Opened 17 years ago
Closed 16 years ago
#3074 closed defect (fixed)
AvFormatDecoder and avformat double free crashes
Reported by: | jwestfall | Owned by: | Janne Grunau |
---|---|---|---|
Priority: | minor | Milestone: | 0.21 |
Component: | mythtv | Version: | head |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
Been getting this crash quite often. During tear down of AvFormatDecoder? there appears to be a double free of ic->pb.buffer;
AvFormatDecoder::CloseContext?() does a av_free(ic->pb.buffer) then calls av_close_input_file(ic), which will end up freeing pb.buffer again in url_fclose(&s->pb). The latter av_free will only trigger under the following condition
void av_close_input_file(AVFormatContext *s) { ... must_open_file = 1; if (s->iformat->flags & AVFMT_NOFILE) { must_open_file = 0; } if (must_open_file) { url_fclose(&s->pb); }
Attachments (1)
Change History (5)
comment:1 Changed 17 years ago by
Milestone: | unknown → 0.21 |
---|---|
Owner: | changed from Isaac Richards to Janne Grunau |
comment:2 Changed 17 years ago by
comment:3 Changed 17 years ago by
Janne, av_free has had a NULL pointer check for a very long time for those few libc's that aren't NULL pointer safe, and to support the memalign hack, which requires the NULL pointer check. (i.e. this wasn't any different then the bug report was made, the backtrace may be bad if compile time optimizations were enabled --release-type=profile, or if something is overwriting memory.)
comment:4 Changed 16 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Jim has confirmed to me that this is no longer a problem.
#5 0xb5fb534a in free () from /lib/tls/i686/cmov/libc.so.6 #6 0xb75379d8 in av_free (ptr=0x0) at mem.c:136
free should be NULL-pointer safe. current av_free has a null pointer check