Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#7472 closed defect (invalid)

double free detected in avcodec_close after rtmp streaming with h264 codec

Reported by: andreanobile Owned by:
Priority: important Component: avcodec
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


Summary of the bug:
How to reproduce:

./streamer <video file>
ffmpeg version: git master

compiled with:
PATH="$HOME/bin:$PATH" PKG_CONFIG_PATH="$HOME/ffmpeg_build/lib/pkgconfig" ./configure   --prefix="$HOME/ffmpeg_build"    --extra-cflags="-I$HOME/ffmpeg_build/include"   --extra-ldflags="-L$HOME/ffmpeg_build/lib"   --extra-libs="-lpthread -lm"   --bindir="$HOME/bin"   --enable-gpl   --enable-libaom   --enable-libass   --enable-libfdk-aac   --enable-libfreetype   --enable-libmp3lame   --enable-libopus   --enable-libvorbis   --enable-libvpx   --enable-libx264   --enable-libx265 --enable-shared  --enable-nonfree --enable-pic --extra-ldexeflags=-pie --pkg-config-flags="--static" --enable-debug && PATH="$HOME/bin:$PATH" make -j4 && make install

address sanitizer output:
==4937==ERROR: AddressSanitizer: attempting double-free on 0x618000001480 in thread T0:
    #0 0x7f33dab397b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/
    #1 0x7f33d8cb8ff9  (/home/andrea/ffmpeg_build/lib/
    #2 0x7f33d8cd4a4d in avcodec_close (/home/andrea/ffmpeg_build/lib/
    #3 0x5632c2af4406 in Streamer::~Streamer() /home/andrea/computer_vision/streamer/main.cpp:280
    #4 0x5632c2af520e in main /home/andrea/computer_vision/streamer/main.cpp:292
    #5 0x7f33d5ab8b96 in __libc_start_main (/lib/x86_64-linux-gnu/
    #6 0x5632c2af05d9 in _start (/home/andrea/computer_vision/streamer/build/streamer+0x205d9)

0x618000001480 is located 0 bytes inside of 731-byte region [0x618000001480,0x61800000175b)
freed by thread T0 here:
    #0 0x7f33dab397b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/
    #1 0x7f33d92d3225 in avcodec_parameters_free (/home/andrea/ffmpeg_build/lib/

previously allocated by thread T0 here:
    #0 0x7f33dab3a7a0 in posix_memalign (/usr/lib/x86_64-linux-gnu/
    #1 0x7f33d8566532 in av_malloc (/home/andrea/ffmpeg_build/lib/

SUMMARY: AddressSanitizer: double-free (/usr/lib/x86_64-linux-gnu/ in __interceptor_free

Attachments (2)

main.cpp (8.3 KB ) - added by andreanobile 4 years ago.
source code of program
CMakeLists.txt (1.6 KB ) - added by andreanobile 4 years ago.
cmake file

Download all attachments as: .zip

Change History (6)

by andreanobile, 4 years ago

Attachment: main.cpp added

source code of program

by andreanobile, 4 years ago

Attachment: CMakeLists.txt added

cmake file

comment:1 by Hendrik, 4 years ago

This is the offending line. If you assign the same extradata buffer to both structures, it'll be free'ed twice. Both of those structures are documented to "own" the extradata buffer, so both of them will free it. Hence, you have to use separate buffers.

avcodec_parameters_from_context will already copy the extradata, I would recommend to move that line after opening the encoder, then there is no need to manually touch it, and nothing bad happens.

Last edited 4 years ago by Hendrik (previous) (diff)

comment:2 by Hendrik, 4 years ago

Resolution: invalid
Status: newclosed

comment:3 by andreanobile, 4 years ago

Thank you!

comment:4 by Carl Eugen Hoyos, 4 years ago

Keywords: double free removed
Note: See TracTickets for help on using tickets.