[MPlayer-users] [patch] mplayer segfaults at the end of FLV movies

Dennis Schneider dschneid at informatik.hu-berlin.de
Mon Jun 22 09:58:28 CEST 2009


Hi.
I'm using mplayer r29371 right now on FreeBSD with malloc debugging 
enabled.
Mplayer is really nice, but when playing FLV movies (downloaded from 
youtube, e.g) it exits with a SIGSEGV at the end of the movie.  Because 
FreeBSD malloc says:
	Assertion failed: (diff == regind * size), function 
	arena_run_reg_dalloc, file /usr/src/lib/libc/stdlib/malloc.c, line 
	2536.

A stacktrace shows that free() is called via av_free() from av_freep() 
in libmpcodecs/vd_ffmpeg.c:440:
	av_freep(&avctx->palctrl);

Digging deeper, I found that it only occured with CONFIG_MEMALIGN_HACK 
enabled (the default on this platform), but this is only hiding the 
problem.

The cause sits also in libmpcodecs/vd_ffmpeg.c, line 389:
	avctx->palctrl = calloc(1, sizeof(AVPaletteControl));
Which is clearly wrong since it is freed with the align-correcting 
av_free(p).

Could somebody please fix this, e.g. with the patch below?

Index: libmpcodecs/vd_ffmpeg.c
===================================================================
--- libmpcodecs/vd_ffmpeg.c	(Revision 29371)
+++ libmpcodecs/vd_ffmpeg.c	(Arbeitskopie)
@@ -386,7 +386,7 @@
      }
      /* Pass palette to codec */
      if (sh->bih && (sh->bih->biBitCount <= 8)) {
-        avctx->palctrl = calloc(1, sizeof(AVPaletteControl));
+        avctx->palctrl = av_malloc(sizeof(AVPaletteControl));
				 avctx->palctrl->palette_changed = 1;
          if (sh->bih->biSize-sizeof(BITMAPINFOHEADER))
              /* Palette size in biSize */


Please Cc me since I am not subscribed to this list.

Dennis


More information about the MPlayer-users mailing list