[MPlayer-dev-eng] [Bug] Analog video capture raises all kind of several glibc+process memory exceptions intermittently
thomas schorpp
thomas.schorpp at googlemail.com
Mon Dec 10 22:36:06 CET 2007
thomas schorpp wrote:
> hi,
>
> (gdb) bt
> #0 0x00002b0bc616ed3d in _int_free () from /lib/libc.so.6
> #1 0x00002b0bc6172bdc in free () from /lib/libc.so.6
> #2 0x00000000004c9146 in ds_fill_buffer (ds=0xfbda30) at
> demuxer.h:265 <------- REPRODUCIBLE
> #3 0x00000000004c9795 in ds_get_packet (ds=0xfbda30,
> start=0x7fffe7764e60) at demuxer.c:535
> #4 0x00000000005111cd in video_read_frame (sh_video=0xfbe0c0,
> frame_time_ptr=0x7fffe7764e6c, start=0x7fffe7764e60,
> force_fps=0) at video.c:549
> #5 0x000000000043b246 in main (argc=<value optimized out>, argv=<value
> optimized out>) at mencoder.c:1241
>
> seems the ds_get_next_pts at demuxer.c:595 buffer code is not safe.
> I see no land here and use transcode until this is fixed.
>
> y
> tom
>
hi, investigating
http://article.gmane.org/gmane.comp.video.mencoder.user/7442
what is that?
static inline void free_demux_packet(demux_packet_t* dp){
if (dp->master==NULL){ //dp is a master packet
dp->refcount--;
if (dp->refcount==0){
// if (dp->buffer) free(dp->buffer); schorpp
free(dp); <--- above instruction is dp's work.
well, this is indeed a "double free" if dp type is designed
with OO orthodox canonical form in mind.
other explanation?
intermittent bug seems to occur on buffer underrun, I'm using a USB 1.1 grabber.
y
tom
More information about the MPlayer-dev-eng
mailing list