[Ffmpeg-devel] Missing image file input causes glibc to report "double free" error

Gregory Davis mailing-list
Wed Sep 28 01:29:16 CEST 2005 

Syndrome:
*** glibc detected *** double free or corruption (!prev): 0x083dc270 ***

----------------------------------------------------------------------
Description:

The problem below was encountered while trying to convert a
subdirectory containing many JPEG images saved at different times
during the day, and containing the time of day in the filename.
Unfortunately, none of the images were saved in the first 5 seconds of
the day, nor are they consectutive afterwards.  I did not understand
the limitation of the "timeofday%06d.jpg" format, that it must find
"timeofday000000.jpg", "timeofday000001.jpg",
"timeofday000002.jpg", "timeofday000003.jpg", or
"timeofday000004.jpg".

----------------------------------------------------------------------
Before patch:

bash-3.00$ ffmpeg -f image -img jpeg -i timeofday%06d.jpg
ffmpeg-test/day.mpg
ffmpeg version CVS, build 3276800, Copyright (c) 2000-2004 Fabrice
Bellard
  configuration:  
  built on Sep 27 2005 13:03:46, gcc: 3.4.3 (Mandrakelinux 10.2
3.4.3-7mdk)
*** glibc detected *** double free or corruption (!prev): 0x083dc270 ***
Aborted
bash-3.00$ 

----------------------------------------------------------------------
After patch:

bash-3.00$ ffmpeg -f image -img jpeg -i timeofday%06d.jpg
ffmpeg-test/day.mpg
ffmpeg version CVS, build 3276800, Copyright (c) 2000-2004 Fabrice
Bellard
  configuration:  
  built on Sep 27 2005 14:21:30, gcc: 3.4.3 (Mandrakelinux 10.2
3.4.3-7mdk)
timeofday%06d.jpg: I/O error occured
Usually that means that input file is truncated and/or corrupted.
bash-3.00$ 

----------------------------------------------------------------------
Patch:

Removed the calls to "av_free" from: 
  "libavformat/image.c:img_read_header()".
These calls free up a memory allocation that will later be freed in
the routine where it was allocated:
  "libavformat/utils.c:av_open_input_stream()".

Index: img.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavformat/img.c,v
retrieving revision 1.41
diff -u -r1.41 img.c
--- img.c	17 Jul 2005 22:24:35 -0000	1.41
+++ img.c	27 Sep 2005 21:53:42 -0000
@@ -116,7 +116,6 @@
 
     st = av_new_stream(s1, 0);
     if (!st) {
-        av_free(s);
         return -ENOMEM;
     }
 
@@ -178,7 +177,6 @@
     if (!s->is_pipe)
         url_fclose(f);
  fail:
-    av_free(s);
     return AVERROR_IO;
 }

More information about the ffmpeg-devel mailing list