[libav-bugs] [Bug 713] New: crash inside avutil/avformat: invalid free when closing mkv

bugzilla at libav.org bugzilla at libav.org
Wed Jul 2 15:02:05 CEST 2014


http://bugzilla.libav.org/show_bug.cgi?id=713

           Summary: crash inside avutil/avformat: invalid free when
                    closing mkv
           Product: Libav
           Version: 9
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: Normal
         Component: libavformat
        AssignedTo: bugzilla at libav.org
        ReportedBy: m8r-yndajg at mailinator.com


With libav 9-12 and 9-14, this:
(error checking and av_register_all snipped, but aside from that this is all
the code needed to reproduce the bug: no actual processing of the file at all)

AVFormatContext* avfc = NULL;
avformat_open_input( &avfc, path, 0, 0 );
avformat_close_input( &avfc );

results in:

[matroska,webm @ 0xb531e440] Unknown entry 0x1A45DFA3
*** glibc detected *** avcrash/debug/avcrash: free(): invalid pointer:
0xb53201c0 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x75ee2)[0xb74bfee2]
avcrash/linux-i686/lib/libavutil.so.52(av_freep+0x12)[0xb6912472]
avcrash/linux-i686/lib/libavformat.so.54(+0x5123d)[0xb775823d]
avcrash/linux-i686/lib/libavformat.so.54(+0x5128d)[0xb775828d]
avcrash/linux-i686/lib/libavformat.so.54(+0x512c2)[0xb77582c2]
avcrash/linux-i686/lib/libavformat.so.54(+0x53e8c)[0xb775ae8c]
avcrash/linux-i686/lib/libavformat.so.54(avformat_close_input+0x126)[0xb77c8676]

on an MPEG4 (DX50) mkv test file.

The bug doesn't happen with the ffmpeg 1.1.1 libs (which is what I'm trying to
migrate from).

(As you'd expect, the libc message can also be "double free or corruption
(out)" sometimes).

The sample file is 200MB, but the crash is reproducible with just the first
10MB, so I'll upload that to FTP once I have a bug ID.

-- 
Configure bugmail: http://bugzilla.libav.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the libav-bugs mailing list