[FFmpeg-devel] Possible memory leaks in dshow capture

Oliver Collyer ovcollyer at mac.com
Wed Jan 2 16:52:52 EET 2019



> On 2 Jan 2019, at 11:30, Oliver Collyer <ovcollyer at mac.com> wrote:
> 
> 
> 
>> On 1 Jan 2019, at 23:58, James Almer <jamrial at gmail.com> wrote:
>> 
>> On 1/1/2019 5:01 PM, Oliver Collyer wrote:
>>> ---------- Block 26224 at 0x0000000074240F70: 151 bytes ----------
>>> Leak Hash: 0x357CD5AF, Count: 1, Total 151 bytes
>>> Call Stack (TID 55752):
>>>   ucrtbased.dll!aligned_malloc()
>>>   c:\ffmpeg\source\ffmpeg\libavutil\mem.c (90): emu-server.exe!av_malloc() + 0x10 bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_pin.c (213): emu-server.exe!libAVPin_Setup() + 0xA bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_pin.c (252): emu-server.exe!libAVPin_Create() + 0x9B bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_filter.c (184): emu-server.exe!libAVFilter_Setup() + 0xA bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_filter.c (198): emu-server.exe!libAVFilter_Create() + 0xA8 bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow.c (809): emu-server.exe!dshow_open_device() + 0x1C bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow.c (1150): emu-server.exe!dshow_read_header() + 0x18 bytes
>>>   c:\ffmpeg\source\ffmpeg\libavformat\utils.c (631): emu-server.exe!avformat_open_input() + 0x11 bytes
>>>   c:\users\oliver\perforce\non-si\emu\shared\dsdevice_streaming_session.cpp (1142): emu-server.exe!DSDEVICE_STREAMING_SESSION::CAPTURE_THREAD::thread_run() + 0x23 bytes
>>>   c:\users\oliver\perforce\non-si\emu\shared\thread_base.cpp (241): emu-server.exe!THREAD_BASE::thread_func() + 0xE bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\type_traits (16707566): emu-server.exe!std::_Invoker_functor::_Call<int (__cdecl*)(void *),void *>() + 0x2B bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\type_traits (16707566): emu-server.exe!std::invoke<int (__cdecl*)(void *),void *>() + 0x31 bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (239): emu-server.exe!std::_LaunchPad<std::unique_ptr<std::tuple<int (__cdecl*)(void *),void *>,std::default_delete<std::tuple<int (__cdecl*)(void *),void *> > > >::_Execute<0,1>()
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (245): emu-server.exe!std::_LaunchPad<std::unique_ptr<std::tuple<int (__cdecl*)(void *),void *>,std::default_delete<std::tuple<int (__cdecl*)(void *),void *> > > >::_Run() + 0x19 bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (231): emu-server.exe!std::_LaunchPad<std::unique_ptr<std::tuple<int (__cdecl*)(void *),void *>,std::default_delete<std::tuple<int (__cdecl*)(void *),void *> > > >::_Go()
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (209): emu-server.exe!std::_Pad::_Call_func()
>>>   ucrtbased.dll!register_onexit_function() + 0x4A8 bytes
>>>   ucrtbased.dll!register_onexit_function() + 0xE1 bytes
>>>   KERNEL32.DLL!BaseThreadInitThunk() + 0x14 bytes
>>>   ntdll.dll!RtlUserThreadStart() + 0x21 bytes
>>> Data:
>>>   70 0F 24 74    46 02 00 00    ED ED ED ED    ED ED ED ED     p.$tF... ........
>>>   36 DE C8 49    F7 7F 00 00    68 F0 CA 49    F7 7F 00 00     6..I.... h..I....
>>>   8D 99 CA 49    F7 7F 00 00    1F D6 C9 49    F7 7F 00 00     ...I.... ...I....
>>>   C9 9E CA 49    F7 7F 00 00    B7 FD C8 49    F7 7F 00 00     ...I.... ...I....
>>>   22 EC C9 49    F7 7F 00 00    7E E1 C8 49    F7 7F 00 00     "..I.... ~..I....
>>>   3B 82 CA 49    F7 7F 00 00    CD CD CD CD    CD CD CD CD     ;..I.... ........
>>>   CD CD CD CD    CD CD CD CD    CD CD CD CD    CD CD CD CD     ........ ........
>>>   CD CD CD CD    CD CD CD CD    CD CD CD CD    CD CD CD CD     ........ ........
>>>   CD CD CD CD    CD CD CD CD    CD CD CD CD    CD CD CD CD     ........ ........
>>>   CD CD CD CD    CD CD CD                                      ........ ........
>>> 
>>> 
>>> ---------- Block 26879 at 0x0000000074242E10: 151 bytes ----------
>>> Leak Hash: 0xA886255F, Count: 1, Total 151 bytes
>>> Call Stack (TID 55752):
>>>   ucrtbased.dll!aligned_malloc()
>>>   c:\ffmpeg\source\ffmpeg\libavutil\mem.c (90): emu-server.exe!av_malloc() + 0x10 bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_pin.c (213): emu-server.exe!libAVPin_Setup() + 0xA bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_pin.c (252): emu-server.exe!libAVPin_Create() + 0x9B bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_filter.c (184): emu-server.exe!libAVFilter_Setup() + 0xA bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow_filter.c (198): emu-server.exe!libAVFilter_Create() + 0xA8 bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow.c (809): emu-server.exe!dshow_open_device() + 0x1C bytes
>>>   c:\ffmpeg\source\ffmpeg\libavdevice\dshow.c (1157): emu-server.exe!dshow_read_header() + 0x1E bytes
>>>   c:\ffmpeg\source\ffmpeg\libavformat\utils.c (631): emu-server.exe!avformat_open_input() + 0x11 bytes
>>>   c:\users\oliver\perforce\non-si\emu\shared\dsdevice_streaming_session.cpp (1142): emu-server.exe!DSDEVICE_STREAMING_SESSION::CAPTURE_THREAD::thread_run() + 0x23 bytes
>>>   c:\users\oliver\perforce\non-si\emu\shared\thread_base.cpp (241): emu-server.exe!THREAD_BASE::thread_func() + 0xE bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\type_traits (16707566): emu-server.exe!std::_Invoker_functor::_Call<int (__cdecl*)(void *),void *>() + 0x2B bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\type_traits (16707566): emu-server.exe!std::invoke<int (__cdecl*)(void *),void *>() + 0x31 bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (239): emu-server.exe!std::_LaunchPad<std::unique_ptr<std::tuple<int (__cdecl*)(void *),void *>,std::default_delete<std::tuple<int (__cdecl*)(void *),void *> > > >::_Execute<0,1>()
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (245): emu-server.exe!std::_LaunchPad<std::unique_ptr<std::tuple<int (__cdecl*)(void *),void *>,std::default_delete<std::tuple<int (__cdecl*)(void *),void *> > > >::_Run() + 0x19 bytes
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (231): emu-server.exe!std::_LaunchPad<std::unique_ptr<std::tuple<int (__cdecl*)(void *),void *>,std::default_delete<std::tuple<int (__cdecl*)(void *),void *> > > >::_Go()
>>>   c:\program files (x86)\microsoft visual studio\2017\community\vc\tools\msvc\14.16.27023\include\thr\xthread (209): emu-server.exe!std::_Pad::_Call_func()
>>>   ucrtbased.dll!register_onexit_function() + 0x4A8 bytes
>>>   ucrtbased.dll!register_onexit_function() + 0xE1 bytes
>>>   KERNEL32.DLL!BaseThreadInitThunk() + 0x14 bytes
>>>   ntdll.dll!RtlUserThreadStart() + 0x21 bytes
>>> Data:
>>>   CD CD CD CD    CD CD CD CD    CD CD CD CD    CD CD CD CD     ........ ........
>>>   CD CD CD CD    CD CD CD CD    CD CD CD CD    CD CD CD CD     ........ ........
>>>   10 2E 24 74    46 02 00 00    ED ED ED ED    ED ED ED ED     ..$tF... ........
>>>   36 DE C8 49    F7 7F 00 00    68 F0 CA 49    F7 7F 00 00     6..I.... h..I....
>>>   8D 99 CA 49    F7 7F 00 00    1F D6 C9 49    F7 7F 00 00     ...I.... ...I....
>>>   C9 9E CA 49    F7 7F 00 00    B7 FD C8 49    F7 7F 00 00     ...I.... ...I....
>>>   22 EC C9 49    F7 7F 00 00    7E E1 C8 49    F7 7F 00 00     "..I.... ~..I....
>>>   3B 82 CA 49    F7 7F 00 00    CD CD CD CD    CD CD CD CD     ;..I.... ........
>>>   CD CD CD CD    CD CD CD CD    CD CD CD CD    CD CD CD CD     ........ ........
>>>   CD CD CD CD    CD CD CD                                      ........ ........
>> 
>> Does the attached (untested) patch fix these two for you?
> 
> Yes it does, thank you.
> 
> I've worked through the others, and here is a patch that fixes them.
> 
> ======
> 
> diff --git a/libavdevice/dshow.c b/libavdevice/dshow.c
> index 25481580af..ac05ab6cdb 100644
> --- a/libavdevice/dshow.c
> +++ b/libavdevice/dshow.c
> @@ -278,12 +278,12 @@ dshow_cycle_devices(AVFormatContext *avctx, ICreateDevEnum *devenum,
>                     goto fail1;
>                 }
>                 *device_unique_name = unique_name;
> +                unique_name = NULL;
>                 // success, loop will end now
>             }
>         } else {
>             av_log(avctx, AV_LOG_INFO, " \"%s\"\n", friendly_name);
>             av_log(avctx, AV_LOG_INFO, "    Alternative name \"%s\"\n", unique_name);
> -            av_free(unique_name);
>         }
> 
> fail1:
> @@ -291,8 +291,9 @@ fail1:
>             IMalloc_Free(co_malloc, olestr);
>         if (bind_ctx)
>             IBindCtx_Release(bind_ctx);
> -        av_free(friendly_name);
> -        if (bag)
> +        av_freep(&friendly_name);
> +        av_freep(&unique_name);
> +        if (bag)
>             IPropertyBag_Release(bag);
>         IMoniker_Release(m);
>     }
> @@ -941,6 +942,8 @@ dshow_add_device(AVFormatContext *avctx,
>     AVStream *st;
>     int ret = AVERROR(EIO);
> 
> +    type.pbFormat = NULL;
> +
>     st = avformat_new_stream(avctx, NULL);
>     if (!st) {
>         ret = AVERROR(ENOMEM);
> @@ -989,7 +992,8 @@ dshow_add_device(AVFormatContext *avctx,
>             if (par->codec_id == AV_CODEC_ID_NONE) {
>                 av_log(avctx, AV_LOG_ERROR, "Unknown compression type. "
>                                  "Please report type 0x%X.\n", (int) bih->biCompression);
> -                return AVERROR_PATCHWELCOME;
> +                ret = AVERROR_PATCHWELCOME;
> +                goto error;
>             }
>             par->bits_per_coded_sample = bih->biBitCount;
>         } else {
> @@ -1030,6 +1034,8 @@ dshow_add_device(AVFormatContext *avctx,
>     ret = 0;
> 
> error:
> +.   if (type.pbFormat)
> +.       CoTaskMemFree(type.pbFormat);
>     return ret;
> }
> 
> diff --git a/libavdevice/dshow_pin.c b/libavdevice/dshow_pin.c
> index 664246da92..12e508bf01 100644
> --- a/libavdevice/dshow_pin.c
> +++ b/libavdevice/dshow_pin.c
> @@ -249,8 +249,20 @@ libAVPin_Setup(libAVPin *this, libAVFilter *filter)
> 
>     return 1;
> }
> +
> +static void
> +libAVPin_Free(libAVPin *this)
> +{
> +    if (!this)
> +        return;
> +    av_freep(&this->imemvtbl);
> +    if (this->type.pbFormat) {
> +        CoTaskMemFree(this->type.pbFormat);
> +        this->type.pbFormat = NULL;
> +    }
> +}
> DECLARE_CREATE(libAVPin, libAVPin_Setup(this, filter), libAVFilter *filter)
> -DECLARE_DESTROY(libAVPin, nothing)
> +DECLARE_DESTROY(libAVPin, libAVPin_Free)
> 
> /*****************************************************************************
>  * libAVMemInputPin

Here is an updated version with the formatting fixed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dshow.patch
Type: application/octet-stream
Size: 2637 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190102/db21ad0d/attachment.obj>


More information about the ffmpeg-devel mailing list