[FFmpeg-trac] #1577(avformat:open): ffmpeg crashes with double free or corruption when stream copying timecode track (was: ffmpeg crashes with double free or corruption when encode is interupted with 'q')
FFmpeg
trac at avcodec.org
Fri Jul 27 14:30:51 CEST 2012
#1577: ffmpeg crashes with double free or corruption when stream copying timecode
track
------------------------------------+------------------------------------
Reporter: rexbron | Owner:
Type: defect | Status: open
Priority: important | Component: avformat
Version: git-master | Resolution:
Keywords: crash tmcd | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
------------------------------------+------------------------------------
Changes (by cehoyos):
* status: new => open
* reproduced: 0 => 1
* component: undetermined => avformat
* priority: normal => important
* version: unspecified => git-master
* keywords: => crash tmcd
Comment:
{{{
$ valgrind ffmpeg_g -i side_effects_graded_sample_small.mov -vn -dcodec
copy -map 0:0 -f mov -y /dev/null
==28353== Memcheck, a memory error detector.
==28353== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==28353== Using LibVEX rev 1732, a library for dynamic binary translation.
==28353== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==28353== Using valgrind-3.2.3, a dynamic binary instrumentation
framework.
==28353== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==28353== For more details, rerun with: -v
==28353==
ffmpeg version N-42945-gb3841db Copyright (c) 2000-2012 the FFmpeg
developers
built on Jul 27 2012 14:21:40 with gcc 4.3.2 (GCC)
configuration: --cc=/usr/local/gcc-4.3.2/bin/gcc --disable-optimizations
libavutil 51. 65.100 / 51. 65.100
libavcodec 54. 45.100 / 54. 45.100
libavformat 54. 21.100 / 54. 21.100
libavdevice 54. 2.100 / 54. 2.100
libavfilter 3. 3.100 / 3. 3.100
libswscale 2. 1.100 / 2. 1.100
libswresample 0. 15.100 / 0. 15.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from
'side_effects_graded_sample_small.mov':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
creation_time : 1942-04-18 15:03:35
timecode : 01:00:00:00
Duration: 00:08:39.35, start: 0.000000, bitrate: 39 kb/s
Stream #0:0(eng): Data: none (tmcd / 0x64636D74)
Metadata:
creation_time : 1942-04-18 15:03:35
handler_name : Apple Alias Data Handler
timecode : 01:00:00:00
Stream #0:1(eng): Video: prores (apch / 0x68637061), yuv422p10le,
2048x1152, 198014 kb/s, SAR 1:1 DAR 16:9, 23.98 fps, 23.98 tbr, 24k tbn,
24k tbc
Metadata:
creation_time : 1942-04-19 18:09:36
handler_name : Apple Alias Data Handler
Output #0, mov, to '/dev/null':
Metadata:
major_brand : qt
minor_version : 537199360
compatible_brands: qt
timecode : 01:00:00:00
encoder : Lavf54.21.100
Stream #0:0(eng): Data: none (tmcd / 0x64636D74)
Metadata:
creation_time : 1942-04-18 15:03:35
handler_name : Apple Alias Data Handler
timecode : 01:00:00:00
Stream mapping:
Stream #0:0 -> #0:0 (copy)
Press [q] to stop, [?] for help
Truncating packet of size 4 to 1
==28353== Invalid read of size 4
==28353== at 0x8051138: print_report (ffmpeg.c:2081)
==28353== by 0x8058A6F: transcode (ffmpeg.c:3864)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353== Address 0x441ECA8 is 8 bytes inside a block of size 932 free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
size= 0kB time=00:00:00.04 bitrate= 0.0kbits/s
video:0kB audio:0kB subtitle:0 global headers:0kB muxing overhead nan%
Output file is empty, nothing was encoded (check -ss / -t / -frames
parameters if used)
==28353==
==28353== Invalid read of size 4
==28353== at 0x8859008: av_freep (mem.c:193)
==28353== by 0x8058B75: transcode (ffmpeg.c:3896)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353== Address 0x441ED04 is 100 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid write of size 4
==28353== at 0x8859015: av_freep (mem.c:194)
==28353== by 0x8058B75: transcode (ffmpeg.c:3896)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353== Address 0x441ED04 is 100 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid read of size 4
==28353== at 0x8859008: av_freep (mem.c:193)
==28353== by 0x8058BB6: transcode (ffmpeg.c:3901)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353== Address 0x441F004 is 868 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid write of size 4
==28353== at 0x8859015: av_freep (mem.c:194)
==28353== by 0x8058BB6: transcode (ffmpeg.c:3901)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353== Address 0x441F004 is 868 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid read of size 4
==28353== at 0x8859008: av_freep (mem.c:193)
==28353== by 0x81873A7: avformat_free_context (utils.c:2953)
==28353== by 0x804E2DB: exit_program (ffmpeg.c:1389)
==28353== by 0x8060E3D: main (ffmpeg.c:6142)
==28353== Address 0x441ED04 is 100 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid write of size 4
==28353== at 0x8859015: av_freep (mem.c:194)
==28353== by 0x81873A7: avformat_free_context (utils.c:2953)
==28353== by 0x804E2DB: exit_program (ffmpeg.c:1389)
==28353== by 0x8060E3D: main (ffmpeg.c:6142)
==28353== Address 0x441ED04 is 100 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid read of size 4
==28353== at 0x8859008: av_freep (mem.c:193)
==28353== by 0x81873BA: avformat_free_context (utils.c:2954)
==28353== by 0x804E2DB: exit_program (ffmpeg.c:1389)
==28353== by 0x8060E3D: main (ffmpeg.c:6142)
==28353== Address 0x441F004 is 868 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid write of size 4
==28353== at 0x8859015: av_freep (mem.c:194)
==28353== by 0x81873BA: avformat_free_context (utils.c:2954)
==28353== by 0x804E2DB: exit_program (ffmpeg.c:1389)
==28353== by 0x8060E3D: main (ffmpeg.c:6142)
==28353== Address 0x441F004 is 868 bytes inside a block of size 932
free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== Invalid free() / delete / delete[]
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x81873C8: avformat_free_context (utils.c:2955)
==28353== by 0x804E2DB: exit_program (ffmpeg.c:1389)
==28353== by 0x8060E3D: main (ffmpeg.c:6142)
==28353== Address 0x441ECA0 is 0 bytes inside a block of size 932 free'd
==28353== at 0x402243F: free (in
/usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==28353== by 0x8858FF6: av_free (mem.c:186)
==28353== by 0x8859011: av_freep (mem.c:193)
==28353== by 0x810E73E: mov_write_trailer (movenc.c:3555)
==28353== by 0x818A128: av_write_trailer (utils.c:3693)
==28353== by 0x8058A3A: transcode (ffmpeg.c:3860)
==28353== by 0x8060DB9: main (ffmpeg.c:6134)
==28353==
==28353== ERROR SUMMARY: 10 errors from 10 contexts (suppressed: 3 from 1)
==28353== malloc/free: in use at exit: 0 bytes in 0 blocks.
==28353== malloc/free: 193 allocs, 194 frees, 12,734,394 bytes allocated.
==28353== For counts of detected errors, rerun with: -v
==28353== All heap blocks were freed -- no leaks are possible.
}}}
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/1577#comment:1>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list