[FFmpeg-devel] [PATCH] Fix a crash when adding many video clips to a kdenlive project:
Michael Niedermayer
michaelni at gmx.at
Wed Aug 31 14:38:31 CEST 2011
Hi Mikko
On Sat, Aug 27, 2011 at 07:02:47PM +0300, Mikko Rapeli wrote:
> *** glibc detected *** /usr/bin/kdenlive: munmap_chunk(): invalid pointer: 0x6b6b6961 ***
> ======= Backtrace: =========
> /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6aac1)[0xb5c36ac1]
> /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6bd3e)[0xb5c37d3e]
> /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51(av_freep+0x12)[0xb0223632]
> ======= Memory map: ========
>
> (gdb) bt full
> No symbol table info available.
> at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> resultvar = <optimized out>
> pid = -1244520460
> selftid = 6048
> act = {__sigaction_handler = {
> sa_handler = 0xb7fff4e4 <_rtld_global+1220>,
> sa_sigaction = 0xb7fff4e4 <_rtld_global+1220>}, sa_mask = {
> __val = {851968, 2955052656, 2954984288, 2893854976, 3078,
> 2893854944, 2954980608, 2954979420, 0, 77, 2893854788,
> 3049852392, 9, 2893854872, 3050446836, 3, 2893856332,
> 2893854992, 3049970916, 56, 2893854872, 9, 0, 2893854968,
> 2893854980, 7, 3050301468, 3050301464, 3050296943, 3050297008,
> 18, 2893854872}}, sa_flags = -1401112352,
> sa_restorer = 0xb5cffbf6}
> sigs = {__val = {32, 0 <repeats 31 times>}}
> fmt=0xb5d01a90 "*** glibc detected *** %s: %s: 0x%s ***\n")
> at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
> ap = <optimized out>
> ---Type <return> to continue, or q <return> to quit---
> fd = -1401111992
> on_2 = <optimized out>
> list = <optimized out>
> nlist = <optimized out>
> cp = <optimized out>
> written = false
> str=0x6 <Address 0x6 out of bounds>, ptr=0x6b6b6961) at malloc.c:6283
> buf = "6b6b6961"
> cp = <optimized out>
> __func__ = "munmap_chunk"
> block = <optimized out>
> total_size = 4294967287
> ret = <optimized out>
> No locals.
> ptr = 0x134a3d9c
> No locals.
> at producer_avformat.c:2452
> ---Type <return> to continue, or q <return> to quit---
> producer = 0x125e82d8
> context = <optimized out>
> properties = 0x125e82d8
> frame_properties = 0x1269e288
> index = 1
> at producer_avformat.c:2530
> service = 0x125e82d8
> cache_item = <optimized out>
> self = 0xffcecc8
> position = <optimized out>
> index=0) at mlt_producer.c:584
> properties = 0x125e82d8
> eof = <optimized out>
> speed = 1
> clone = <optimized out>
> result = 1
> self = 0x125e82d8
> index=0) at mlt_service.c:481
> new_position = 1
> previous_frame = <optimized out>
> ---Type <return> to continue, or q <return> to quit---
> next_frame = <optimized out>
> properties = 0x121abef0
> in = 0
> out = 1996
> position = 0
> result = <optimized out>
> at MltService.cpp:95
> frame = 0x121abef0
> result = 0xb7f8db37
> at /home/mcfrisk/src/kdenlive-git/src/kthumb.cpp:408
> mlt_frame = <optimized out>
> z = 0
> producer = {<Mlt::Service> = {<Mlt::Properties> = {
> _vptr.Properties = 0xb7f971f8, instance = 0x0}, instance = 0x0},
> instance = 0x125e82d8, parent_ = 0x0}
> __PRETTY_FUNCTION__ = "void KThumb::slotCreateAudioThumbs()"
> last_val = 0
> val = 0
> prof = {instance = 0xf7b71b8}
> at /usr/include/qt4/QtCore/qtconcurrentrunbase.h:120
> ---Type <return> to continue, or q <return> to quit---
> No locals.
> at /usr/include/qt4/QtCore/qtconcurrentrunbase.h:114
> No locals.
> at concurrent/qthreadpool.cpp:106
> r = 0x644a3e70
> expired = <optimized out>
> locker = {val = 218480224}
> at thread/qthread_unix.cpp:320
> __clframe = {
> __cancel_routine = 0xb7c48400 <QThreadPrivate::finish(void*)>,
> __cancel_arg = 0x87ddef0, __do_it = 1,
> __cancel_type = <optimized out>}
> thr = 0x87ddef0
> data = 0xd05c2f8
> __res = <optimized out>
> __ignore1 = <optimized out>
> __ignore2 = <optimized out>
> pd = 0xac7ccb70
> now = <optimized out>
> ---Type <return> to continue, or q <return> to quit---
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1220292620, 0, 4001536,
> -1401109448, 766084995, 1370961333}, mask_was_saved = 0}},
> priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
> cleanup = 0x0, canceltype = 0}}}
> not_first_call = <optimized out>
> freesize = <optimized out>
> __PRETTY_FUNCTION__ = "start_thread"
> No locals.
> Backtrace stopped: Not enough registers or memory available to unwind further
> ---
> libavcodec/utils.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> index ee1bfcc..4ad902b 100644
> --- a/libavcodec/utils.c
> +++ b/libavcodec/utils.c
> @@ -886,8 +886,8 @@ av_cold int avcodec_close(AVCodecContext *avctx)
> avctx->coded_frame = NULL;
> if (avctx->codec && avctx->codec->priv_class)
> av_opt_free(avctx->priv_data);
> - av_opt_free(avctx);
> av_freep(&avctx->priv_data);
> + av_opt_free(avctx);
Can you explain why you think the order of these 2 functions can
trigger a bug ?
also valgrind output should help in understanding the bug
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I hate to see young programmers poisoned by the kind of thinking
Ulrich Drepper puts forward since it is simply too narrow -- Roman Shaposhnik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110831/9c2124bc/attachment.asc>
More information about the ffmpeg-devel
mailing list