Opened 15 hours ago

Last modified 11 hours ago

#11419 new defect

libavutil/mem.c:107:9 memory leaks

Reported by: 0x20z Owned by:
Priority: important Component: undetermined
Version: git-master Keywords:
Cc: 0x20z Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:

Using the latest master branch, the new POC can still trigger memory leaks, but the POC in https://trac.ffmpeg.org/ticket/11415 cannot trigger the problem. ticket 11415 has already been closed, so I have created a new ticket. Please understand

How to reproduce:

git clone https://github.com/FFmpeg/FFmpeg.git
cd FFmpeg
./configure --cc=clang --cxx=clang++ --toolchain=clang-asan --extra-cflags="-I$HOME/ffmpeg_build/include -O0 -fno-omit-frame-pointer -g"   --extra-cxxflags="-O0 -fno-omit-frame-pointer -g" --extra-ldflags="-L$HOME/ffmpeg_build/include -fsanitize=address -fsanitize=undefined -lubsan" --disable-optimizations --disable-stripping --enable-cross-compile
make -j30
./ffmpeg -y -i poc -c:v mpeg4 -c:a copy -f mp4 /dev/null

LeakSanitizer :

=================================================================
==3075001==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 112 byte(s) in 1 object(s) allocated from:
    #0 0x7f5b2c4b557c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x580813e1ab7d in av_malloc libavutil/mem.c:107
    #2 0x58080f0faf18 in ff_interleave_add_packet libavformat/mux.c:866
    #3 0x58080f0fcfc0 in ff_interleave_packet_per_dts libavformat/mux.c:971
    #4 0x58080f100340 in interleaved_write_packet libavformat/mux.c:1141
    #5 0x58080f100ec6 in write_packet_common libavformat/mux.c:1172
    #6 0x58080f1021d5 in write_packets_common libavformat/mux.c:1232
    #7 0x58080f102e06 in av_interleaved_write_frame libavformat/mux.c:1288
    #8 0x58080d5a74eb in write_packet fftools/ffmpeg_mux.c:236
    #9 0x58080d5a8043 in sync_queue_process fftools/ffmpeg_mux.c:280
    #10 0x58080d5a99df in mux_packet_filter fftools/ffmpeg_mux.c:356
    #11 0x58080d5aac1b in muxer_thread fftools/ffmpeg_mux.c:438
    #12 0x58080d63777f in task_wrapper fftools/ffmpeg_sched.c:2534
    #13 0x7f5b2b894ac2 in start_thread nptl/pthread_create.c:442

Indirect leak of 259 byte(s) in 1 object(s) allocated from:
    #0 0x7f5b2c4b557c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x580813e1ab7d in av_malloc libavutil/mem.c:107
    #2 0x580813d66394 in av_buffer_alloc libavutil/buffer.c:82
    #3 0x580810e43f15 in av_grow_packet libavcodec/packet.c:160
    #4 0x58080f4bc122 in append_packet_chunked libavformat/utils.c:71
    #5 0x58080f4bc8a6 in av_get_packet libavformat/utils.c:104
    #6 0x58080ef48889 in mov_read_packet libavformat/mov.c:10944
    #7 0x58080eb10def in ff_read_packet libavformat/demux.c:649
    #8 0x58080eb237ec in read_frame_internal libavformat/demux.c:1344
    #9 0x58080eb45a6c in avformat_find_stream_info libavformat/demux.c:2711
    #10 0x58080d551777 in ifile_open fftools/ffmpeg_demux.c:1767
    #11 0x58080d60d2c4 in open_files fftools/ffmpeg_opt.c:1363
    #12 0x58080d60de8f in ffmpeg_parse_options fftools/ffmpeg_opt.c:1412
    #13 0x58080d68dcd2 in main fftools/ffmpeg.c:974
    #14 0x7f5b2b829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Indirect leak of 112 byte(s) in 1 object(s) allocated from:
    #0 0x7f5b2c4b557c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x580813e1ab7d in av_malloc libavutil/mem.c:107
    #2 0x580813e1c60b in av_mallocz libavutil/mem.c:258
    #3 0x58080d682ed8 in frame_data_ensure fftools/ffmpeg.c:408
    #4 0x58080d683e85 in packet_data fftools/ffmpeg.c:467
    #5 0x58080d5359fd in input_packet_process fftools/ffmpeg_demux.c:455
    #6 0x58080d53c75f in input_thread fftools/ffmpeg_demux.c:768
    #7 0x58080d63777f in task_wrapper fftools/ffmpeg_sched.c:2534
    #8 0x7f5b2b894ac2 in start_thread nptl/pthread_create.c:442

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f5b2c4b557c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x580813e1ab7d in av_malloc libavutil/mem.c:107
    #2 0x580813e1c60b in av_mallocz libavutil/mem.c:258
    #3 0x580813d66001 in av_buffer_create libavutil/buffer.c:60
    #4 0x58080d683045 in frame_data_ensure fftools/ffmpeg.c:412
    #5 0x58080d683e85 in packet_data fftools/ffmpeg.c:467
    #6 0x58080d5359fd in input_packet_process fftools/ffmpeg_demux.c:455
    #7 0x58080d53c75f in input_thread fftools/ffmpeg_demux.c:768
    #8 0x58080d63777f in task_wrapper fftools/ffmpeg_sched.c:2534
    #9 0x7f5b2b894ac2 in start_thread nptl/pthread_create.c:442

Indirect leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f5b2c4b557c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x580813e1ab7d in av_malloc libavutil/mem.c:107
    #2 0x580813e1c60b in av_mallocz libavutil/mem.c:258
    #3 0x580813d66001 in av_buffer_create libavutil/buffer.c:60
    #4 0x580813d664fe in av_buffer_alloc libavutil/buffer.c:86
    #5 0x580810e43f15 in av_grow_packet libavcodec/packet.c:160
    #6 0x58080f4bc122 in append_packet_chunked libavformat/utils.c:71
    #7 0x58080f4bc8a6 in av_get_packet libavformat/utils.c:104
    #8 0x58080ef48889 in mov_read_packet libavformat/mov.c:10944
    #9 0x58080eb10def in ff_read_packet libavformat/demux.c:649
    #10 0x58080eb237ec in read_frame_internal libavformat/demux.c:1344
    #11 0x58080eb45a6c in avformat_find_stream_info libavformat/demux.c:2711
    #12 0x58080d551777 in ifile_open fftools/ffmpeg_demux.c:1767
    #13 0x58080d60d2c4 in open_files fftools/ffmpeg_opt.c:1363
    #14 0x58080d60de8f in ffmpeg_parse_options fftools/ffmpeg_opt.c:1412
    #15 0x58080d68dcd2 in main fftools/ffmpeg.c:974
    #16 0x7f5b2b829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f5b2c4b557c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x580813e1ab7d in av_malloc libavutil/mem.c:107
    #2 0x580813e1c60b in av_mallocz libavutil/mem.c:258
    #3 0x580813d65d8d in buffer_create libavutil/buffer.c:44
    #4 0x580813d66120 in av_buffer_create libavutil/buffer.c:64
    #5 0x58080d683045 in frame_data_ensure fftools/ffmpeg.c:412
    #6 0x58080d683e85 in packet_data fftools/ffmpeg.c:467
    #7 0x58080d5359fd in input_packet_process fftools/ffmpeg_demux.c:455
    #8 0x58080d53c75f in input_thread fftools/ffmpeg_demux.c:768
    #9 0x58080d63777f in task_wrapper fftools/ffmpeg_sched.c:2534
    #10 0x7f5b2b894ac2 in start_thread nptl/pthread_create.c:442

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f5b2c4b557c in __interceptor_posix_memalign ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:226
    #1 0x580813e1ab7d in av_malloc libavutil/mem.c:107
    #2 0x580813e1c60b in av_mallocz libavutil/mem.c:258
    #3 0x580813d65d8d in buffer_create libavutil/buffer.c:44
    #4 0x580813d66120 in av_buffer_create libavutil/buffer.c:64
    #5 0x580813d664fe in av_buffer_alloc libavutil/buffer.c:86
    #6 0x580810e43f15 in av_grow_packet libavcodec/packet.c:160
    #7 0x58080f4bc122 in append_packet_chunked libavformat/utils.c:71
    #8 0x58080f4bc8a6 in av_get_packet libavformat/utils.c:104
    #9 0x58080ef48889 in mov_read_packet libavformat/mov.c:10944
    #10 0x58080eb10def in ff_read_packet libavformat/demux.c:649
    #11 0x58080eb237ec in read_frame_internal libavformat/demux.c:1344
    #12 0x58080eb45a6c in avformat_find_stream_info libavformat/demux.c:2711
    #13 0x58080d551777 in ifile_open fftools/ffmpeg_demux.c:1767
    #14 0x58080d60d2c4 in open_files fftools/ffmpeg_opt.c:1363
    #15 0x58080d60de8f in ffmpeg_parse_options fftools/ffmpeg_opt.c:1412
    #16 0x58080d68dcd2 in main fftools/ffmpeg.c:974
    #17 0x7f5b2b829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Found by:

Found by 0x20z

Thank you for your time and attention

Attachments (1)

poc_new (12.0 KB ) - added by 0x20z 15 hours ago.

Download all attachments as: .zip

Change History (2)

by 0x20z, 15 hours ago

Attachment: poc_new added

comment:1 by Timo R., 11 hours ago

That's like saying libc has a memory leak cause it provides malloc().
Looks to me like a simple case of a packet not getting cleaned up at the end, cause of unclean shutdown or who knows what.
Which seems like a non-issue to me, assuming it does not accumulate over time, and depending on how the unclean shutdown happens. Logs would be helpful to determine that.

Note: See TracTickets for help on using tickets.