[FFmpeg-trac] #8282(undetermined:new): invalid free at libavutil/dict.c:209
FFmpeg
trac at avcodec.org
Tue Oct 15 20:16:01 EEST 2019
#8282: invalid free at libavutil/dict.c:209
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There is an invalid free at libavutil/dict.c:209
How to reproduce:
{{{
% ffmpeg_g -y -i $PoC -filter_complex gblur -target dv50 -loglevel 0
tmp.fsb
ffmpeg version N-95385-ge1b89c76f6 Copyright (c) 2000-2019 the FFmpeg
developers
built with clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
}}}
Here's GDB log
{{{
free(): invalid next size (fast)
Thread 1 "ffmpeg_g" received signal SIGABRT, Aborted.
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff5cb2801 in __GI_abort () at abort.c:79
#2 0x00007ffff5cfb897 in __libc_message (action=action at entry=do_abort,
fmt=fmt at entry=0x7ffff5e28b9a "%s\n") at
../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff5d0290a in malloc_printerr (
str=str at entry=0x7ffff5e2a800 "free(): invalid next size (fast)") at
malloc.c:5350
#4 0x00007ffff5d09f60 in _int_free (have_lock=0, p=0x9132d50,
av=0x7ffff605dc40 <main_arena>)
at malloc.c:4213
#5 __GI___libc_free (mem=0x9132d60) at malloc.c:3124
#6 0x00000000058ca92f in av_dict_free (pm=0x7fffffffbfa8) at
libavutil/dict.c:209
#7 0x000000000591bf1d in av_opt_set_dict2 (obj=0x93048c0,
options=<optimized out>, search_flags=0)
at libavutil/opt.c:1621
#8 0x000000000344a249 in avcodec_open2 (avctx=0x9304440, codec=0x6d47b10
<ff_dvvideo_encoder>,
options=<optimized out>) at libavcodec/utils.c:640
#9 0x00000000021540d9 in ff_frame_thread_encoder_init (avctx=0x9111c40,
options=0x9182440)
at libavcodec/frame_thread_encoder.c:220
#10 0x000000000344d160 in avcodec_open2 (avctx=0x9111c40, codec=0x6d47b10
<ff_dvvideo_encoder>,
options=<optimized out>) at libavcodec/utils.c:740
#11 0x00000000004a67f2 in init_output_stream (ost=<optimized out>,
error=<optimized out>,
error_len=1024) at fftools/ffmpeg.c:3507
#12 0x00000000004bff96 in reap_filters (flush=0) at fftools/ffmpeg.c:1442
#13 0x000000000048d612 in transcode_step () at fftools/ffmpeg.c:4638
#14 transcode () at fftools/ffmpeg.c:4682
#15 0x0000000000487d54 in main (argc=11, argv=<optimized out>) at
fftools/ffmpeg.c:4884
}}}
ASAN log
{{{
==20551==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x60900000a840 in thread T0
#0 0x4ddbe0 in __interceptor_free.localalias.0 (ffmpeg_asan+0x4ddbe0)
#1 0x81a8f7 in avfilter_free ffmpeg/libavfilter/avfilter.c:771:9
#2 0x835347 in avfilter_graph_free
ffmpeg/libavfilter/avfiltergraph.c:126:9
#3 0x5dbdf9 in ffmpeg_cleanup ffmpeg/fftools/ffmpeg.c:494:9
#4 0x5afb04 in exit_program ffmpeg/fftools/cmdutils.c:139:9
#5 0x5db8e2 in main ffmpeg/fftools/ffmpeg.c:4901:5
#6 0x7ffff5c93b96 in __libc_start_main /build/glibc-
OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#7 0x41def9 in _start (ffmpeg_asan+0x41def9)
0x60900000a840 is located 0 bytes inside of 97902940-byte region
[0x60900000a840,0x609005d6899c)
==20551==AddressSanitizer CHECK failed: /build/llvm-toolchain-6.0-QjOn7h
/llvm-toolchain-6.0-6.0/projects/compiler-
rt/lib/asan/asan_descriptions.cc:179 "((res.trace)) != (0)" (0x0, 0x0)
#0 0x4e6f05 in __asan::AsanCheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long) (ffmpeg_asan+0x4e6f05)
#1 0x5047b5 in __sanitizer::CheckFailed(char const*, int, char const*,
unsigned long long, unsigned long long) (ffmpeg_asan+0x5047b5)
#2 0x42cc4c in __asan::HeapAddressDescription::Print() const
(ffmpeg_asan+0x42cc4c)
#3 0x42e1bb in __asan::ErrorFreeNotMalloced::Print()
(ffmpeg_asan+0x42e1bb)
#4 0x4e46a3 in __asan::ReportFreeNotMalloced(unsigned long,
__sanitizer::BufferedStackTrace*) (ffmpeg_asan+0x4e46a3)
#5 0x42941f in __asan::asan_free(void*,
__sanitizer::BufferedStackTrace*, __asan::AllocType)
(ffmpeg_asan+0x42941f)
#6 0x4ddbba in __interceptor_free.localalias.0 (ffmpeg_asan+0x4ddbba)
#7 0x81a8f7 in avfilter_free ffmpeg/libavfilter/avfilter.c:771:9
#8 0x835347 in avfilter_graph_free
ffmpeg/libavfilter/avfiltergraph.c:126:9
#9 0x5dbdf9 in ffmpeg_cleanup ffmpeg/fftools/ffmpeg.c:494:9
#10 0x5afb04 in exit_program ffmpeg/fftools/cmdutils.c:139:9
#11 0x5db8e2 in main ffmpeg/fftools/ffmpeg.c:4901:5
#12 0x7ffff5c93b96 in __libc_start_main /build/glibc-
OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#13 0x41def9 in _start (ffmpeg_asan+0x41def9)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8282>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list