Opened 6 years ago
Closed 6 years ago
#6936 closed defect (needs_more_info)
double free or corruption in remove_decoded_packets()
| Reported by: | tzimmo | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | avformat |
| Version: | git-master | Keywords: | crash abort |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description (last modified by )
(gdb) run
Starting program: /tmp/ffmpeg/bin/ffmpeg -i foobar.vob -fflags +genpts -target pal-dvd -vcodec copy -acodec copy -scodec dvbsub -map \#0x1e0 -map \#0x80 -map \#0x23 -metadata:s:s:0 language=fin out.vob
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-84734-g0ecb1c5 Copyright (c) 2000-2017 the FFmpeg developers
built with gcc 4.9.2 (Debian 4.9.2-10)
configuration: --prefix=/tmp/ffmpeg --enable-static --disable-shared --enable-pic --disable-x86asm --disable-stripping --disable-optimizations
libavutil 56. 0.100 / 56. 0.100
libavcodec 58. 3.103 / 58. 3.103
libavformat 58. 2.100 / 58. 2.100
libavdevice 58. 0.100 / 58. 0.100
libavfilter 7. 1.100 / 7. 1.100
libswscale 5. 0.101 / 5. 0.101
libswresample 3. 0.101 / 3. 0.101
Input #0, mpeg, from 'foobar.vob':
Duration: 00:18:32.19, start: 0.287267, bitrate: 8060 kb/s
Stream #0:0[0x1e0]: Video: mpeg2video (Main), yuv420p(tv, top first), 720x576 [SAR 64:45 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc
Stream #0:1[0x80]: Audio: ac3, 48000 Hz, 5.1(side), fltp, 384 kb/s
Stream #0:2[0x21]: Subtitle: dvd_subtitle
Stream #0:3[0x22]: Subtitle: dvd_subtitle
Stream #0:4[0x24]: Subtitle: dvd_subtitle
Stream #0:5[0x26]: Subtitle: dvd_subtitle
Stream #0:6[0x28]: Subtitle: dvd_subtitle
Stream #0:7[0x23]: Subtitle: dvd_subtitle
Stream #0:8[0x20]: Subtitle: dvd_subtitle
Stream #0:9[0x25]: Subtitle: dvd_subtitle
Stream #0:10[0x27]: Subtitle: dvd_subtitle
File 'out.vob' already exists. Overwrite ? [y/N] y
[dvd @ 0x23f7de0] VBV buffer size not set, using default size of 130KB
If you want the mpeg file to be compliant to some specification
Like DVD, VCD or others, make sure you set the correct buffer size
Output #0, dvd, to 'out.vob':
Metadata:
encoder : Lavf58.2.100
Stream #0:0: Video: mpeg2video (Main), yuv420p(tv, top first), 720x576 [SAR
64:45 DAR 16:9], q=2-31, 6000 kb/s, 25 fps, 25 tbr, 90k tbn, 25 tbc
Stream #0:1: Audio: ac3, 48000 Hz, 5.1(side), fltp, 448 kb/s
Stream #0:2(fin): Subtitle: dvb_subtitle (dvbsub), 720x576
Metadata:
encoder : Lavc58.3.103 dvbsub
Stream mapping:
Stream #0:0 -> #0:0 (copy)
Stream #0:1 -> #0:1 (copy)
Stream #0:7 -> #0:2 (dvd_subtitle (dvdsub) -> dvb_subtitle (dvbsub))
Press [q] to stop, [?] for help
[dvd @ 0x23f7de0] Timestamps are unset in a packet for stream 0. This is deprecated and will stop working in the future. Fix your code to set the timestamps properly
*** Error in `/tmp/ffmpeg/bin/ffmpeg': double free or corruption (fasttop): 0x000000000240be60 ***
Program received signal SIGABRT, Aborted.
0x00007ffff5ea5067 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa ei ole.
(gdb) bt
#0 0x00007ffff5ea5067 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff5ea6448 in __GI_abort () at abort.c:89
#2 0x00007ffff5ee31b4 in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7ffff5fd8210 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff5ee898e in malloc_printerr (action=1,
str=0x7ffff5fd83f8 "double free or corruption (fasttop)",
ptr=<optimized out>) at malloc.c:4996
#4 0x00007ffff5ee9696 in _int_free (av=<optimized out>, p=<optimized out>,
have_lock=0) at malloc.c:3840
#5 0x000000000149a494 in av_free (ptr=0x240be60) at libavutil/mem.c:223
#6 0x000000000149a4cc in av_freep (arg=0x7fffffffd600) at libavutil/mem.c:233
#7 0x000000000076b85c in remove_decoded_packets (ctx=0x23f7de0, scr=8033041)
at libavformat/mpegenc.c:954
#8 0x000000000076bc70 in output_packet (ctx=0x23f7de0, flush=0)
at libavformat/mpegenc.c:1031
#9 0x000000000076c501 in mpeg_mux_write_packet (ctx=0x23f7de0,
pkt=0x7fffffffd870) at libavformat/mpegenc.c:1176
#10 0x000000000077f713 in write_packet (s=0x23f7de0, pkt=0x7fffffffd870)
at libavformat/mux.c:754
#11 0x0000000000781006 in av_interleaved_write_frame (s=0x23f7de0, pkt=0x0)
at libavformat/mux.c:1245
#12 0x0000000000421615 in write_packet (of=0x2548e20, pkt=0x7fffffffdb50,
ost=0x255cc60, unqueue=0) at fftools/ffmpeg.c:797
#13 0x0000000000421897 in output_packet (of=0x2548e20, pkt=0x7fffffffdb50,
ost=0x255cc60, eof=0) at fftools/ffmpeg.c:868
#14 0x0000000000426c53 in do_streamcopy (ist=0x25215a0, ost=0x255cc60,
pkt=0x7fffffffde70) at fftools/ffmpeg.c:2065
#15 0x00000000004292fa in process_input_packet (ist=0x25215a0,
pkt=0x7fffffffde70, no_eof=0) at fftools/ffmpeg.c:2734
#16 0x000000000042f772 in process_input (file_index=0) at fftools/ffmpeg.c:4422
#17 0x000000000042fc80 in transcode_step () at fftools/ffmpeg.c:4542
#18 0x000000000042fdad in transcode () at fftools/ffmpeg.c:4596
#19 0x00000000004304ec in main (argc=22, argv=0x7fffffffe948)
at fftools/ffmpeg.c:4802
Change History (4)
comment:1 by , 6 years ago
| Component: | undetermined → avformat |
|---|---|
| Description: | modified (diff) |
| Keywords: | crash abort added |
| Priority: | normal → important |
comment:2 by , 6 years ago
The input file is huge... 4 GB or so. I was kind of hoping this would be easy to detect from the stacktrace. I can try to crop the input file and see if this reproduces.
comment:4 by , 6 years ago
| Resolution: | → needs_more_info |
|---|---|
| Status: | new → closed |
Please reopen this (important looking) ticket if you can provide an input sample.
Note:
See TracTickets
for help on using tickets.
Please provide the input file.