Opened 9 years ago
Closed 9 years ago
#4777 closed defect (fixed)
Double free for -reset_timestamps 1 -f segment
| Reported by: | tommes | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | undetermined |
| Version: | git-master | Keywords: | crash regression |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
How to reproduce:
% There are two steps required to produce the crash with ffconcat in use. Step1: ./ffmpeg -i anyMpeg4Movie.mp4 -an -f segment -segment_list_type ffconcat -segment_list out.txt -vcodec copy -reset_timestamps 1 -map 0:0 seg%1d.mp4 Step2: ./ffmpeg -isync -i out.txt -s 640x480 -vcodec libx264 -preset fast -b:v 1300k -g 25 -map 0:v -f segment -segment_list_type ffconcat -segment_list out2.txt newSeg%1d.mp4 Stream mapping: Stream #0:0 -> #0:0 (h264 (native) -> h264 (libx264)) Press [q] to stop, [?] for help ffmpeg(51439,0x7fff78860300) malloc: *** error for object 0x7fde79602d60: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug ffmpeg version ffmpeg version N-74447-g767d780 built on 16. August 2015
Patches should be submitted to the ffmpeg-devel mailing list and not this bug tracker.
Change History (4)
comment:1 by , 9 years ago
comment:2 by , 9 years ago
| Component: | ffmpeg → undetermined |
|---|---|
| Keywords: | crash added |
| Priority: | normal → important |
| Reproduced by developer: | unset |
Is the issue only reproducible with -vcodec libx264 or also with -vcodec mpeg4?
To make this a valid ticket, please provide the command line that crashes together with the complete, uncut console output and backtrace etc. as explained on https://ffmpeg.org/bugreports.html
comment:3 by , 9 years ago
| Keywords: | regression added |
|---|---|
| Reproduced by developer: | set |
| Status: | new → open |
| Summary: | FFMPEG Malloc crash, all versions OS X,lnx, windows → Double free for -reset_timestamps 1 -f segment |
Regression since e5bae39f46e55843c025d280ed5441e358e59f2e
$ valgrind ./ffmpeg_g -i fate-suite/lena.pnm -reset_timestamps 1 -f segment out%1d.avi
==21072== Memcheck, a memory error detector
==21072== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==21072== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==21072== Command: ./ffmpeg_g -i fate-suite/lena.pnm -reset_timestamps 1 -f segment out%1d.avi
==21072==
ffmpeg version N-74483-gb807f7e Copyright (c) 2000-2015 the FFmpeg developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 54. 30.100 / 54. 30.100
libavcodec 56. 57.100 / 56. 57.100
libavformat 56. 40.101 / 56. 40.101
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 34.100 / 5. 34.100
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 2.101 / 1. 2.101
libpostproc 53. 3.100 / 53. 3.100
Input #0, image2, from 'fate-suite/lena.pnm':
Duration: 00:00:00.04, start: 0.000000, bitrate: 39333 kb/s
Stream #0:0: Video: ppm, rgb24, 256x256, 25 tbr, 25 tbn, 25 tbc
==21072== Invalid read of size 8
==21072== at 0x777A59F: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==21072== by 0x772E8A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==21072== by 0xF78FCE: av_strtod (eval.c:100)
==21072== by 0xF79814: parse_primary (eval.c:333)
==21072== by 0xF7A2C0: parse_factor (eval.c:493)
==21072== by 0xF7A4BB: parse_term (eval.c:542)
==21072== by 0xF7955E: parse_expr (eval.c:566)
==21072== by 0xF7A6C5: av_expr_parse (eval.c:684)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== Address 0xb814fc0 is 0 bytes inside a block of size 3 alloc'd
==21072== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0xF82B09: av_malloc (mem.c:97)
==21072== by 0xF7A608: av_expr_parse (eval.c:661)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== by 0x4A9FE6: avfilter_graph_config (avfiltergraph.c:275)
==21072== by 0x486CD4: configure_filtergraph (ffmpeg_filter.c:1042)
==21072== by 0x48C25A: transcode_init (ffmpeg.c:2996)
==21072== by 0x491E05: transcode (ffmpeg.c:3928)
==21072==
==21072== Invalid read of size 8
==21072== at 0x777A5A7: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==21072== by 0x772E8A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==21072== by 0xF78FCE: av_strtod (eval.c:100)
==21072== by 0xF79814: parse_primary (eval.c:333)
==21072== by 0xF7A2C0: parse_factor (eval.c:493)
==21072== by 0xF7A4BB: parse_term (eval.c:542)
==21072== by 0xF7955E: parse_expr (eval.c:566)
==21072== by 0xF7A6C5: av_expr_parse (eval.c:684)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== Address 0xb814fc8 is 5 bytes after a block of size 3 alloc'd
==21072== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0xF82B09: av_malloc (mem.c:97)
==21072== by 0xF7A608: av_expr_parse (eval.c:661)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== by 0x4A9FE6: avfilter_graph_config (avfiltergraph.c:275)
==21072== by 0x486CD4: configure_filtergraph (ffmpeg_filter.c:1042)
==21072== by 0x48C25A: transcode_init (ffmpeg.c:2996)
==21072== by 0x491E05: transcode (ffmpeg.c:3928)
==21072==
Output #0, segment, to 'out%1d.avi':
Metadata:
encoder : Lavf56.40.101
Stream #0:0: Video: mpeg4, yuv420p, 256x256, q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
Metadata:
encoder : Lavc56.57.100 mpeg4
Stream mapping:
Stream #0:0 -> #0:0 (ppm (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
==21072== Invalid read of size 8
==21072== at 0xF82D23: av_freep (mem.c:247)
==21072== by 0x6BC9A3: av_free_packet (avpacket.c:275)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072== Address 0xb83bdf0 is 0 bytes inside a block of size 16 free'd
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x605E44: ff_write_chained (mux.c:1043)
==21072== by 0x65B596: seg_write_packet (segment.c:836)
==21072== by 0x6042BC: write_packet (mux.c:641)
==21072== by 0x60591D: av_interleaved_write_frame (mux.c:951)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072==
==21072== Invalid write of size 8
==21072== at 0xF82D26: av_freep (mem.c:248)
==21072== by 0x6BC9A3: av_free_packet (avpacket.c:275)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072== Address 0xb83bdf0 is 0 bytes inside a block of size 16 free'd
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x605E44: ff_write_chained (mux.c:1043)
==21072== by 0x65B596: seg_write_packet (segment.c:836)
==21072== by 0x6042BC: write_packet (mux.c:641)
==21072== by 0x60591D: av_interleaved_write_frame (mux.c:951)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072==
==21072== Invalid free() / delete / delete[] / realloc()
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072== Address 0xb83bdf0 is 0 bytes inside a block of size 16 free'd
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x605E44: ff_write_chained (mux.c:1043)
==21072== by 0x65B596: seg_write_packet (segment.c:836)
==21072== by 0x6042BC: write_packet (mux.c:641)
==21072== by 0x60591D: av_interleaved_write_frame (mux.c:951)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072==
frame= 1 fps=0.0 q=3.8 Lsize=N/A time=00:00:00.04 bitrate=N/A
video:11kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown
==21072==
==21072== HEAP SUMMARY:
==21072== in use at exit: 97 bytes in 3 blocks
==21072== total heap usage: 2,019 allocs, 2,017 frees, 4,749,723 bytes allocated
==21072==
==21072== LEAK SUMMARY:
==21072== definitely lost: 9 bytes in 1 blocks
==21072== indirectly lost: 0 bytes in 0 blocks
==21072== possibly lost: 0 bytes in 0 blocks
==21072== still reachable: 88 bytes in 2 blocks
==21072== suppressed: 0 bytes in 0 blocks
==21072== Rerun with --leak-check=full to see details of leaked memory
==21072==
==21072== For counts of detected and suppressed errors, rerun with: -v
==21072== ERROR SUMMARY: 9 errors from 5 contexts (suppressed: 2 from 2)
comment:4 by , 9 years ago
| Resolution: | → fixed |
|---|---|
| Status: | open → closed |
Note:
See TracTickets
for help on using tickets.
I figured out that it only came to the malloc error when i use a second time the -reset_timestamps.
Step1:
./ffmpeg -i anyMpeg4Movie.mp4 -an -f segment -segment_list_type ffconcat -segment_list out.txt -vcodec copy -reset_timestamps 1 -map 0:0 seg%1d.mp4
Step2:
./ffmpeg -isync -i out.txt -s 640x480 -vcodec libx264 -preset fast -b:v 1300k -g 25 -map 0:v -reset_timestamps 1 -f segment -segment_list_type ffconcat -segment_list out2.txt newSeg%1d.mp4