Opened 2 years ago

Closed 21 months ago

#9507 closed defect (fixed)

close the invalid file descriptor -1 in function v4l2_m2m_destroy_context

Reported by: sunnan Owned by: wujian
Priority: normal Component: avcodec
Version: git-master Keywords: 编码器初始化
Cc: sunnan Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description (last modified by sunnan)

Summary of the bug:
Close the invalid file descriptor -1 when init encoder failed.

How to reproduce:

% ./ffmpeg_g -y -i /home/sn/sample/PoC_ff_v4l2.mpeg -loglevel 99 /home/sn/sample/tmp.m4v

ffmpeg version N-104496-g44c65c6cc0 Copyright (c) 2000-2021 the FFmpeg developers
  built with gcc 7 (GCC)
  configuration: --enable-gpl --toolchain=valgrind-memcheck

SUSE Linux Enterprise Server 12 (x86_64)
VERSION = 12
PATCHLEVEL = 2

Here's valgring log:

% valgrind --verbose --tool=memcheck --leak-check=full --log-file="/home/sn/FFmpeg_Master_Valgrind.log" --suppressions=/home/sn/valgrind-3.17.0/valgrind_exclude.supp ./ffmpeg_g -y -i /home/sn/sample/PoC_ff_v4l2.mpeg -loglevel 0 /home/sn/sample/tmp.m4v

==1450== Memcheck, a memory error detector
==1450== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1450== Using Valgrind-3.17.0-07f0cdcbb4-20210319X and LibVEX; rerun with -h for copyright info
==1450== Command: ./ffmpeg_g -y -i /home/sn/sample/PoC_ff_v4l2.mpeg -loglevel 0 /home/sn/sample/tmp.m4v
==1450==
--1450-- Valgrind options:
--1450--    --verbose
--1450--    --tool=memcheck
--1450--    --leak-check=full
--1450--    --suppressions=/home/sn/valgrind-3.17.0/valgrind_exclude.supp
--1450-- Contents of /proc/version:
--1450--   Linux version 4.4.121-92.129-default (geeko@buildhost) (gcc version 4.8.5 (SUSE Linux) ) #1 SMP Tue May 5 08:59:01 UTC 2020 (20b3c80)
--1450--
--1450-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-rdtscp-sse3-ssse3-avx-f16c-rdrand
--1450-- Page sizes: currently 4096, max supported 4096
--1450-- Valgrind library directory: /usr/local/libexec/valgrind
--1450-- Reading syms from /home/sn/FFmpeg_Github_Master/ffmpeg_g
--1450-- Reading syms from /lib64/ld-2.22.so
--1450-- Reading syms from /usr/local/libexec/valgrind/memcheck-amd64-linux
--1450--    object doesn't have a dynamic symbol table
--1450-- Scheduler: using generic scheduler lock implementation.
--1450-- Reading suppressions file: /home/sn/valgrind-3.17.0/valgrind_exclude.supp
--1450-- Reading suppressions file: /usr/local/libexec/valgrind/default.supp
==1450== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-1450-by-root-on-szvp000007235
==1450== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-1450-by-root-on-szvp000007235
==1450== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-1450-by-root-on-szvp000007235
==1450==
==1450== TO CONTROL THIS PROCESS USING vgdb (which you probably
==1450== don't want to do, unless you know exactly what you're doing,
==1450== or are doing some strange experiment):
==1450==   /usr/local/libexec/valgrind/../../bin/vgdb --pid=1450 ...command...
==1450==
==1450== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==1450==   /path/to/gdb ./ffmpeg_g
==1450== and then give GDB the following command
==1450==   target remote | /usr/local/libexec/valgrind/../../bin/vgdb --pid=1450
==1450== --pid is optional if only one valgrind process is running
==1450==
--1450-- REDIR: 0x4018390 (ld-linux-x86-64.so.2:strlen) redirected to 0x580d9b32 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--1450-- REDIR: 0x40180f0 (ld-linux-x86-64.so.2:index) redirected to 0x580d9b4c (vgPlain_amd64_linux_REDIR_FOR_index)
--1450-- Reading syms from /usr/local/libexec/valgrind/vgpreload_core-amd64-linux.so
--1450-- Reading syms from /usr/local/libexec/valgrind/vgpreload_memcheck-amd64-linux.so
==1450== WARNING: new redirection conflicts with existing -- ignoring it
--1450--     old: 0x04018390 (strlen              ) R-> (0000.0) 0x580d9b32 vgPlain_amd64_linux_REDIR_FOR_strlen
--1450--     new: 0x04018390 (strlen              ) R-> (2007.0) 0x04c305a0 strlen
--1450-- REDIR: 0x4018310 (ld-linux-x86-64.so.2:strcmp) redirected to 0x4c316d0 (strcmp)
--1450-- REDIR: 0x4019090 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4c358f0 (mempcpy)
--1450-- Reading syms from /lib64/libachk.so
--1450-- Reading syms from /lib64/libm-2.22.so
--1450-- Reading syms from /usr/local/lib/libz.so.1.2.11
--1450-- Reading syms from /usr/lib64/liblzma.so.5.0.5
--1450--    object doesn't have a symbol table
--1450-- Reading syms from /lib64/libpthread-2.22.so
--1450-- Reading syms from /lib64/libc-2.22.so
--1450-- Reading syms from /lib64/libdl-2.22.so
--1450-- Reading syms from /lib64/librt-2.22.so
--1450-- REDIR: 0x5a21440 (libc.so.6:strcasecmp) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a1cd20 (libc.so.6:strcspn) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a23730 (libc.so.6:strncasecmp) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a1f1b0 (libc.so.6:strpbrk) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a1f530 (libc.so.6:strspn) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a20b40 (libc.so.6:memcpy@GLIBC_2.2.5) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a1eec0 (libc.so.6:rindex) redirected to 0x4c2ff20 (rindex)
--1450-- REDIR: 0x5a1b770 (libc.so.6:strcmp) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a2d0f0 (libc.so.6:__strcmp_sse2_unaligned) redirected to 0x4c31590 (strcmp)
--1450-- REDIR: 0x5a1d1c0 (libc.so.6:strlen) redirected to 0x4c304e0 (strlen)
--1450-- REDIR: 0x5a196a0 (libc.so.6:posix_memalign) redirected to 0x4c2f745 (posix_memalign)
--1450-- REDIR: 0x5a20bb0 (libc.so.6:memset) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a20c20 (libc.so.6:__GI_memset) redirected to 0x4c347c0 (memset)
--1450-- REDIR: 0x5a17c80 (libc.so.6:realloc) redirected to 0x4c2f479 (realloc)
--1450-- REDIR: 0x5a17bf0 (libc.so.6:free) redirected to 0x4c2cf81 (free)
--1450-- REDIR: 0x5a25e10 (libc.so.6:memcpy@@GLIBC_2.14) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a2d3a0 (libc.so.6:__memcpy_sse2_unaligned) redirected to 0x4c31bd0 (memcpy@@GLIBC_2.14)
--1450-- REDIR: 0x5ac14a0 (libc.so.6:__strspn_sse42) redirected to 0x4c35d90 (strspn)
--1450-- REDIR: 0x5a1b520 (libc.so.6:index) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a1b550 (libc.so.6:__GI_strchr) redirected to 0x4c30080 (__GI_strchr)
--1450-- REDIR: 0x5a1cc00 (libc.so.6:strcpy) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a33550 (libc.so.6:__strcpy_sse2_unaligned) redirected to 0x4c305c0 (strcpy)
--1450-- REDIR: 0x5a17f60 (libc.so.6:calloc) redirected to 0x4c2f237 (calloc)
--1450-- REDIR: 0x5a17540 (libc.so.6:malloc) redirected to 0x4c2a693 (malloc)
--1450-- REDIR: 0x5a27e10 (libc.so.6:strchrnul) redirected to 0x4c35420 (strchrnul)
--1450-- REDIR: 0x5a1ee80 (libc.so.6:strncpy) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a33b80 (libc.so.6:__strncpy_sse2_unaligned) redirected to 0x4c30ad0 (__strncpy_sse2_unaligned)
--1450-- REDIR: 0x5a1ffd0 (libc.so.6:strstr) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5a37bf0 (libc.so.6:__strstr_sse2_unaligned) redirected to 0x4c35ae0 (strstr)
--1450-- REDIR: 0x5a1fb10 (libc.so.6:__GI_strstr) redirected to 0x4c35b60 (__strstr_sse2)
--1450-- REDIR: 0x5a20210 (libc.so.6:memchr) redirected to 0x4c31770 (memchr)
--1450-- REDIR: 0x5a25ea0 (libc.so.6:__GI_memcpy) redirected to 0x4c323f0 (__GI_memcpy)
--1450-- REDIR: 0x5a1b7b0 (libc.so.6:__GI_strcmp) redirected to 0x4c315e0 (__GI_strcmp)
--1450-- REDIR: 0x5a205a0 (libc.so.6:__GI_memcmp) redirected to 0x4c33d00 (__GI_memcmp)
--1450-- REDIR: 0x5ad50a0 (libc.so.6:__memmove_ssse3_back) redirected to 0x4c31850 (memcpy@GLIBC_2.2.5)
--1450-- REDIR: 0x5a27c00 (libc.so.6:rawmemchr) redirected to 0x4c35450 (rawmemchr)
--1450-- REDIR: 0x5a20560 (libc.so.6:bcmp) redirected to 0x4a23758 (_vgnU_ifunc_wrapper)
--1450-- REDIR: 0x5ae5070 (libc.so.6:__memcmp_sse4_1) redirected to 0x4c33e60 (__memcmp_sse4_1)
--1450-- REDIR: 0x5a20df0 (libc.so.6:__GI_mempcpy) redirected to 0x4c35620 (__GI_mempcpy)
--1450-- REDIR: 0x5a209a0 (libc.so.6:__GI_memmove) redirected to 0x4c34c50 (__GI_memmove)
==1450== Warning: invalid file descriptor -1 in syscall close()
==1450==    at 0x578ED7D: ??? (in /lib64/libpthread-2.22.so)
==1450==    by 0x1112CA6: v4l2_m2m_destroy_context (v4l2_m2m.c:331)
==1450==    by 0x1274CAE: buffer_replace (buffer.c:133)
==1450==    by 0x1274CAE: av_buffer_unref (buffer.c:144)
==1450==    by 0x111307C: ff_v4l2_m2m_codec_end (v4l2_m2m.c:360)
==1450==    by 0x426DC4: avcodec_close (avcodec.c:461)
==1450==    by 0x8E72D6: avcodec_open2 (avcodec.c:375)
==1450==    by 0x4A2B3E: init_output_stream (ffmpeg.c:3593)
==1450==    by 0x4A2B3E: init_output_stream_wrapper (ffmpeg.c:993)
==1450==    by 0x4A4928: do_video_out (ffmpeg.c:1161)
==1450==    by 0x4A5CE2: reap_filters (ffmpeg.c:1564)
==1450==    by 0x4AA2CC: transcode_step (ffmpeg.c:4773)
==1450==    by 0x4AA2CC: transcode (ffmpeg.c:4817)
==1450==    by 0x485BBC: main (ffmpeg.c:5021)
==1450==
==1450== HEAP SUMMARY:
==1450==     in use at exit: 167 bytes in 2 blocks
==1450==   total heap usage: 4,317 allocs, 4,315 frees, 4,286,520 bytes allocated
==1450==
==1450== Searching for pointers to 2 not-freed blocks
==1450== Checked 7,383,648 bytes
==1450==
==1450== LEAK SUMMARY:
==1450==    definitely lost: 0 bytes in 0 blocks
==1450==    indirectly lost: 0 bytes in 0 blocks
==1450==      possibly lost: 0 bytes in 0 blocks
==1450==    still reachable: 167 bytes in 2 blocks
==1450==         suppressed: 0 bytes in 0 blocks
==1450== Reachable blocks (those to which a pointer was found) are not shown.
==1450== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==1450==
==1450== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 1)
--1450--
--1450-- used_suppression:      2 do_not_check_libachk_so /home/sn/valgrind-3.17.0/valgrind_exclude.supp:2
==1450==
==1450== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 1)

Attachments (1)

PoC_ff_v4l2.mpeg (830.0 KB ) - added by sunnan 2 years ago.

Download all attachments as: .zip

Change History (6)

by sunnan, 2 years ago

Attachment: PoC_ff_v4l2.mpeg added

comment:1 by sunnan, 2 years ago

Description: modified (diff)

comment:2 by sunnan, 2 years ago

Status: newopen

This issue is introduced by ticket https://trac.ffmpeg.org/ticket/8285.

The causes of the issue are preliminarily located as follows:
The device file of /dev/video is not found. As a result, the v4l2m2m encoder fails to be initialized. In this case, the file descriptor is -1. Then execute the close function of the encoder. When executing the v4l2_m2m_destroy_context function, close the file descriptor -1 directly.

Last edited 2 years ago by sunnan (previous) (diff)

comment:3 by wujian, 22 months ago

Owner: set to wujian

I will fix it

comment:5 by Wujian(Chin), 21 months ago

Resolution: fixed
Status: openclosed

The master has been integrated.https://patchwork.ffmpeg.org/project/ffmpeg/patch/bbdc6e9eb43844aea1923c0cf1fbae4a@huawei.com/

Note: See TracTickets for help on using tickets.