[MPlayer-dev-eng] [Bug] Analog video capture raises all kind of several glibc+process memory exceptions intermittently

thomas schorpp thomas.schorpp at googlemail.com
Mon Dec 10 23:30:42 CET 2007 

thomas schorpp wrote:
> thomas schorpp wrote:
>> thomas schorpp wrote:
>>> hi,
>>>
>>
>>> (gdb) bt
>>> #0  0x00002b0bc616ed3d in _int_free () from /lib/libc.so.6
>>> #1  0x00002b0bc6172bdc in free () from /lib/libc.so.6
>>> #2  0x00000000004c9146 in ds_fill_buffer (ds=0xfbda30) at 
>>> demuxer.h:265                        <------- REPRODUCIBLE
>>> #3  0x00000000004c9795 in ds_get_packet (ds=0xfbda30, 
>>> start=0x7fffe7764e60) at demuxer.c:535
>>> #4  0x00000000005111cd in video_read_frame (sh_video=0xfbe0c0, 
>>> frame_time_ptr=0x7fffe7764e6c, start=0x7fffe7764e60,
>>>   force_fps=0) at video.c:549
>>> #5  0x000000000043b246 in main (argc=<value optimized out>, 
>>> argv=<value optimized out>) at mencoder.c:1241
>>                                  
>>>
>>> seems the ds_get_next_pts at demuxer.c:595 buffer code is not safe.
>>> I see no land here and use transcode until this is fixed.
>>>
>>> y
>>> tom
>>>
>>
>> hi, investigating
>>
>> http://article.gmane.org/gmane.comp.video.mencoder.user/7442
>>
>> what is that?
>>
>> static inline void free_demux_packet(demux_packet_t* dp){
>>  if (dp->master==NULL){  //dp is a master packet
>>    dp->refcount--;
>>    if (dp->refcount==0){
>> //    if (dp->buffer) free(dp->buffer); schorpp
>>      free(dp); <--- above instruction is dp's work.          
>> well, this is indeed a "double free" if dp type is designed with OO 
>> orthodox canonical form in mind.
>> other explanation?
>>
>> intermittent bug seems to occur on buffer underrun, I'm using a USB 
>> 1.1 grabber.
>>
> 
> not working,
> #0  0x00002aef8ade2d3d in _int_free () from /lib/libc.so.6
> #1  0x00002aef8ade6bdc in free () from /lib/libc.so.6
> #2  0x00000000004c9146 in ds_fill_buffer (ds=0xfbee80) at demuxer.h:265
> #3  0x00000000004c9795 in ds_get_packet (ds=0xfbee80, 
> start=0x7fff22aef450) at demuxer.c:535    <--- intermittently on 595 too.
> #4  0x00000000005111cd in video_read_frame (sh_video=0xfbf510, 
> frame_time_ptr=0x7fff22aef45c, start=0x7fff22aef450,
>    force_fps=0) at video.c:549
> #5  0x000000000043b246 in main (argc=<value optimized out>, argv=<value 
> optimized out>) at mencoder.c:1241
> 
> 
> trying extra check (useless if unnulled pointer):
> 
> static inline void free_demux_packet(demux_packet_t* dp){
>  if (dp->master==NULL){  //dp is a master packet
>    dp->refcount--;
>    if (dp->refcount==0){
>      if (dp->buffer) free(dp->buffer);
>      if (dp) free(dp);    //    free(dp); schorpp
>  
> ideas?
> 
> 

not working.
+
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2af9834f1300 (LWP 7334)]
0x00002af980240199 in x264_plane_copy_mmxext () from /usr/lib/libx264.so.56
(gdb) bt
#0  0x00002af980240199 in x264_plane_copy_mmxext () from /usr/lib/libx264.so.56
#1  0x00002af9801f6126 in ?? () from /usr/lib/libx264.so.56
#2  0x00002af9802347dd in x264_encoder_encode () from /usr/lib/libx264.so.56

now the encoder eats crap.
reproducible.

ok, using transcode meanwhile.

More information about the MPlayer-dev-eng mailing list