[FFmpeg-trac] #6808(avformat:new): Double free in rtpdec_asf
FFmpeg
trac at avcodec.org
Mon Nov 6 05:33:34 EET 2017
#6808: Double free in rtpdec_asf
-------------------------------------+-------------------------------------
Reporter: cehoyos | Owner:
Type: defect | Status: new
Priority: important | Component: avformat
Version: git- | Keywords: rtsp crash
master | abort leak regression
Blocked By: | Blocking:
Reproduced by developer: 0 | Analyzed by developer: 0
-------------------------------------+-------------------------------------
Testing the url from ticket #6807, I found the following regression since
0cc6dd1b817bc4510714dd99122625d93909290a:
{{{
$ valgrind --leak-check=full ./ffmpeg_g -rtsp_transport tcp -i
rtsp://121.167.43.161/chosun -f null -
==16010== Memcheck, a memory error detector
==16010== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==16010== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==16010== Command: ./ffmpeg_g -rtsp_transport tcp -i
rtsp://121.167.43.161/chosun -f null -
==16010==
ffmpeg version N-88563-gd68a557 Copyright (c) 2000-2017 the FFmpeg
developers
built with gcc 6.3.0 (GCC)
configuration: --enable-gpl
libavutil 56. 0.100 / 56. 0.100
libavcodec 58. 1.100 / 58. 1.100
libavformat 58. 1.100 / 58. 1.100
libavdevice 58. 0.100 / 58. 0.100
libavfilter 7. 0.101 / 7. 0.101
libswscale 5. 0.101 / 5. 0.101
libswresample 3. 0.101 / 3. 0.101
libpostproc 55. 0.100 / 55. 0.100
==16010== Invalid free() / delete / delete[] / realloc()
==16010== at 0x4C29D4E: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==16010== by 0x6F28EE: ff_wms_parse_sdp_a_line (rtpdec_asf.c:147)
==16010== by 0x703570: ff_sdp_parse (rtsp.c:653)
==16010== by 0x70A85C: ff_rtsp_setup_input_streams (rtspdec.c:622)
==16010== by 0x707698: ff_rtsp_connect (rtsp.c:1871)
==16010== by 0x709DF7: rtsp_read_header (rtspdec.c:726)
==16010== by 0x737995: avformat_open_input (utils.c:599)
==16010== by 0x488C9C: open_input_file (ffmpeg_opt.c:1052)
==16010== by 0x48A4BE: ffmpeg_parse_options (ffmpeg_opt.c:3277)
==16010== by 0x480306: main (ffmpeg.c:4772)
==16010== Address 0x7ab4200 is 0 bytes inside a block of size 2,688
free'd
==16010== at 0x4C29D4E: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==16010== by 0x61E9DB: ffio_ensure_seekback (aviobuf.c:1002)
==16010== by 0x6580E6: ff_id3v2_read_dict (id3v2.c:1084)
==16010== by 0x7376CA: avformat_open_input (utils.c:595)
==16010== by 0x6F289E: ff_wms_parse_sdp_a_line (rtpdec_asf.c:139)
==16010== by 0x703570: ff_sdp_parse (rtsp.c:653)
==16010== by 0x70A85C: ff_rtsp_setup_input_streams (rtspdec.c:622)
==16010== by 0x707698: ff_rtsp_connect (rtsp.c:1871)
==16010== by 0x709DF7: rtsp_read_header (rtspdec.c:726)
==16010== by 0x737995: avformat_open_input (utils.c:599)
==16010== by 0x488C9C: open_input_file (ffmpeg_opt.c:1052)
==16010== by 0x48A4BE: ffmpeg_parse_options (ffmpeg_opt.c:3277)
==16010==
Guessed Channel Layout for Input Stream #0.0 : stereo
Input #0, rtsp, from 'rtsp://121.167.43.161/chosun':
Metadata:
title : <No Title>
WMFSDKNeeded : 0.0.0.0000
DeviceConformanceTemplate: MP at ML
WMFSDKVersion : 9.00.00.4509
IsVBR : 0
Duration: 00:00:00.00, start: 754823.845000, bitrate: N/A
Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 48000 Hz, stereo,
fltp, 128 kb/s
Stream #0:1: Video: wmv3 (Main) (WMV3 / 0x33564D57), yuv420p, 480x360,
327 kb/s, 29.97 tbr, 1k tbn, 1k tbc
Stream mapping:
Stream #0:1 -> #0:0 (wmv3 (native) -> wrapped_avframe (native))
Stream #0:0 -> #0:1 (wmav2 (native) -> pcm_s16le (native))
Press [q] to stop, [?] for help
Output #0, null, to 'pipe:':
Metadata:
title : <No Title>
WMFSDKNeeded : 0.0.0.0000
DeviceConformanceTemplate: MP at ML
WMFSDKVersion : 9.00.00.4509
IsVBR : 0
encoder : Lavf58.1.100
Stream #0:0: Video: wrapped_avframe, yuv420p, 480x360, q=2-31, 200
kb/s, 29.97 fps, 29.97 tbn, 29.97 tbc
Metadata:
encoder : Lavc58.1.100 wrapped_avframe
Stream #0:1: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s
Metadata:
encoder : Lavc58.1.100 pcm_s16le
frame= 44 fps= 32 q=-0.0 Lsize=N/A time=00:00:02.46 bitrate=N/A
speed=1.78x
video:23kB audio:256kB subtitle:0kB other streams:0kB global headers:0kB
muxing overhead: unknown
==16010==
==16010== HEAP SUMMARY:
==16010== in use at exit: 32,818 bytes in 2 blocks
==16010== total heap usage: 5,927 allocs, 5,926 frees, 14,888,198 bytes
allocated
==16010==
==16010== 32,778 bytes in 1 blocks are definitely lost in loss record 2 of
2
==16010== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==16010== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==16010== by 0x108E739: av_malloc (mem.c:87)
==16010== by 0x61E9AA: ffio_ensure_seekback (aviobuf.c:997)
==16010== by 0x6580E6: ff_id3v2_read_dict (id3v2.c:1084)
==16010== by 0x7376CA: avformat_open_input (utils.c:595)
==16010== by 0x6F289E: ff_wms_parse_sdp_a_line (rtpdec_asf.c:139)
==16010== by 0x703570: ff_sdp_parse (rtsp.c:653)
==16010== by 0x70A85C: ff_rtsp_setup_input_streams (rtspdec.c:622)
==16010== by 0x707698: ff_rtsp_connect (rtsp.c:1871)
==16010== by 0x709DF7: rtsp_read_header (rtspdec.c:726)
==16010== by 0x737995: avformat_open_input (utils.c:599)
==16010==
==16010== LEAK SUMMARY:
==16010== definitely lost: 32,778 bytes in 1 blocks
==16010== indirectly lost: 0 bytes in 0 blocks
==16010== possibly lost: 0 bytes in 0 blocks
==16010== still reachable: 40 bytes in 1 blocks
==16010== suppressed: 0 bytes in 0 blocks
==16010== Reachable blocks (those to which a pointer was found) are not
shown.
==16010== To see them, rerun with: --leak-check=full --show-reachable=yes
==16010==
==16010== For counts of detected and suppressed errors, rerun with: -v
==16010== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6808>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list