seeking issue ("free(): invalid pointer") with some types of video file ...

[p-pioneer-q]

tools versions:

ffmpeg version 2.2-rc2
built on Apr 7 2014 14:07:05 with gcc 4.8

mpv 0.3.7-git-2758bc4 (C) 2000-2013 mpv/MPlayer/mplayer2 projects
built on 2014-04-07T12:16:46
ffmpeg library versions:
libavutil 52.66.100
libavcodec 55.52.102
libavformat 55.33.100
libswscale 2.5.101
libavfilter 4.2.100
libavresample 1.2.0

file infos:

Metadata:
major_brand : isom
minor_version : 512
compatible_brands: isomiso2avc1mp41
encoder : Lavf55.21.101
Duration: 00:25:02.37, start: 0.000000, bitrate: 4193 kb/s
Stream #0:0(und): Video: h264 (High) (avc1 / 0x31637661), yuv420p(tv), 1280x720 [SAR 1:1 DAR 16:9], 3997 kb/s, 30.47 fps, 29.97 tbr, 16k tbn, 59.94 tbc (default)
Metadata:
handler_name : VideoHandler
Stream #0:1(und): Audio: aac (mp4a / 0x6134706D), 44100 Hz, stereo, fltp, 187 kb/s (default)
Metadata:
handler_name : SoundHandler

issue (when a seek command is used):

*** Error in `/home/pioneer/bin/mpv': free(): invalid pointer: 0x096924b4 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x767c2)[0xb74877c2]
/lib/i386-linux-gnu/libc.so.6(+0x77510)[0xb7488510]
/home/pioneer/bin/mpv[0x8899a82]
/home/pioneer/bin/mpv[0x8892fbe]
/home/pioneer/bin/mpv[0x83d9af4]
/home/pioneer/bin/mpv[0x83dd183]
/home/pioneer/bin/mpv[0x83e10eb]
/home/pioneer/bin/mpv[0x85b4ad2]
/lib/i386-linux-gnu/libpthread.so.0(+0x6d78)[0xb7f63d78]
/lib/i386-linux-gnu/libc.so.6(clone+0x5e)[0xb750301e]

gdb backtrace:

(gdb) bt
#0 0xb7fdd424 in __kernel_vsyscall ()
#1 0xb743faff in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2 0xb7443083 in __GI_abort () at abort.c:90
#3 0xb747ca95 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0xb75800d0 "*** Error in `%s': %s: 0x%s ***\n")

at ../sysdeps/unix/sysv/linux/libc_fatal.c:199

#4 0xb74877c2 in malloc_printerr (action=, str=, ptr=0x96924b4) at malloc.c:4923
#5 0xb7488510 in _int_free (av=0xb75c1440 <main_arena>, p=0x96924ac, have_lock=0) at malloc.c:3779
#6 0x08899a82 in av_freep ()
#7 0x08892fbe in av_frame_unref ()
#8 0x083d9af4 in ff_h264_alloc_tables ()
#9 0x083dd183 in decode_slice_header ()
#10 0x083e10eb in h264_decode_frame ()
#11 0x085b4ad2 in frame_worker_thread ()
#12 0xb7f63d78 in start_thread (arg=0xb3facb40) at pthread_create.c:311
#13 0xb750301e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

---

the same issue happen with ffplay version 2.2-rc2, but not with vlc version 2.2.0-git, not with mplayer(1) version 1.1-4.7, and not with avplay version 0.8.10-6

[ghost]

the same issue happen with ffplay version 2.2-rc2

Then it's 100% a ffmpeg bug. Why are you using 2.2-rc2? It's outdated. Of course it's possible that 2.2 proper or ffmpeg git master have the same problem.

Can you try with mpv git master?

I'm pretty sure this problem doesn't exist on Linux with ffmpeg git master and mpv git master.

How exactly can this problem be reproduced?

[p-pioneer-q]

i'm using the "rebuild" script of mpv who rebuild & update all tools, i was thinking of its the actual git version of ffmpeg.

Im using a personnal script to play with mpv/vlc/ffplay some remote web video files (a stuff like youtube-dl), this issue happen with video from "canalplus.fr" when i try to seek on it, but i found some videos from my personal vid directory with the same issue, all of them are encoded with Lavf55.21.101.

[ghost]

Fixed the mpv-build update script. Now it prefers n2.2.

[p-pioneer-q]

same issue with ffmpeg version 2.2

[ghost]

Can you post a file with which this definitely happens?

[p-pioneer-q]

I sent you the command and the file link to your mailbox

[ghost]

For the record: I can't reproduce a crash. But then I ran your command through:

==5748== Thread 10: fd=  13 aq=    0KB vq=    0KB sq=    0B f=0/0   
==5748== Invalid free() / delete / delete[] / realloc()
==5748==    at 0x4029DA8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5748==    by 0x88977B1: av_freep (mem.c:232)
==5748==    by 0x8890D4D: av_frame_unref (frame.c:92)
==5748==    by 0x837D283: ff_h264_alloc_tables (h264.c:479)
==5748==    by 0x83B1340: h264_slice_header_init (h264_slice.c:1173)
==5748==    by 0x83B66BE: ff_h264_decode_slice_header (h264_slice.c:1462)
==5748==    by 0x837E3ED: h264_decode_frame (h264.c:1509)
==5748==    by 0x8564631: frame_worker_thread (pthread_frame.c:153)
==5748==    by 0x480EED8: start_thread (pthread_create.c:312)
==5748==    by 0x490E26D: clone (clone.S:129)
==5748==  Address 0x7f11328 is 2,184 bytes inside a block of size 557,568 alloc'd
==5748==    at 0x402AF50: memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5748==    by 0x402B07E: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5748==    by 0x8897839: av_mallocz (mem.c:95)
==5748==    by 0x86041DE: avcodec_open2 (utils.c:1255)
==5748==    by 0x80C6064: stream_component_open (ffplay.c:2533)
==5748==    by 0x80C834E: read_thread (ffplay.c:2837)
==5748==    by 0x4328EA4: ??? (in /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4)
==5748==    by 0x437065A: ??? (in /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4)
==5748==    by 0x480EED8: start_thread (pthread_create.c:312)
==5748==    by 0x490E26D: clone (clone.S:129)
==5748== 

Can I post your command line on the #ffmpeg-devel IRC channel, so others can reproduce?

[p-pioneer-q]

Le 07/04/2014 17:16, wm4 a écrit :

For the record: I can't reproduce a crash. But then I ran your command
through:

|==5748== Thread 10: fd= 13 aq= 0KB vq= 0KB sq= 0B f=0/0
==5748== Invalid free() / delete / delete[] / realloc()
==5748== at 0x4029DA8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5748== by 0x88977B1: av_freep (mem.c:232)
==5748== by 0x8890D4D: av_frame_unref (frame.c:92)
==5748== by 0x837D283: ff_h264_alloc_tables (h264.c:479)
==5748== by 0x83B1340: h264_slice_header_init (h264_slice.c:1173)
==5748== by 0x83B66BE: ff_h264_decode_slice_header (h264_slice.c:1462)
==5748== by 0x837E3ED: h264_decode_frame (h264.c:1509)
==5748== by 0x8564631: frame_worker_thread (pthread_frame.c:153)
==5748== by 0x480EED8: start_thread (pthread_create.c:312)
==5748== by 0x490E26D: clone (clone.S:129)
==5748== Address 0x7f11328 is 2,184 bytes inside a block of size 557,568 alloc'd
==5748== at 0x402AF50: memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5748== by 0x402B07E: posix_memalign (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5748== by 0x8897839: av_mallocz (mem.c:95)
==5748== by 0x86041DE: avcodec_open2 (utils.c:1255)
==5748== by 0x80C6064: stream_component_open (ffplay.c:2533)
==5748== by 0x80C834E: read_thread (ffplay.c:2837)
==5748== by 0x4328EA4: ??? (in /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4)
==5748== by 0x437065A: ??? (in /usr/lib/i386-linux-gnu/libSDL-1.2.so.0.11.4)
==5748== by 0x480EED8: start_thread (pthread_create.c:312)
==5748== by 0x490E26D: clone (clone.S:129)
==5748==
|

Can I post your command line on the #ffmpeg-devel IRC channel, so
others can reproduce?

—
Reply to this email directly or view it on GitHub
#702 (comment).

yep for sure

[ghost]

Also, I believe this doesn't happen with ffmpeg git head.

[p-pioneer-q]

ok so I while try to build it later

[p-pioneer-q]

You right, no issue with "ffmpeg version 2.2.git" (git head) , thanks wm4

[ghost]

Tried it again with ffmpeg 2.2.1, and couldn't reproduce. So I assume this is not an issue anymore.