffb6000 r--p 00004000 08:01 4205259                    /usr/lib64/libXdmcp.so.6.0.0
7f98dffb6000-7f98dffb7000 rw-p 00005000 08:01 4205259                    /usr/lib64/libXdmcp.so.6.0.0
7f98dffb7000-7f98dffb9000 r-xp 00000000 08:01 4205216                    /usr/lib64/libXau.so.6.0.0
7f98dffb9000-7f98e01b9000 ---p 00002000 08:01 4205216                    /usr/lib64/libXau.so.6.0.0
7f98e01b9000-7f98e01ba000 r--p 00002000 08:01 4205216                    /usr/lib64/libXau.so.6.0.0
7f98e01ba000-7f98e01bb000 rw-p 00003000 08:01 4205216                    /usr/lib64/libXau.so.6.0.0
7f98e01bb000-7f98e01bd000 r-xp 00000000 08:01 5652191                    /lib64/libdl-2.15.so
7f98e01bd000-7f98e03bd000 ---p 00002000 08:01 5652191                    /lib64/libdl-2.15.so
7f98e03bd000-7f98e03be000 r--p 00002000 08:01 5652191                    /lib64/libdl-2.15.so
7f98e03be000-7f98e03bf000 rw-p 00003000 08:01 5652191                    /lib64/libdl-2.15.so
7f98e03bf000-7f98e03df000 r-xp 00000000 08:01 4212757                    /usr/lib64/libxcb.so.1.1.0
7f98e03df000-7f98e05de000 ---p 00020000 08:01 4212757                    /usr/lib64/libxcb.so.1.1.0
7f98e05de000-7f98e05df000 r--p 0001f000 08:01 4212757                    /usr/lib64/libxcb.so.1.1.0
7f98e05df000-7f98e05e0000 rw-p 00020000 08:01 4212757                    /usr/lib64/libxcb.so.1.1.0
7f98e05e0000-7f98e0781000 r-xp 00000000 08:01 5652197                    /lib64/libc-2.15.so
7f98e0781000-7f98e0981000 ---p 001a1000 08:01 5652197                    /lib64/libc-2.15.so
7f98e0981000-7f98e0985000 r--p 001a1000 08:01 5652197                    /lib64/libc-2.15.so
7f98e0985000-7f98e0987000 rw-p 001a5000 08:01 5652197                    /lib64/libc-2.15.so
7f98e0987000-7f98e098b000 rw-p 00000000 00:00 0 
7f98e098b000-7f98e0993000 r-xp 00000000 08:01 5652201                    /lib64/librt-2.15.so
7f98e0993000-7f98e0b92000 ---p 00008000 08:01 5652201                    /lib64/librt-2.15.so
7f98e0b92000-7f98e0b93000 r--p 00007000 08:01 5652201                    /lib64/librt-2.15.so
7f98e0b93000-7f98e0b94000 rw-p 00008000 08:01 5652201                    /lib64/librt-2.15.so
7f98e0b94000-7f98e0ba8000 r-xp 00000000 08:01 4200269                    /lib64/libz.so.1.2.7
7f98e0ba8000-7f98e0da8000 ---p 00014000 08:01 4200269                    /lib64/libz.so.1.2.7
7f98e0da8000-7f98e0da9000 r--p 00014000 08:01 4200269                    /lib64/libz.so.1.2.7
7f98e0da9000-7f98e0daa000 rw-p 00015000 08:01 4200269                    /lib64/libz.so.1.2.7
7f98e0daa000-7f98e0db9000 r-xp 00000000 08:01 5636300                    /lib64/libbz2.so.1.0.6
7f98e0db9000-7f98e0fb8000 ---p 0000f000 08:01 5636300                    /lib64/libbz2.so.1.0.6
7f98e0fb8000-7f98e0fb9000 r--p 0000e000 08:01 5636300                    /lib64/libbz2.so.1.0.6
7f98e0fb9000-7f98e0fba000 rw-p 0000f000 08:01 5636300                    /lib64/libbz2.so.1.0.6
7f98e0fba000-7f98e10b0000 r-xp 00000000 08:01 5652193                    /lib64/libm-2.15.so
7f98e10b0000-7f98e12af000 ---p 000f6000 08:01 5652193                    /lib64/libm-2.15.so
7f98e12af000-7f98e12b0000 r--p 000f5000 08:01 5652193                    /lib64/libm-2.15.so
7f98e12b0000-7f98e12b1000 rw-p 000f6000 08:01 5652193                    /lib64/libm-2.15.so
7f98e12b1000-7f98e134f000 r-xp 00000000 08:01 1051330                    /usr/lib64/libx264.so.125
7f98e134f000-7f98e154f000 ---p 0009e000 08:01 1051330                    /usr/lib64/libx264.so.125
7f98e154f000-7f98e1550000 r--p 0009e000 08:01 1051330                    /usr/lib64/libx264.so.125
7f98e1550000-7f98e1551000 rw-p 0009f000 08:01 1051330                    /usr/lib64/libx264.so.125
7f98e1551000-7f98e15cc000 rw-p 00000000 00:00 0 
7f98e15cc000-7f98e15e4000 r-xp 00000000 08:01 5652189                    /lib64/libpthread-2.15.so
7f98e15e4000-7f98e17e3000 ---p 00018000 08:01 5652189                    /lib64/libpthread-2.15.so
7f98e17e3000-7f98e17e4000 r--p 00017000 08:01 5652189                    /lib64/libpthread-2.15.so
7f98e17e4000-7f98e17e5000 rw-p 00018000 08:01 5652189                    /lib64/libpthread-2.15.so
7f98e17e5000-7f98e17e9000 rw-p 00000000 00:00 0 
7f98e17e9000-7f98e183f000 r-xp 00000000 08:01 4227243                    /usr/lib64/libSDL-1.2.so.0.11.4
7f98e183f000-7f98e1a3e000 ---p 00056000 08:01 4227243                    /usr/lib64/libSDL-1.2.so.0.11.4
7f98e1a3e000-7f98e1a3f000 r--p 00055000 08:01 4227243                    /usr/lib64/libSDL-1.2.so.0.11.4
7f98e1a3f000-7f98e1a40000 rw-p 00056000 08:01 4227243                    /usr/lib64/libSDL-1.2.so.0.11.4
7f98e1a40000-7f98e1a49000 rw-p 00000000 00:00 0 
7f98e1a49000-7f98e1b22000 r-xp 00000000 08:01 4616285                    /usr/lib64/libasound.so.2.0.0
7f98e1b22000-7f98e1d21000 ---p 000d9000 08:01 4616285                    /usr/lib64/libasound.so.2.0.0
7f98e1d21000-7f98e1d27000 r--p 000d8000 08:01 4616285                    /usr/lib64/libasound.so.2.0.0
7f98e1d27000-7f98e1d29000 rw-p 000de000 08:01 4616285                    /usr/lib64/libasound.so.2.0.0
7f98e1d29000-7f98e1d3a000 r-xp 00000000 08:01 4209082                    /usr/lib64/libXext.so.6.4.0
7f98e1d3a000-7f98e1f39000 ---p 00011000 08:01 4209082                    /usr/lib64/libXext.so.6.4.0
7f98e1f39000-7f98e1f3a000 r--p 00010000 08:01 4209082                    /usr/lib64/libXext.so.6.4.0
7f98e1f3a000-7f98e1f3b000 rw-p 00011000 08:01 4209082                    /usr/lib64/libXext.so.6.4.0
7f98e1f3b000-7f98e2074000 r-xp 00000000 08:01 4218152                    /usr/lib64/libX11.so.6.3.0
7f98e2074000-7f98e2274000 ---p 00139000 08:01 4218152                    /usr/lib64/libX11.so.6.3.0
7f98e2274000-7f98e2275000 r--p 00139000 08:01 4218152                    /usr/lib64/libX11.so.6.3.0
7f98e2275000-7f98e227a000 rw-p 0013a000 08:01 4218152                    /usr/lib64/libX11.so.6.3.0
7f98e227a000-7f98e227f000 r-xp 00000000 08:01 4212857                    /usr/lib64/libXv.so.1.0.0
7f98e227f000-7f98e247e000 ---p 00005000 08:01 4212857                    /usr/lib64/libXv.so.1.0.0
7f98e247e000-7f98e247f000 r--p 00004000 08:01 4212857                    /usr/lib64/libXv.so.1.0.0
7f98e247f000-7f98e2480000 rw-p 00005000 08:01 4212857                    /usr/lib64/libXv.so.1.0.0
7f98e2480000-7f98e24a2000 r-xp 00000000 08:01 5652212                    /lib64/ld-2.15.so
7f98e2504000-7f98e2673000 rw-p 00000000 00:00 0 
7f98e269f000-7f98e26a1000 rw-p 00000000 00:00 0 
7f98e26a1000-7f98e26a2000 r--p 00021000 08:01 5652212                    /lib64/ld-2.15.so
7f98e26a2000-7f98e26a3000 rw-p 00022000 08:01 5652212                    /lib64/ld-2.15.so
7f98e26a3000-7f98e26a4000 rw-p 00000000 00:00 0 
7fff26b24000-7fff26b45000 rw-p 00000000 00:00 0                          [stack]
7fff26bff000-7fff26c00000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Reverting commit dd9555e94b1481a6992ee89b285232e5abcf9089 fixes the issue.

Change History (7)

comment:1 by Carl Eugen Hoyos, 11 years ago

Keywords: crash regression added
Priority: normalimportant
Summary: Regression in dd9555e94b1481a6992ee89b285232e5abcf9089Regression: Double free

Please provide the input sample.

comment:2 by Elon Musk, 11 years ago

Or valgrind output, or way to reproduce this.

comment:3 by Andrey Utkin, 11 years ago

At the moment i cannot attach original sample, maybe tomorrow if you can't deal without it.
I assumed it would reproduce with any file.

comment:4 by Andrey Utkin, 11 years ago

$ cat ~/.valgrindrc

--memcheck:num-callers=50
--memcheck:leak-check=full
--memcheck:leak-resolution=high
--memcheck:track-origins=yes
--memcheck:show-reachable=yes
--memcheck:show-possibly-lost=yes
--memcheck:malloc-fill=11
--memcheck:free-fill=33
[OK]
18:15:40krieger@zver /usr/local/src/ffmpeg

$ valgrind /usr/local/src/ffmpeg/ffmpeg -i sample.ts -t 0.1 -filter:v fps=fps=30 -vcodec libx264 -b:v 2000000 -y out.ts

==9253== Memcheck, a memory error detector
==9253== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==9253== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==9253== Command: /usr/local/src/ffmpeg/ffmpeg -i sample.ts -t 0.1 -filter:v fps=fps=30 -vcodec libx264 -b:v 2000000 -y out.ts
==9253==
ffmpeg version N-55787-gabe76b8 Copyright (c) 2000-2013 the FFmpeg developers

built on Aug 29 2013 17:45:47 with gcc 4.6.3 (Gentoo 4.6.3 p1.13, pie-0.5.2)
configuration: --enable-gpl --enable-libx264 --enable-encoder=libx264 --disable-stripping --enable-debug --extra-cflags='-O0 -g -ggdb'
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 14.102 / 55. 14.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100

[mpegts @ 0x7519e60] PES packet size mismatch

Last message repeated 1 times

Input #0, mpegts, from 'sample.ts':

Duration: 00:00:00.43, start: 1.400000, bitrate: 1888 kb/s
Program 1

Metadata:

service_name : Service01
service_provider: FFmpeg

Stream #0:0[0x100]: Video: h264 (High 4:4:4 Predictive) ([27][0][0][0] / 0x001B), yuv444p, 1280x1024, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc

No pixel format specified, yuv444p for H.264 encoding chosen.
Use -pix_fmt yuv420p for compatibility with outdated media players.
[libx264 @ 0x81785c0] using cpu capabilities: none!
[libx264 @ 0x81785c0] profile High 4:4:4 Predictive, level 3.2, 4:4:4 8-bit
Output #0, mpegts, to 'out.ts':

Metadata:

encoder : Lavf55.14.102
Stream #0:0: Video: h264 (libx264), yuv444p, 1280x1024, q=-1--1, 2000 kb/s, 90k tbn, 30 tbc

Stream mapping:

Stream #0:0 -> #0:0 (h264 -> libx264)

Press [q] to stop, ? for help
==9253== Invalid write of size 8 0kB time=00:00:00.00 bitrate=N/A
==9253== at 0x4A35C4: filter_frame (vf_fps.c:255)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1628 is 200 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0x482650: ff_filter_frame_framed (avfilter.c:1030)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1628 is 200 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 4
==9253== at 0xB828D4: av_frame_unref (frame.c:339)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1788 is 552 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0xB828F0: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1780 is 544 bytes inside a block of size 624 free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0xB828FB: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x3333333333333333 is not stack'd, malloc'd or (recently) free'd
==9253==
==9253==
==9253== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==9253== General Protection Fault
==9253== at 0xB828FB: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)

comment:6 by Carl Eugen Hoyos, 11 years ago

Reproduced by developer: set
Status: newopen

Needs a high number of decoding threads (>2).

(gdb) r -i sample.ts -t 0.1 -vf fps=30 -f null -
Starting program: ffmpeg_g -i sample.ts -t 0.1 -vf fps=30 -f null -
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
ffmpeg version N-55890-g259292f Copyright (c) 2000-2013 the FFmpeg developers
  built on Aug 30 2013 02:09:45 with gcc 4.7 (SUSE Linux)
  configuration: --enable-gpl --disable-indev=jack --enable-libx264
  libavutil      52. 42.100 / 52. 42.100
  libavcodec     55. 29.100 / 55. 29.100
  libavformat    55. 15.100 / 55. 15.100
  libavdevice    55.  3.100 / 55.  3.100
  libavfilter     3. 82.102 /  3. 82.102
  libswscale      2.  5.100 /  2.  5.100
  libswresample   0. 17.103 /  0. 17.103
  libpostproc    52.  3.100 / 52.  3.100
[mpegts @ 0x16e9880] PES packet size mismatch
    Last message repeated 1 times
Input #0, mpegts, from 'sample.ts':
  Duration: 00:00:00.43, start: 1.400000, bitrate: 1888 kb/s
  Program 1
    Metadata:
      service_name    : Service01
      service_provider: FFmpeg
    Stream #0:0[0x100]: Video: h264 (High 4:4:4 Predictive) ([27][0][0][0] / 0x001B), yuv444p, 1280x1024, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc
[New Thread 0x7ffff569c700 (LWP 6820)]
[New Thread 0x7ffff4e9b700 (LWP 6821)]
[New Thread 0x7ffff469a700 (LWP 6822)]
[New Thread 0x7ffff3e99700 (LWP 6823)]
[New Thread 0x7ffff3698700 (LWP 6824)]
[New Thread 0x7ffff2e97700 (LWP 6825)]
[New Thread 0x7ffff2696700 (LWP 6826)]
[New Thread 0x7ffff1e95700 (LWP 6827)]
[New Thread 0x7ffff1694700 (LWP 6828)]
[New Thread 0x7ffff0e93700 (LWP 6829)]
[New Thread 0x7ffff0692700 (LWP 6830)]
[New Thread 0x7fffefe91700 (LWP 6831)]
[New Thread 0x7fffef690700 (LWP 6832)]
[New Thread 0x7fffeee8f700 (LWP 6833)]
[New Thread 0x7fffee68e700 (LWP 6834)]
[New Thread 0x7fffede8d700 (LWP 6835)]
[New Thread 0x7fffed68c700 (LWP 6836)]
[New Thread 0x7fffece8b700 (LWP 6837)]
Output #0, null, to 'pipe:':
  Metadata:
    encoder         : Lavf55.15.100
    Stream #0:0: Video: rawvideo (444P / 0x50343434), yuv444p, 1280x1024, q=2-31, 200 kb/s, 90k tbn, 30 tbc
Stream mapping:
  Stream #0:0 -> #0:0 (h264 -> rawvideo)
Press [q] to stop, [?] for help
[null @ 0x16f1100] Encoder did not produce proper pts, making some up.
[mpegts @ 0x16e9880] PES packet size mismatch

Program received signal SIGSEGV, Segmentation fault.
av_frame_unref (frame=0x20189a0) at libavutil/frame.c:340
340             av_freep(&frame->side_data[i]->data);

comment:7 by Michael Niedermayer, 11 years ago

Resolution: fixed
Status: openclosed
Note: See TracTickets for help on using tickets.