Opened 7 years ago
Closed 7 years ago
#6808 closed defect (fixed)
Double free in rtpdec_asf
Reported by: | Carl Eugen Hoyos | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avformat |
Version: | git-master | Keywords: | rtsp crash abort leak regression |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Testing the url from ticket #6807, I found the following regression since 0cc6dd1b817bc4510714dd99122625d93909290a:
$ valgrind --leak-check=full ./ffmpeg_g -rtsp_transport tcp -i rtsp://121.167.43.161/chosun -f null - ==16010== Memcheck, a memory error detector ==16010== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==16010== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==16010== Command: ./ffmpeg_g -rtsp_transport tcp -i rtsp://121.167.43.161/chosun -f null - ==16010== ffmpeg version N-88563-gd68a557 Copyright (c) 2000-2017 the FFmpeg developers built with gcc 6.3.0 (GCC) configuration: --enable-gpl libavutil 56. 0.100 / 56. 0.100 libavcodec 58. 1.100 / 58. 1.100 libavformat 58. 1.100 / 58. 1.100 libavdevice 58. 0.100 / 58. 0.100 libavfilter 7. 0.101 / 7. 0.101 libswscale 5. 0.101 / 5. 0.101 libswresample 3. 0.101 / 3. 0.101 libpostproc 55. 0.100 / 55. 0.100 ==16010== Invalid free() / delete / delete[] / realloc() ==16010== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16010== by 0x6F28EE: ff_wms_parse_sdp_a_line (rtpdec_asf.c:147) ==16010== by 0x703570: ff_sdp_parse (rtsp.c:653) ==16010== by 0x70A85C: ff_rtsp_setup_input_streams (rtspdec.c:622) ==16010== by 0x707698: ff_rtsp_connect (rtsp.c:1871) ==16010== by 0x709DF7: rtsp_read_header (rtspdec.c:726) ==16010== by 0x737995: avformat_open_input (utils.c:599) ==16010== by 0x488C9C: open_input_file (ffmpeg_opt.c:1052) ==16010== by 0x48A4BE: ffmpeg_parse_options (ffmpeg_opt.c:3277) ==16010== by 0x480306: main (ffmpeg.c:4772) ==16010== Address 0x7ab4200 is 0 bytes inside a block of size 2,688 free'd ==16010== at 0x4C29D4E: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16010== by 0x61E9DB: ffio_ensure_seekback (aviobuf.c:1002) ==16010== by 0x6580E6: ff_id3v2_read_dict (id3v2.c:1084) ==16010== by 0x7376CA: avformat_open_input (utils.c:595) ==16010== by 0x6F289E: ff_wms_parse_sdp_a_line (rtpdec_asf.c:139) ==16010== by 0x703570: ff_sdp_parse (rtsp.c:653) ==16010== by 0x70A85C: ff_rtsp_setup_input_streams (rtspdec.c:622) ==16010== by 0x707698: ff_rtsp_connect (rtsp.c:1871) ==16010== by 0x709DF7: rtsp_read_header (rtspdec.c:726) ==16010== by 0x737995: avformat_open_input (utils.c:599) ==16010== by 0x488C9C: open_input_file (ffmpeg_opt.c:1052) ==16010== by 0x48A4BE: ffmpeg_parse_options (ffmpeg_opt.c:3277) ==16010== Guessed Channel Layout for Input Stream #0.0 : stereo Input #0, rtsp, from 'rtsp://121.167.43.161/chosun': Metadata: title : <No Title> WMFSDKNeeded : 0.0.0.0000 DeviceConformanceTemplate: MP@ML WMFSDKVersion : 9.00.00.4509 IsVBR : 0 Duration: 00:00:00.00, start: 754823.845000, bitrate: N/A Stream #0:0: Audio: wmav2 (a[1][0][0] / 0x0161), 48000 Hz, stereo, fltp, 128 kb/s Stream #0:1: Video: wmv3 (Main) (WMV3 / 0x33564D57), yuv420p, 480x360, 327 kb/s, 29.97 tbr, 1k tbn, 1k tbc Stream mapping: Stream #0:1 -> #0:0 (wmv3 (native) -> wrapped_avframe (native)) Stream #0:0 -> #0:1 (wmav2 (native) -> pcm_s16le (native)) Press [q] to stop, [?] for help Output #0, null, to 'pipe:': Metadata: title : <No Title> WMFSDKNeeded : 0.0.0.0000 DeviceConformanceTemplate: MP@ML WMFSDKVersion : 9.00.00.4509 IsVBR : 0 encoder : Lavf58.1.100 Stream #0:0: Video: wrapped_avframe, yuv420p, 480x360, q=2-31, 200 kb/s, 29.97 fps, 29.97 tbn, 29.97 tbc Metadata: encoder : Lavc58.1.100 wrapped_avframe Stream #0:1: Audio: pcm_s16le, 48000 Hz, stereo, s16, 1536 kb/s Metadata: encoder : Lavc58.1.100 pcm_s16le frame= 44 fps= 32 q=-0.0 Lsize=N/A time=00:00:02.46 bitrate=N/A speed=1.78x video:23kB audio:256kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown ==16010== ==16010== HEAP SUMMARY: ==16010== in use at exit: 32,818 bytes in 2 blocks ==16010== total heap usage: 5,927 allocs, 5,926 frees, 14,888,198 bytes allocated ==16010== ==16010== 32,778 bytes in 1 blocks are definitely lost in loss record 2 of 2 ==16010== at 0x4C290FE: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16010== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16010== by 0x108E739: av_malloc (mem.c:87) ==16010== by 0x61E9AA: ffio_ensure_seekback (aviobuf.c:997) ==16010== by 0x6580E6: ff_id3v2_read_dict (id3v2.c:1084) ==16010== by 0x7376CA: avformat_open_input (utils.c:595) ==16010== by 0x6F289E: ff_wms_parse_sdp_a_line (rtpdec_asf.c:139) ==16010== by 0x703570: ff_sdp_parse (rtsp.c:653) ==16010== by 0x70A85C: ff_rtsp_setup_input_streams (rtspdec.c:622) ==16010== by 0x707698: ff_rtsp_connect (rtsp.c:1871) ==16010== by 0x709DF7: rtsp_read_header (rtspdec.c:726) ==16010== by 0x737995: avformat_open_input (utils.c:599) ==16010== ==16010== LEAK SUMMARY: ==16010== definitely lost: 32,778 bytes in 1 blocks ==16010== indirectly lost: 0 bytes in 0 blocks ==16010== possibly lost: 0 bytes in 0 blocks ==16010== still reachable: 40 bytes in 1 blocks ==16010== suppressed: 0 bytes in 0 blocks ==16010== Reachable blocks (those to which a pointer was found) are not shown. ==16010== To see them, rerun with: --leak-check=full --show-reachable=yes ==16010== ==16010== For counts of detected and suppressed errors, rerun with: -v ==16010== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)
Note:
See TracTickets
for help on using tickets.
Fixed in f7c01ff24d706e2c7d645944227a5242e0f1203f