[FFmpeg-trac] #3773(avfilter:new): regression: h264_mp4toannexb crashes

FFmpeg trac at avcodec.org
Wed Jul 16 18:01:14 CEST 2014


#3773: regression: h264_mp4toannexb crashes
----------------------------------+---------------------------------------
             Reporter:  vi        |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avfilter  |                  Version:  unspecified
             Keywords:  h264      |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+---------------------------------------
 How to reproduce:
 {{{
 % ffmpeg -i somevideo.mp4 -an -vcodec copy -bsf h264_mp4toannexb -f h264
 -y /dev/null
 }}}

 Starting from commit 07941c2cb28d6a80f628e035d61ab437d9719bf0 (according
 to git-bisect) to current master's
 9bc0410e4f891719b54a5788665526e22d94bb50.

 ef1d4ee2f8b621a009d482d5b183a905bcb1cd74 works well.

 MALLOC_CHECK_=1 works around the problem, the problem is clearly seen in
 valgrind.

 {{{
 ==5806== Invalid read of size 4
 ==5806==    at 0x80F527A: av_packet_free_side_data (avpacket.c:276)
 ==5806==    by 0x80F531D: av_free_packet (avpacket.c:296)
 ==5806==    by 0x80D5144: av_interleaved_write_frame (mux.c:898)
 ==5806==    by 0x8061114: write_frame (ffmpeg.c:689)
 ==5806==    by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
 ==5806==    by 0x80688E9: output_packet (ffmpeg.c:2187)
 ==5806==    by 0x806EB49: process_input (ffmpeg.c:3515)
 ==5806==    by 0x744F584: (below main) (libc-start.c:276)
 ==5806==  Address 0x7aa96e0 is 0 bytes inside a block of size 12 free'd
 ==5806==    at 0x4D5050C: free (vg_replace_malloc.c:427)
 ==5806==    by 0x8436EC6: av_free (mem.c:232)
 ==5806==    by 0x8436EE3: av_freep (mem.c:239)
 ==5806==    by 0x80F52A4: av_packet_free_side_data (avpacket.c:277)
 ==5806==    by 0x80F531D: av_free_packet (avpacket.c:296)
 ==5806==    by 0x8060A04: write_frame (ffmpeg.c:621)
 ==5806==    by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
 ==5806==    by 0x80688E9: output_packet (ffmpeg.c:2187)
 ==5806==    by 0x806EB49: process_input (ffmpeg.c:3515)
 ==5806==    by 0x744F584: (below main) (libc-start.c:276)
 ==5806==
 ==5806== Invalid free() / delete / delete[] / realloc()
 ==5806==    at 0x4D5050C: free (vg_replace_malloc.c:427)
 ==5806==    by 0x8436EC6: av_free (mem.c:232)
 ==5806==    by 0x80F5283: av_packet_free_side_data (avpacket.c:276)
 ==5806==    by 0x80F531D: av_free_packet (avpacket.c:296)
 ==5806==    by 0x80D5144: av_interleaved_write_frame (mux.c:898)
 ==5806==    by 0x8061114: write_frame (ffmpeg.c:689)
 ==5806==    by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
 ==5806==    by 0x80688E9: output_packet (ffmpeg.c:2187)
 ==5806==    by 0x806EB49: process_input (ffmpeg.c:3515)
 ==5806==    by 0x744F584: (below main) (libc-start.c:276)
 ==5806==  Address 0x9354340 is 0 bytes inside a block of size 68 free'd
 ==5806==    at 0x4D5050C: free (vg_replace_malloc.c:427)
 ==5806==    by 0x8436EC6: av_free (mem.c:232)
 ==5806==    by 0x80F5283: av_packet_free_side_data (avpacket.c:276)
 ==5806==    by 0x80F531D: av_free_packet (avpacket.c:296)
 ==5806==    by 0x8060A04: write_frame (ffmpeg.c:621)
 ==5806==    by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
 ==5806==    by 0x80688E9: output_packet (ffmpeg.c:2187)
 ==5806==    by 0x806EB49: process_input (ffmpeg.c:3515)
 ==5806==    by 0x744F584: (below main) (libc-start.c:276)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3773>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list