Segmentation faults and double-free using spdif muxer

[barsnick]

Summary of the bug:
Segmentation faults or double-free or similar encountered while muxing to spdif (not reproducible with other muxers).

This happens only on this x86 machine. I can't reproduce on x86_64, and don't have the compile environment in place for building x86 (32 bit) there.

Originally, I was trying to reproduce trac #7731, using

$ ./ffmpeg_g -i truehd_11mbit_bug.mkv -c copy -f spdif /dev/null -y

which consistently crashed, but no longer does with this given build:

How to reproduce:

barsnick@sunshine:/usr/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2 > gdb -ex r --args ./ffmpeg_g -f lavfi -i anoisesrc -strict experimental -c:a truehd -t 1 -f spdif /dev/null -y
GNU gdb (GDB) Fedora (7.3.1-48.fc10.1sunshine)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "pentium4-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g...done.
Starting program: /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g -f lavfi -i anoisesrc -strict experimental -c:a truehd -t 1 -f spdif /dev/null -y
[Thread debugging using libthread_db enabled]
ffmpeg version N-93084-g835ab35 Copyright (c) 2000-2019 the FFmpeg developers
  built with gcc 4.3.2 (GCC) 20081105 (Red Hat 4.3.2-7)
  configuration: --disable-doc --disable-everything --disable-network --disable-vdpau --enable-protocol='file,pipe' --enable-indev=lavfi --enable-muxer='null,spdif' --enable-demuxer=matroska --enable-encoder='wrapped_avframe,truehd' --enable-decoder='rawvideo,pcm_f64le' --enable-filter='anoisesrc,anullsrc,nullsrc,testsrc,null,aresample'
  libavutil      56. 26.100 / 56. 26.100
  libavcodec     58. 46.100 / 58. 46.100
  libavformat    58. 26.100 / 58. 26.100
  libavdevice    58.  6.101 / 58.  6.101
  libavfilter     7. 48.100 /  7. 48.100
  libswscale      5.  4.100 /  5.  4.100
  libswresample   3.  4.100 /  3.  4.100
[New Thread 0xb7fd3b90 (LWP 2616)]
[New Thread 0xb75d2b90 (LWP 2617)]
Input #0, lavfi, from 'anoisesrc':
  Duration: N/A, start: 0.000000, bitrate: 3072 kb/s
    Stream #0:0: Audio: pcm_f64le, 48000 Hz, mono, dbl, 3072 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_f64le (native) -> truehd (native))
Press [q] to stop, [?] for help
[New Thread 0xb6b90b90 (LWP 2618)]
[New Thread 0xb618fb90 (LWP 2619)]
Output #0, spdif, to '/dev/null':
  Metadata:
    encoder         : Lavf58.26.100
    Stream #0:0: Audio: truehd, 48000 Hz, stereo, s16, 128 kb/s
    Metadata:
      encoder         : Lavc58.46.100 truehd

Program received signal SIGSEGV, Segmentation fault.
0x0070dc31 in malloc_consolidate () from /lib/libc.so.6
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-1.fc10.1sunshine.pentium4 glibc-2.9-3.2sunshine.i686 zlib-1.2.3-22.fc10.1sunshine.pentium4
(gdb) bt
#0  0x0070dc31 in malloc_consolidate () from /lib/libc.so.6
#1  0x0070f92d in _int_malloc () from /lib/libc.so.6
#2  0x00710a41 in _int_memalign () from /lib/libc.so.6
#3  0x00711985 in memalign () from /lib/libc.so.6
#4  0x00711b6f in posix_memalign () from /lib/libc.so.6
#5  0x0818e660 in av_malloc (size=136689232) at src/libavutil/mem.c:87
#6  0x0817ddc9 in av_buffer_alloc (size=4224) at src/libavutil/buffer.c:72
#7  0x0817e211 in pool_alloc_buffer (pool=<optimized out>) at src/libavutil/buffer.c:312
#8  av_buffer_pool_get (pool=0x823e440) at src/libavutil/buffer.c:349
#9  0x0807f4d3 in ff_frame_pool_get (pool=0x823e3c0) at src/libavfilter/framepool.c:261
#10 0x0807385b in ff_default_get_audio_buffer (link=0x8229180, nb_samples=1056) at src/libavfilter/audio.c:73
#11 0x08088a89 in filter_frame (inlink=0x8228900, insamplesref=0x826b6c0) at src/libavfilter/af_aresample.c:196
#12 0x08077635 in ff_filter_frame_framed (frame=0x826b6c0, link=<optimized out>) at src/libavfilter/avfilter.c:1071
#13 ff_filter_frame_to_filter (link=<optimized out>) at src/libavfilter/avfilter.c:1219
#14 ff_filter_activate_default (filter=<optimized out>) at src/libavfilter/avfilter.c:1268
#15 ff_filter_activate (filter=0x8229040) at src/libavfilter/avfilter.c:1429
#16 0x0807c2c2 in push_frame (graph=<optimized out>) at src/libavfilter/buffersrc.c:187
#17 av_buffersrc_add_frame_internal (ctx=0x8227b80, frame=<optimized out>, flags=4) at src/libavfilter/buffersrc.c:261
#18 0x0807c6ca in av_buffersrc_add_frame_flags (ctx=0x8227b80, frame=0x8225140, flags=4) at src/libavfilter/buffersrc.c:170
#19 0x08069b63 in ifilter_send_frame (frame=<optimized out>, ifilter=<optimized out>) at src/fftools/ffmpeg.c:2195
#20 send_frame_to_filters (ist=0x8201700, decoded_frame=0x8225140) at src/fftools/ffmpeg.c:2269
#21 0x0806a253 in decode_audio (decode_failed=<optimized out>, got_output=<optimized out>, pkt=<optimized out>, ist=<optimized out>) at src/fftools/ffmpeg.c:2336
#22 process_input_packet (ist=0x8201700, pkt=0xbfffe9cc, no_eof=0) at src/fftools/ffmpeg.c:2618
#23 0x0806db15 in process_input (file_index=<optimized out>) at src/fftools/ffmpeg.c:4515
#24 transcode_step () at src/fftools/ffmpeg.c:4635
#25 0x0807038e in transcode () at src/fftools/ffmpeg.c:4689
#26 0x08071072 in main (argc=15, argv=0x39) at src/fftools/ffmpeg.c:4891
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x70dc11 to 0x70dc51:
   0x0070dc11 <malloc_consolidate+401>: push   %ebp
   0x0070dc12 <malloc_consolidate+402>: int3
   0x0070dc13 <malloc_consolidate+403>: mov    %eax,0x14(%edx)
   0x0070dc16 <malloc_consolidate+406>: mov    0x14(%esi),%eax
   0x0070dc19 <malloc_consolidate+409>: mov    %edx,0x10(%eax)
   0x0070dc1c <malloc_consolidate+412>: jmp    0x70db00 <malloc_consolidate+128>
   0x0070dc21 <malloc_consolidate+417>: lea    0x0(%esi,%eiz,1),%esi
   0x0070dc28 <malloc_consolidate+424>: mov    0x8(%edi),%edx
   0x0070dc2b <malloc_consolidate+427>: add    %eax,-0x20(%ebp)
   0x0070dc2e <malloc_consolidate+430>: mov    0xc(%edi),%eax
=> 0x0070dc31 <malloc_consolidate+433>: cmp    %edi,0xc(%edx)
   0x0070dc34 <malloc_consolidate+436>: jne    0x70dd00 <malloc_consolidate+640>
   0x0070dc3a <malloc_consolidate+442>: cmp    0x8(%eax),%edi
   0x0070dc3d <malloc_consolidate+445>: jne    0x70dd00 <malloc_consolidate+640>
   0x0070dc43 <malloc_consolidate+451>: cmpl   $0x1ff,0x4(%edi)
   0x0070dc4a <malloc_consolidate+458>: mov    %eax,0xc(%edx)
   0x0070dc4d <malloc_consolidate+461>: mov    %edx,0x8(%eax)
   0x0070dc50 <malloc_consolidate+464>: jbe    0x70db21 <malloc_consolidate+161>
End of assembler dump.
(gdb) info all-registers
eax            0x1010184        16843140
ecx            0x825b650        136689232
edx            0x3009e07        50372103
ebx            0x80dff4 8445940
esp            0xbfffdba4       0xbfffdba4
ebp            0xbfffdc0c       0xbfffdc0c
esi            0x825b650        136689232
edi            0x825b6b8        136689336
eip            0x70dc31 0x70dc31 <malloc_consolidate+433>
eflags         0x10216  [ PF AF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            -nan(0xc000000000000000) (raw 0xffffc000000000000000)
st4            512      (raw 0x40088000000000000000)
st5            1000000  (raw 0x4012f424000000000000)
st6            0        (raw 0x00000000000000000000)
st7            1056     (raw 0x40098400000000000000)
fctrl          0x37f    895
fstat          0x121    289
ftag           0xffff   65535
fiseg          0x73     115
fioff          0x8088a24        134777380
foseg          0x7b     123
fooff          0xbfffde7c       -1073750404
fop            0x1db    475
xmm0           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
  uint128 = 0x00000000000000003ff0000000000000}
xmm1           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
  uint128 = 0x00000000000000003ff0000000000000}
xmm2           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
  uint128 = 0x00000000000000003ff0000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 15 times>, 0x80}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x8000}, v4_int32 = {0x0, 0x0, 0x0, 0x80000000}, v2_int64 = {0x0, 0x8000000000000000}, uint128 = 0x80000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 15 times>, 0x80}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x8000}, v4_int32 = {0x0, 0x0, 0x0, 0x80000000}, v2_int64 = {0x0, 0x8000000000000000}, uint128 = 0x80000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 15 times>, 0x80}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x8000}, v4_int32 = {0x0, 0x0, 0x0, 0x80000000}, v2_int64 = {0x0, 0x8000000000000000}, uint128 = 0x80000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x1, 0x0, 0x1}, v2_double = {0x1, 0x1}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0,
    0x3f}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x3ff0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x3ff00000}, v2_int64 = {0x3ff0000000000000,
    0x3ff0000000000000}, uint128 = 0x3ff00000000000003ff0000000000000}
xmm7           {v4_float = {0x0, 0xfffffffd, 0x0, 0xfffffffd}, v2_double = {0xfffffffffffffec0, 0xfffffffffffffebf}, v16_int8 = {0xc6, 0x6d, 0x12, 0x2e, 0xf3, 0xf,
    0x74, 0xc0, 0xc6, 0x6d, 0x12, 0x2e, 0xf3, 0x1f, 0x74, 0xc0}, v8_int16 = {0x6dc6, 0x2e12, 0xff3, 0xc074, 0x6dc6, 0x2e12, 0x1ff3, 0xc074}, v4_int32 = {0x2e126dc6,
    0xc0740ff3, 0x2e126dc6, 0xc0741ff3}, v2_int64 = {0xc0740ff32e126dc6, 0xc0741ff32e126dc6}, uint128 = 0xc0741ff32e126dc6c0740ff32e126dc6}
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000}, v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm5            {uint64 = 0xf424000000000000, v2_int32 = {0x0, 0xf4240000}, v4_int16 = {0x0, 0x0, 0x0, 0xf424}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0xf4}}
mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7            {uint64 = 0x8400000000000000, v2_int32 = {0x0, 0x84000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8400}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x84}}
(gdb)

If I remove "-t 1" and press 'q' while running, I get this instead:

barsnick@sunshine:/usr/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2 > gdb -ex r --args ./ffmpeg_g -f lavfi -i anoisesrc -strict experimental -c:a truehd -f spdif /dev
/null -y
GNU gdb (GDB) Fedora (7.3.1-48.fc10.1sunshine)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "pentium4-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g...done.
Starting program: /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g -f lavfi -i anoisesrc -strict experimental -c:a truehd -f spdif /dev/null -y
[Thread debugging using libthread_db enabled]
ffmpeg version N-93084-g835ab35 Copyright (c) 2000-2019 the FFmpeg developers
  built with gcc 4.3.2 (GCC) 20081105 (Red Hat 4.3.2-7)
  configuration: --disable-doc --disable-everything --disable-network --disable-vdpau --enable-protocol='file,pipe' --enable-indev=lavfi --enable-muxer='null,spdif' --en$
ble-demuxer=matroska --enable-encoder='wrapped_avframe,truehd' --enable-decoder='rawvideo,pcm_f64le' --enable-filter='anoisesrc,anullsrc,nullsrc,testsrc,null,aresample'
  libavutil      56. 26.100 / 56. 26.100
  libavcodec     58. 46.100 / 58. 46.100
  libavformat    58. 26.100 / 58. 26.100
  libavdevice    58.  6.101 / 58.  6.101
  libavfilter     7. 48.100 /  7. 48.100
  libswscale      5.  4.100 /  5.  4.100
  libswresample   3.  4.100 /  3.  4.100
[New Thread 0xb7fd3b90 (LWP 2664)]
[New Thread 0xb75d2b90 (LWP 2665)]
Input #0, lavfi, from 'anoisesrc':
  Duration: N/A, start: 0.000000, bitrate: 3072 kb/s
    Stream #0:0: Audio: pcm_f64le, 48000 Hz, mono, dbl, 3072 kb/s
Stream mapping:
  Stream #0:0 -> #0:0 (pcm_f64le (native) -> truehd (native))
Press [q] to stop, [?] for help
[New Thread 0xb6b90b90 (LWP 2666)]
[New Thread 0xb618fb90 (LWP 2667)]
Output #0, spdif, to '/dev/null':
  Metadata:
    encoder         : Lavf58.26.100
    Stream #0:0: Audio: truehd, 48000 Hz, stereo, s16, 128 kb/s
    Metadata:
      encoder         : Lavc58.46.100 truehd
*** glibc detected *** /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g: double free or corruption (!prev): 0x0825c380 ***
======= Backtrace: =========
/lib/libc.so.6[0x70d3a4]
/lib/libc.so.6(cfree+0x96)[0x70f356]
/usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g[0x818def1]
======= Memory map: ========
00679000-00699000 r-xp 00000000 08:01 32944      /lib/ld-2.9.so
0069a000-0069b000 r--p 00020000 08:01 32944      /lib/ld-2.9.so
0069b000-0069c000 rw-p 00021000 08:01 32944      /lib/ld-2.9.so
0069e000-0080c000 r-xp 00000000 08:01 33044      /lib/libc-2.9.so
0080c000-0080e000 r--p 0016e000 08:01 33044      /lib/libc-2.9.so
0080e000-0080f000 rw-p 00170000 08:01 33044      /lib/libc-2.9.so
0080f000-00812000 rw-p 0080f000 00:00 0
00814000-0083b000 r-xp 00000000 08:01 33067      /lib/libm-2.9.so
0083b000-0083c000 r--p 00026000 08:01 33067      /lib/libm-2.9.so
0083c000-0083d000 rw-p 00027000 08:01 33067      /lib/libm-2.9.so
00846000-0085c000 r-xp 00000000 08:01 33811      /lib/libpthread-2.9.so
0085c000-0085d000 r--p 00015000 08:01 33811      /lib/libpthread-2.9.so
0085d000-0085e000 rw-p 00016000 08:01 33811      /lib/libpthread-2.9.so
0085e000-00860000 rw-p 0085e000 00:00 0
00862000-00874000 r-xp 00000000 08:01 33816      /lib/libz.so.1.2.3
00874000-00875000 rw-p 00012000 08:01 33816      /lib/libz.so.1.2.3
00877000-0087f000 r-xp 00000000 08:01 33812      /lib/librt-2.9.so
0087f000-00880000 r--p 00007000 08:01 33812      /lib/librt-2.9.so
00880000-00881000 rw-p 00008000 08:01 33812      /lib/librt-2.9.so
00bbe000-00bbf000 r-xp 00bbe000 00:00 0          [vdso]
00cd4000-00ce1000 r-xp 00000000 08:01 33817      /lib/libgcc_s-4.3.2-20081105.so.1
00ce1000-00ce2000 rw-p 0000c000 08:01 33817      /lib/libgcc_s-4.3.2-20081105.so.1
0642d000-0643d000 r-xp 00000000 08:01 33848      /lib/libbz2.so.1.0.6
0643d000-0643e000 rw-p 00010000 08:01 33848      /lib/libbz2.so.1.0.6
08048000-081e8000 r-xp 00000000 08:07 917514     /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g
081e8000-081ea000 rw-p 001a0000 08:07 917514     /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06-2/ffmpeg_g
081ea000-0887e000 rw-p 081ea000 00:00 0          [heap]
b5600000-b5621000 rw-p b5600000 00:00 0
b5621000-b5700000 ---p b5621000 00:00 0
b5761000-b578f000 rw-p b5761000 00:00 0
b578f000-b5790000 ---p b578f000 00:00 0
b5790000-b6190000 rw-p b5790000 00:00 0
b6190000-b6191000 ---p b6190000 00:00 0
b6191000-b6bd2000 rw-p b6191000 00:00 0
b6bd2000-b6bd3000 ---p b6bd2000 00:00 0
b6bd3000-b75d3000 rw-p b6bd3000 00:00 0
b75d3000-b75d4000 ---p b75d3000 00:00 0
b75d4000-b7fd7000 rw-p b75d4000 00:00 0
bffeb000-c0000000 rw-p bffeb000 00:00 0          [stack]

Program received signal SIGABRT, Aborted.
0x00bbe416 in __kernel_vsyscall ()
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-1.fc10.1sunshine.pentium4 glibc-2.9-3.2sunshine.i686 libgcc-4.3.2-7.i386 zlib-1.2.3-22.fc10.1sunshin$
.pentium4
(gdb) bt
#0  0x00bbe416 in __kernel_vsyscall ()
#1  0x006c9460 in raise () from /lib/libc.so.6
#2  0x006cae28 in abort () from /lib/libc.so.6
#3  0x00706fed in __libc_message () from /lib/libc.so.6
#4  0x0070d3a4 in malloc_printerr () from /lib/libc.so.6
#5  0x0070f356 in free () from /lib/libc.so.6
#6  0x0818def1 in av_free (ptr=0x82021a8) at src/libavutil/mem.c:223
#7  av_freep (arg=0x82021a8) at src/libavutil/mem.c:233
#8  0x080ac6e1 in spdif_write_trailer (s=0x8206300) at src/libavformat/spdifenc.c:484
#9  0x080a7be2 in av_write_trailer (s=0x8206300) at src/libavformat/mux.c:1276
#10 0x08070c9a in transcode () at src/fftools/ffmpeg.c:4723
#11 0x08071072 in main (argc=13, argv=Cannot access memory at address 0xa63
) at src/fftools/ffmpeg.c:4891
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0xbbe3f6 to 0xbbe436:
   0x00bbe3f6:  add    %al,(%eax)
   0x00bbe3f8:  add    %al,(%eax)
   0x00bbe3fa:  add    %al,(%eax)
   0x00bbe3fc:  add    %al,(%eax)
   0x00bbe3fe:  add    %al,(%eax)
   0x00bbe400 <__kernel_sigreturn+0>:   pop    %eax
   0x00bbe401 <__kernel_sigreturn+1>:   mov    $0x77,%eax
   0x00bbe406 <__kernel_sigreturn+6>:   int    $0x80
   0x00bbe408 <__kernel_sigreturn+8>:   nop
   0x00bbe409:  lea    0x0(%esi),%esi
   0x00bbe40c <__kernel_rt_sigreturn+0>:        mov    $0xad,%eax
   0x00bbe411 <__kernel_rt_sigreturn+5>:        int    $0x80
   0x00bbe413 <__kernel_rt_sigreturn+7>:        nop
   0x00bbe414 <__kernel_vsyscall+0>:    int    $0x80
=> 0x00bbe416 <__kernel_vsyscall+2>:    ret
   0x00bbe417:  add    %ch,(%esi)
   0x00bbe419:  jae    0xbbe483
   0x00bbe41b:  jae    0xbbe491
   0x00bbe41d:  jb     0xbbe493
   0x00bbe41f:  popa
   0x00bbe420:  bound  %eax,(%eax)
   0x00bbe422:  cs
   0x00bbe423:  push   $0x687361
   0x00bbe428:  cs
   0x00bbe429:  fs
   0x00bbe42a:  jns    0xbbe49a
   0x00bbe42c:  jae    0xbbe4a7
   0x00bbe42e:  insl   (%dx),%es:(%edi)
   0x00bbe42f:  add    %ch,(%esi)
   0x00bbe431:  fs
   0x00bbe432:  jns    0xbbe4a2
   0x00bbe434:  jae    0xbbe4aa
End of assembler dump.
(gdb) info all-registers
eax            0x0      0
ecx            0xa5f    2655
edx            0x6      6
ebx            0xa5f    2655
esp            0xbfffe428       0xbfffe428
ebp            0xbfffe434       0xbfffe434
esi            0x0      0
edi            0x80dff4 8445940
eip            0xbbe416 0xbbe416 <__kernel_vsyscall+2>
eflags         0x206    [ PF IF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            0        (raw 0x00000000000000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            -nan(0xc000000000000000) (raw 0xffffc000000000000000)
st4            512      (raw 0x40088000000000000000)
st5            512      (raw 0x40088000000000000000)
st6            512      (raw 0x40088000000000000000)
st7            512      (raw 0x40088000000000000000)
fctrl          0x37f    895
fstat          0x121    289
ftag           0xffff   65535
fiseg          0x73     115
fioff          0x80e5b11        135158545
foseg          0x7b     123
fooff          0xbfffa444       -1073765308
fop            0x1c9    457
xmm0           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
  uint128 = 0x00000000000000003ff0000000000000}
xmm1           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
  uint128 = 0x00000000000000003ff0000000000000}
xmm2           {v4_float = {0x0, 0x1, 0x0, 0x0}, v2_double = {0x1, 0x0}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x0}, v2_int64 = {0x3ff0000000000000, 0x0},
  uint128 = 0x00000000000000003ff0000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 15 times>, 0x80}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x8000}, v4_int32 = {0x0, 0x0, 0x0, 0x80000000}, v2_int64 = {0x0, 0x8000000000000000}, uint128 = 0x80000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 15 times>, 0x80}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x8000}, v4_int32 = {0x0, 0x0, 0x0, 0x80000000}, v2_int64 = {0x0, 0x8000000000000000}, uint128 = 0x80000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 15 times>, 0x80}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
    0x8000}, v4_int32 = {0x0, 0x0, 0x0, 0x80000000}, v2_int64 = {0x0, 0x8000000000000000}, uint128 = 0x80000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x1, 0x0, 0x1}, v2_double = {0x1, 0x1}, v16_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0,
    0x3f}, v8_int16 = {0x0, 0x0, 0x0, 0x3ff0, 0x0, 0x0, 0x0, 0x3ff0}, v4_int32 = {0x0, 0x3ff00000, 0x0, 0x3ff00000}, v2_int64 = {0x3ff0000000000000,
    0x3ff0000000000000}, uint128 = 0x3ff00000000000003ff0000000000000}
xmm7           {v4_float = {0x0, 0xfffffffd, 0x0, 0xfffffffd}, v2_double = {0xfffffffffffffec0, 0xfffffffffffffebf}, v16_int8 = {0xc6, 0x6d, 0x12, 0x2e, 0xf3, 0xf,
    0x74, 0xc0, 0xc6, 0x6d, 0x12, 0x2e, 0xf3, 0x1f, 0x74, 0xc0}, v8_int16 = {0x6dc6, 0x2e12, 0xff3, 0xc074, 0x6dc6, 0x2e12, 0x1ff3, 0xc074}, v4_int32 = {0x2e126dc6,
    0xc0740ff3, 0x2e126dc6, 0xc0741ff3}, v2_int64 = {0xc0740ff32e126dc6, 0xc0741ff32e126dc6}, uint128 = 0xc0741ff32e126dc6c0740ff32e126dc6}
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3            {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000}, v4_int16 = {0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm5            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm7            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
(gdb)

[barsnick]

Here's the result from a different build (many more configure flags and external libraries in use), and with a different compiler (ICC), but to a similar effect, using said file from ticket #7731:

barsnick@sunshine:/usr/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06 > gdb -ex r --args ./ffmpeg_g -i ~/tmp/truehd_11mbit_bug.mkv -c copy -f spdif /dev/null -y
GNU gdb (GDB) Fedora (7.3.1-48.fc10.1sunshine)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "pentium4-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06/ffmpeg_g...done.
Starting program: /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06/ffmpeg_g -i /home/barsnick/tmp/truehd_11mbit_bug.mkv -c copy -f spdif /dev/null -y
[Thread debugging using libthread_db enabled]
ffmpeg version N-93084-g835ab35 Copyright (c) 2000-2019 the FFmpeg developers
  built with icc (ICC) 14.0.3 20140422
  configuration: --prefix=/usr/new/tools/video/install/ffmpeg/2019-02-06 --cc=icc --cxx=icpc --enable-gpl --enable-version3 --enable-nonfree --disable-shared --enable-gnu
tls --enable-libcdio --enable-libfreetype --enable-libx264 --enable-libvpx --enable-libmp3lame --enable-openal --enable-libopencore-amrnb --enable-libopencore-amrwb --ena
ble-libtwolame --enable-librtmp --enable-libass --enable-libv4l2 --enable-libvidstab --enable-libfdk-aac --enable-libsmbclient --enable-libzvbi --enable-libtesseract --en
able-libzmq --enable-libopus --enable-libcodec2 --enable-libxml2 --enable-libopencv
  libavutil      56. 26.100 / 56. 26.100
  libavcodec     58. 46.100 / 58. 46.100
  libavformat    58. 26.100 / 58. 26.100
  libavdevice    58.  6.101 / 58.  6.101
  libavfilter     7. 48.100 /  7. 48.100
  libswscale      5.  4.100 /  5.  4.100
  libswresample   3.  4.100 /  3.  4.100
  libpostproc    55.  4.100 / 55.  4.100
Input #0, matroska,webm, from '/home/barsnick/tmp/truehd_11mbit_bug.mkv':
  Metadata:
    encoder         : libebml v1.3.6 + libmatroska v1.4.9
    creation_time   : 2018-12-27T15:27:27.000000Z
  Duration: 00:00:05.61, start: 0.000000, bitrate: 8760 kb/s
    Stream #0:0: Audio: truehd, 48000 Hz, 7.1, s32 (24 bit) (default)
    Metadata:
      BPS-eng         : 8686421
      DURATION-eng    : 00:00:05.605828704
      NUMBER_OF_FRAMES-eng: 6675
      NUMBER_OF_BYTES-eng: 6085924
      _STATISTICS_WRITING_APP-eng: mkvmerge v28.2.0 ('The Awakening') 64-bit
      _STATISTICS_WRITING_DATE_UTC-eng: 2018-12-27 15:27:27
      _STATISTICS_TAGS-eng: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
Output #0, spdif, to '/dev/null':
  Metadata:
    encoder         : Lavf58.26.100
    Stream #0:0: Audio: truehd, 48000 Hz, 7.1, s32 (24 bit) (default)
    Metadata:
      BPS-eng         : 8686421
      DURATION-eng    : 00:00:05.605828704
      NUMBER_OF_FRAMES-eng: 6675
      NUMBER_OF_BYTES-eng: 6085924
      _STATISTICS_WRITING_APP-eng: mkvmerge v28.2.0 ('The Awakening') 64-bit
      _STATISTICS_WRITING_DATE_UTC-eng: 2018-12-27 15:27:27
      _STATISTICS_TAGS-eng: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
Stream mapping:
  Stream #0:0 -> #0:0 (copy)
Press [q] to stop, [?] for help
*** glibc detected *** /usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06/ffmpeg_g: free(): invalid pointer: 0x0a238cb8 ***
======= Backtrace: =========
/lib/libc.so.6[0x776e3a4]
/lib/libc.so.6(cfree+0x96)[0x7770356]
/usr/local/new/tools/video/ffmpeg/ffmpeg-build-2019-02-06/ffmpeg_g[0x925a7ba]
======= Memory map: ========
00110000-0012a000 r-xp 00000000 08:07 52595460   /usr/lib/libass.so.5.0.0
0012a000-0012b000 rw-p 0001a000 08:07 52595460   /usr/lib/libass.so.5.0.0
0012b000-001cb000 r-xp 00000000 08:07 52592747   /usr/lib/libzmq.so.5.2.1
001cb000-001cf000 rw-p 000a0000 08:07 52592747   /usr/lib/libzmq.so.5.2.1
001cf000-001e1000 r-xp 00000000 08:01 33816      /lib/libz.so.1.2.3
001e1000-001e2000 rw-p 00012000 08:01 33816      /lib/libz.so.1.2.3
001e2000-00207000 r-xp 00000000 08:07 52594599   /usr/lib/liblzma.so.5.2.4
00207000-00208000 rw-p 00025000 08:07 52594599   /usr/lib/liblzma.so.5.2.4
00208000-00263000 r-xp 00000000 08:07 52593216   /usr/lib/libcodec2.so.0.8
00263000-00267000 rw-p 0005b000 08:07 52593216   /usr/lib/libcodec2.so.0.8
00267000-00268000 r-xp 00000000 08:07 52594748   /usr/lib/libvdpau.so.1.0.0
00268000-00269000 rw-p 00000000 08:07 52594748   /usr/lib/libvdpau.so.1.0.0
00269000-0026a000 r-xp 00000000 08:07 52594486   /usr/lib/libtalloc-compat1-2.0.0.so
0026a000-0026b000 rw-p 00000000 08:07 52594486   /usr/lib/libtalloc-compat1-2.0.0.so
0026b000-0026f000 r-xp 00000000 08:01 33840      /lib/libcap.so.2.10
0026f000-00270000 rw-p 00003000 08:01 33840      /lib/libcap.so.2.10
00270000-00272000 r-xp 00000000 08:01 33825      /lib/libcom_err.so.2.1
00272000-00273000 rw-p 00001000 08:01 33825      /lib/libcom_err.so.2.1
00273000-00283000 r-xp 00000000 08:07 52598994   /usr/lib/libvidstab.so.1.1
00283000-00284000 rw-p 0000f000 08:07 52598994   /usr/lib/libvidstab.so.1.1
00284000-00341000 r-xp 00000000 08:07 52594406   /usr/lib/libfdk-aac.so.1.0.1
00341000-00343000 rw-p 000bd000 08:07 52594406   /usr/lib/libfdk-aac.so.1.0.1
00343000-00344000 rw-p 00343000 00:00 0
00344000-00346000 r-xp 00000000 08:01 33822      /lib/libkeyutils-1.2.so
00346000-00347000 rw-p 00001000 08:01 33822      /lib/libkeyutils-1.2.so
0034a000-00445000 r-xp 00000000 08:07 52592651   /usr/lib/libSDL2-2.0.so.0.4.0
00445000-0044a000 rw-p 000fb000 08:07 52592651   /usr/lib/libSDL2-2.0.so.0.4.0
0044a000-0044c000 rw-p 0044a000 00:00 0
0044c000-004a7000 r-xp 00000000 08:07 52592947   /usr/lib/libopus.so.0.7.0
004a7000-004a8000 rw-p 0005a000 08:07 52592947   /usr/lib/libopus.so.0.7.0
004a8000-004b2000 r-xp 00000000 08:07 52594268   /usr/lib/libesd.so.0.2.39
004b2000-004b3000 rw-p 00009000 08:07 52594268   /usr/lib/libesd.so.0.2.39
004b3000-004da000 r-xp 00000000 08:01 33067      /lib/libm-2.9.so
004da000-004db000 r--p 00026000 08:01 33067      /lib/libm-2.9.so
004db000-004dc000 rw-p 00027000 08:01 33067      /lib/libm-2.9.so
004dc000-004f9000 r-xp 00000000 08:07 52593853   /usr/lib/libcdio.so.7.1.1
004f9000-004fa000 rw-p 0001c000 08:07 52593853   /usr/lib/libcdio.so.7.1.1
004fa000-004fe000 rw-p 004fa000 00:00 0
004fe000-0052c000 r-xp 00000000 08:07 52608725   /usr/lib/libfontconfig.so.1.3.0
0052c000-0052d000 rw-p 0002e000 08:07 52608725   /usr/lib/libfontconfig.so.1.3.0
0052d000-0053a000 r-xp 00000000 08:07 52595417   /usr/lib/libgomp.so.1.0.0
0053a000-0053b000 rw-p 0000d000 08:07 52595417   /usr/lib/libgomp.so.1.0.0
0053b000-00542000 r-xp 00000000 08:07 52592942   /usr/lib/libSM.so.6.0.0
00542000-00543000 rw-p 00006000 08:07 52592942   /usr/lib/libSM.so.6.0.0
00543000-00544000 r-xp 00543000 00:00 0          [vdso]
00544000-0062b000 r-xp 00000000 08:07 52595315   /usr/lib/libstdc++.so.6.0.10
0062b000-0062f000 r--p 000e6000 08:07 52595315   /usr/lib/libstdc++.so.6.0.10
0062f000-00631000 rw-p 000ea000 08:07 52595315   /usr/lib/libstdc++.so.6.0.10
00631000-00636000 rw-p 00631000 00:00 0
00636000-00643000 r-xp 00000000 08:07 52608777   /usr/lib/libtdb.so.1
00643000-00644000 r--p 0000c000 08:07 52608777   /usr/lib/libtdb.so.1
00644000-00645000 rw-p 0000d000 08:07 52608777   /usr/lib/libtdb.so.1
00648000-0064a000 r-xp 00000000 08:07 52595140   /usr/lib/libxcb-shm.so.0.0.0
0064a000-0064b000 rw-p 00001000 08:07 52595140   /usr/lib/libxcb-shm.so.0.0.0
0064b000-0065d000 r-xp 00000000 08:07 52592863   /usr/lib/libtasn1.so.6.2.3
0065d000-0065e000 ---p 00012000 08:07 52592863   /usr/lib/libtasn1.so.6.2.3
0065e000-0065f000 r--p 00012000 08:07 52592863   /usr/lib/libtasn1.so.6.2.3
0065f000-00660000 rw-p 00013000 08:07 52592863   /usr/lib/libtasn1.so.6.2.3
00660000-00668000 r-xp 00000000 08:07 52594487   /usr/lib/libwbclient.so.0
00668000-00669000 r--p 00007000 08:07 52594487   /usr/lib/libwbclient.so.0
00669000-0066a000 rw-p 00008000 08:07 52594487   /usr/lib/libwbclient.so.0
0066a000-00672000 r-xp 00000000 08:07 52593872   /usr/lib/libgif.so.4.1.6
00672000-00673000 rw-p 00007000 08:07 52593872   /usr/lib/libgif.so.4.1.6
00673000-00676000 r-xp 00000000 08:01 33843      /lib/libuuid.so.1.2
00676000-00677000 rw-p 00003000 08:01 33843      /lib/libuuid.so.1.2
00679000-00699000 r-xp 00000000 08:01 32944      /lib/ld-2.9.so
0069a000-0069b000 r--p 00020000 08:01 32944      /lib/ld-2.9.so
0069b000-0069c000 rw-p 00021000 08:01 32944      /lib/ld-2.9.so
0069c000-0080e000 r-xp 00000000 08:07 52593299   /usr/lib/libvpx.so.3.0.0
0080e000-00810000 rw-p 00172000 08:07 52593299   /usr/lib/libvpx.so.3.0.0
00810000-00813000 rw-p 00810000 00:00 0
00814000-0082e000 r-xp 00000000 08:07 52593435   /usr/lib/librtmp.so.1
0082e000-0082f000 rw-p 0001a000 08:07 52593435   /usr/lib/librtmp.so.1
0082f000-00838000 r-xp 00000000 08:07 52592871   /usr/lib/libkrb5support.so.0.1
00838000-00839000 rw-p 00008000 08:07 52592871   /usr/lib/libkrb5support.so.0.1
0083f000-00842000 r-xp 00000000 08:01 33814      /lib/libdl-2.9.so
00842000-00843000 r--p 00002000 08:01 33814      /lib/libdl-2.9.so
00843000-00844000 rw
Program received signal SIGABRT, Aborted.
0x00543416 in __kernel_vsyscall ()
Missing separate debuginfos, use: debuginfo-install SDL-1.2.13-7.fc10.i386 SDL2-2.0.4-9.fc10.1sunshine.pentium4 alsa-lib-1.0.21-2.fc10.i386 audiofile-0.2.6-9.fc10.i386 bz
ip2-libs-1.0.6-1.fc10.1sunshine.pentium4 codec2-0.8.1-1.fc10.1sunshine.pentium4 cyrus-sasl-lib-2.1.22-19.fc10.i386 e2fsprogs-libs-1.41.4-6.fc10.i386 enca-1.9-4.fc9.i386 e
sound-libs-0.2.41-1.fc10.i386 expat-2.0.1-8.fc10.i386 fdk-aac-0.1.6-1.fc10.2sunshine.pentium4 fontconfig-2.6.0-3.fc10.i386 freetype-2.3.7-3.fc10.i386 fribidi-0.19.1-2.fc9
.i386 giflib-4.1.6-2.fc10.i386 glibc-2.9-3.2sunshine.i686 gnutls-2.12.24-0.fc10.1sunshine.pentium4 keyutils-libs-1.2-3.fc9.i386 krb5-libs-1.6.3-18.fc10.i386 lame-libs-3.1
00-1.fc10.1sunshine.pentium4 leptonica-1.69-11.fc10.1sunshine.pentium4 libICE-1.0.4-4.fc10.i386 libSM-1.1.0-2.fc10.i386 libX11-1.1.5-4.fc10.i386 libXau-1.0.4-1.fc10.i386
libXdmcp-1.0.2-6.fc10.i386 libXext-1.0.4-1.fc9.i386 libXv-1.0.4-1.fc10.i386 libass-0.10.2-3.fc10.1sunshine.pentium4 libcap-2.10-2.fc10.i386 libcdio-0.80-5.fc10.1sunshine.
pentium4 libgcc-4.3.2-7.i386 libgcrypt-1.4.4-1.fc10.i386 libgomp-4.3.2-7.i386 libgpg-error-1.6-2.i386 libjpeg-6b-43.fc10.i386 libpng-1.2.37-1.fc10.i386 librtmp-2.4-1.2013
1205.gitdc76f0a.fc10.2sunshine.pentium4 libselinux-2.0.78-1.fc10.i386 libsmbclient-3.2.15-0.36.fc10.i386 libstdc++-4.3.2-7.i386 libtalloc-2.0.0-0.fc12.i686 libtasn1-3.7-1
.fc19.i686 libtdb-1.1.1-36.fc10.i386 libtiff-3.8.2-14.fc10.i386 libv4l-0.8.1-1.fc10.pentium4 libvdpau-0.2-1.fc10.i386 libvpx-1.5.0-4.fc10.1sunshine.pentium4 libwebp-0.4.4
-1.fc10.1sunshine.pentium4 libxcb-1.1.91-8.fc10.i386 libxml2-2.7.6-1.fc10.i386 openal-0.0.9-0.15.20060204cvs.fc9.i386 opencore-amr-0.1.3-4.fc10.pentium4 opencv-core-2.4.1
2.3-3.fc10.1sunshine.pentium4 openldap-2.4.12-1.fc10.i386 openpgm-5.2.122-4.fc10.pentium4 openssl-0.9.8g-14.fc10.i686 opus-1.3-1.fc10.1sunshine.pentium4 p11-kit-0.18.3-1.
fc19.i686 p11-kit-trust-0.18.3-1.fc19.i686 samba-winbind-3.2.15-0.36.fc10.i386 tesseract-3.02.02-2.fc10.pentium4 twolame-libs-0.3.13-9.fc10.1sunshine.pentium4 vidstab-1.1
-0.20150529.git97c6ae2.fc10.1sunshine.pentium4 xz-libs-5.2.4-3.fc10.1sunshine.pentium4 zeromq-4.3.1-0.fc10.1sunshine.pentium4 zlib-1.2.3-22.fc10.1sunshine.pentium4 zvbi-0
.2.35-1.fc10.1sunshine.pentium4
(gdb) bt
#0  0x00543416 in __kernel_vsyscall ()
#1  0x0772a460 in raise () from /lib/libc.so.6
#2  0x0772be28 in abort () from /lib/libc.so.6
#3  0x07767fed in __libc_message () from /lib/libc.so.6
#4  0x0776e3a4 in malloc_printerr () from /lib/libc.so.6
#5  0x07770356 in free () from /lib/libc.so.6
#6  0x0925a7ba in buffer_replace (dst=<optimized out>, src=<optimized out>) at src/libavutil/buffer.c:120
#7  av_buffer_unref (buf=0xa32e874) at src/libavutil/buffer.c:130
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
#8  0x083716c1 in ebml_free (syntax=0x0, data=0x6) at src/libavformat/matroskadec.c:1261
#9  0x0836c8cc in ebml_free (syntax=<optimized out>, data=<optimized out>) at src/libavformat/matroskadec.c:1270
#10 matroska_parse_cluster_incremental (matroska=<optimized out>) at src/libavformat/matroskadec.c:3457
#11 matroska_parse_cluster (matroska=0x0) at src/libavformat/matroskadec.c:3511
#12 0x0836baa6 in matroska_read_packet (s=0xa218740, pkt=0xbfffd1d0) at src/libavformat/matroskadec.c:3540
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-21
#13 0x0846bfc6 in ff_read_packet. () at src/libavformat/utils.c:856
#14 0x0846ac0e in read_frame_internal (s=0x0, pkt=0x6) at src/libavformat/utils.c:1582
#15 0x08464218 in av_read_frame (s=0xa218740, pkt=0xbfffd5b0) at src/libavformat/utils.c:1779
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-114
warning: Range for type (null) has invalid bounds 0..-21
#16 0x080761bf in get_input_packet (f=<optimized out>, pkt=<optimized out>) at src/fftools/ffmpeg.c:4147
#17 process_input (file_index=0) at src/fftools/ffmpeg.c:4264
#18 0x080717db in transcode_step () at src/fftools/ffmpeg.c:4635
#19 transcode () at src/fftools/ffmpeg.c:4689
#20 0x08070162 in main (argc=9, argv=0xbffff4e4) at src/fftools/ffmpeg.c:4891
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x5433f6 to 0x543436:
   0x005433f6:  add    %al,(%eax)
   0x005433f8:  add    %al,(%eax)
   0x005433fa:  add    %al,(%eax)
   0x005433fc:  add    %al,(%eax)
   0x005433fe:  add    %al,(%eax)
   0x00543400 <__kernel_sigreturn+0>:   pop    %eax
   0x00543401 <__kernel_sigreturn+1>:   mov    $0x77,%eax
   0x00543406 <__kernel_sigreturn+6>:   int    $0x80
   0x00543408 <__kernel_sigreturn+8>:   nop
   0x00543409:  lea    0x0(%esi),%esi
   0x0054340c <__kernel_rt_sigreturn+0>:        mov    $0xad,%eax
   0x00543411 <__kernel_rt_sigreturn+5>:        int    $0x80
   0x00543413 <__kernel_rt_sigreturn+7>:        nop
   0x00543414 <__kernel_vsyscall+0>:    int    $0x80
=> 0x00543416 <__kernel_vsyscall+2>:    ret
   0x00543417:  add    %ch,(%esi)
   0x00543419:  jae    0x543483
   0x0054341b:  jae    0x543491
   0x0054341d:  jb     0x543493
   0x0054341f:  popa
   0x00543420:  bound  %eax,(%eax)
   0x00543422:  cs
   0x00543423:  push   $0x687361
   0x00543428:  cs
   0x00543429:  fs
   0x0054342a:  jns    0x54349a
   0x0054342c:  jae    0x5434a7
   0x0054342e:  insl   (%dx),%es:(%edi)
   0x0054342f:  add    %ch,(%esi)
   0x00543431:  fs
   0x00543432:  jns    0x5434a2
   0x00543434:  jae    0x5434aa
End of assembler dump.
(gdb) info all-registers
eax            0x0      0
ecx            0xaaa    2730
edx            0x6      6
ebx            0xaaa    2730
esp            0xbfffc6b8       0xbfffc6b8
ebp            0xbfffc6c4       0xbfffc6c4
esi            0x400    1024
edi            0x786eff4        126283764
eip            0x543416 0x543416 <__kernel_vsyscall+2>
eflags         0x200206 [ PF IF ID ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            -0.70689381384426699223531842530832137   (raw 0xbffeb4f6fe3434b1d97c)
st1            5.6679142950347758790966001818389941     (raw 0x4001b55f8dccb691785a)
st2            -0.121656842529773712158203125   (raw 0xbffbf927390000000000)
st3            3.96875  (raw 0x4000fe00000000000000)
st4            0.25     (raw 0x3ffd8000000000000000)
st5            40.81037135398946702480316162109375      (raw 0x4004a33dd1fcfc000000)
st6            0        (raw 0x00000000000000000000)
st7            167      (raw 0x4006a700000000000000)
fctrl          0x37f    895
fstat          0x20     32
ftag           0xffff   65535
fiseg          0x73     115
fioff          0x8077473        134706291
foseg          0x7b     123
fooff          0xbfffd338       -1073753288
fop            0x22b    555
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xec, 0x33, 0xef, 0xfd, 0x0 <repeats 12 times>}, v8_int16 = {0x33ec, 0xfdef, 0x0,
    0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0xfdef33ec, 0x0, 0x0, 0x0}, v2_int64 = {0xfdef33ec, 0x0}, uint128 = 0x000000000000000000000000fdef33ec}
xmm3           {v4_float = {0x7de40e00, 0x26251700, 0x0, 0x0}, v2_double = {0x8000000000000000, 0x8000000000000000}, v16_int8 = {0x7, 0xf2, 0xbe, 0x4f, 0xe9, 0xda,
    0x59, 0xcf, 0x8f, 0x69, 0xb3, 0x77, 0x35, 0xbf, 0x2a, 0xdb}, v8_int16 = {0xf207, 0x4fbe, 0xdae9, 0xcf59, 0x698f, 0x77b3, 0xbf35, 0xdb2a}, v4_int32 = {0x4fbef207,
    0xcf59dae9, 0x77b3698f, 0xdb2abf35}, v2_int64 = {0xcf59dae94fbef207, 0xdb2abf3577b3698f}, uint128 = 0xdb2abf3577b3698fcf59dae94fbef207}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x8000000000000000}, v16_int8 = {0xa9, 0x8f, 0x81, 0x62, 0xc1, 0xe2, 0x6f, 0x2c, 0xcf, 0xf4, 0xdf,
    0x2b, 0x71, 0x0, 0x64, 0x5c}, v8_int16 = {0x8fa9, 0x6281, 0xe2c1, 0x2c6f, 0xf4cf, 0x2bdf, 0x71, 0x5c64}, v4_int32 = {0x62818fa9, 0x2c6fe2c1, 0x2bdff4cf,
    0x5c640071}, v2_int64 = {0x2c6fe2c162818fa9, 0x5c6400712bdff4cf}, uint128 = 0x5c6400712bdff4cf2c6fe2c162818fa9}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x60, 0x18, 0x0, 0x2c, 0x2, 0xc4, 0x21, 0x0, 0x12, 0x6, 0xe1, 0x10, 0xf8, 0x80,
    0xa, 0x27}, v8_int16 = {0x1860, 0x2c00, 0xc402, 0x21, 0x612, 0x10e1, 0x80f8, 0x270a}, v4_int32 = {0x2c001860, 0x21c402, 0x10e10612, 0x270a80f8}, v2_int64 = {
    0x21c4022c001860, 0x270a80f810e10612}, uint128 = 0x270a80f810e106120021c4022c001860}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x8000000000000000}, v16_int8 = {0x0, 0x8, 0x4, 0xf, 0xf0, 0x10, 0x8, 0x1d, 0xf0, 0x20, 0x10, 0x38,
    0xf, 0xc0, 0x20, 0x7f}, v8_int16 = {0x800, 0xf04, 0x10f0, 0x1d08, 0x20f0, 0x3810, 0xc00f, 0x7f20}, v4_int32 = {0xf040800, 0x1d0810f0, 0x381020f0, 0x7f20c00f},
  v2_int64 = {0x1d0810f00f040800, 0x7f20c00f381020f0}, uint128 = 0x7f20c00f381020f01d0810f00f040800}
xmm7           {v4_float = {0x0, 0x0, 0x1fa00000, 0x4}, v2_double = {0x8000000000000000, 0x7c0}, v16_int8 = {0x9f, 0x80, 0x40, 0xe0, 0x7d, 0x0, 0x81, 0xfe, 0xfa, 0x1,
    0x5, 0x55, 0x0, 0x0, 0x9f, 0x40}, v8_int16 = {0x809f, 0xe040, 0x7d, 0xfe81, 0x1fa, 0x5505, 0x0, 0x409f}, v4_int32 = {0xe040809f, 0xfe81007d, 0x550501fa,
    0x409f0000}, v2_int64 = {0xfe81007de040809f, 0x409f0000550501fa}, uint128 = 0x409f0000550501fafe81007de040809f}
mxcsr          0x9fe0   [ PE DAZ IM DM ZM OM UM PM FZ ]
mm0            {uint64 = 0xb4f6fe3434b1d97c, v2_int32 = {0x34b1d97c, 0xb4f6fe34}, v4_int16 = {0xd97c, 0x34b1, 0xfe34, 0xb4f6}, v8_int8 = {0x7c, 0xd9, 0xb1, 0x34, 0x34,
    0xfe, 0xf6, 0xb4}}
mm1            {uint64 = 0xb55f8dccb691785a, v2_int32 = {0xb691785a, 0xb55f8dcc}, v4_int16 = {0x785a, 0xb691, 0x8dcc, 0xb55f}, v8_int8 = {0x5a, 0x78, 0x91, 0xb6, 0xcc,
    0x8d, 0x5f, 0xb5}}
mm2            {uint64 = 0xf927390000000000, v2_int32 = {0x0, 0xf9273900}, v4_int16 = {0x0, 0x0, 0x3900, 0xf927}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x39, 0x27, 0xf9}}
mm3            {uint64 = 0xfe00000000000000, v2_int32 = {0x0, 0xfe000000}, v4_int16 = {0x0, 0x0, 0x0, 0xfe00}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm5            {uint64 = 0xa33dd1fcfc000000, v2_int32 = {0xfc000000, 0xa33dd1fc}, v4_int16 = {0x0, 0xfc00, 0xd1fc, 0xa33d}, v8_int8 = {0x0, 0x0, 0x0, 0xfc, 0xfc, 0xd1,
    0x3d, 0xa3}}
mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7            {uint64 = 0xa700000000000000, v2_int32 = {0x0, 0xa7000000}, v4_int16 = {0x0, 0x0, 0x0, 0xa700}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa7}}
(gdb)

[Carl Eugen Hoyos]

Please test this patch:

diff --git a/libavformat/spdifenc.c b/libavformat/spdifenc.c
index 9514ff8..4307942 100644
--- a/libavformat/spdifenc.c
+++ b/libavformat/spdifenc.c
@@ -422,8 +422,13 @@ static int spdif_header_truehd(AVFormatContext *s, AVPacket *pkt)

     memcpy(&ctx->hd_buf[ctx->hd_buf_count * TRUEHD_FRAME_OFFSET - BURST_HEADER_SIZE + mat_code_length],
            pkt->data, pkt->size);
-    memset(&ctx->hd_buf[ctx->hd_buf_count * TRUEHD_FRAME_OFFSET - BURST_HEADER_SIZE + mat_code_length + pkt->size],
-           0, TRUEHD_FRAME_OFFSET - pkt->size - mat_code_length);
+    if (ctx->hd_buf_count < 23) {
+        memset(&ctx->hd_buf[ctx->hd_buf_count * TRUEHD_FRAME_OFFSET - BURST_HEADER_SIZE + mat_code_length + pkt->size],
+               0, TRUEHD_FRAME_OFFSET - pkt->size - mat_code_length);
+    } else {
+        size_t padding = MAT_FRAME_SIZE - (ctx->hd_buf_count * TRUEHD_FRAME_OFFSET - BURST_HEADER_SIZE + pkt->size);
+        memset(&ctx->hd_buf[MAT_FRAME_SIZE - padding], 0, padding);
+    }

     if (++ctx->hd_buf_count < 24){
         ctx->pkt_offset = 0;

[barsnick]

Replying to cehoyos:

Please test this patch:

Good work!

This patch fixes both described crashes (the one with "-t 1" and with termination using 'q') using anoisesrc and the truehd encoder to spdif muxer.

It also fixes the crash with remuxing the TrueHD (in MKV) input file from #7731 to spdif.

[Carl Eugen Hoyos]

Should be fixed in 5247c4328bb96d1b4e2953eef722833c8dbde358, thank you for the report and the test!