Control: forwarded -1 https://github.com/xbmc/xbmc/pull/10846 Control: tags -1 upstream
Hi Andreas, On Fri, 14 Oct 2016 01:27:47 +0200 Andreas Cadhalpun <andreas.cadhal...@googlemail.com> wrote: ... > > Hi, > > The relevant backtrace from the kodi_crashlog is: > > Thread 1 (Thread 0x7f1b6bffe700 (LWP 16893)): > #0 0x00007f1ba92991c8 in __GI_raise (sig=sig@entry=6) at > ../sysdeps/unix/sysv/linux/raise.c:54 > #1 0x00007f1ba929a64a in __GI_abort () at abort.c:89 > #2 0x00007f1ba92d4f4a in __libc_message (do_abort=do_abort@entry=2, > fmt=fmt@entry=0x7f1ba93cdb30 "*** Error in `%s': %s: 0x%s ***\n") at > ../sysdeps/posix/libc_fatal.c:175 > #3 0x00007f1ba92da6b6 in malloc_printerr (action=3, str=0x7f1ba93ca909 > "free(): invalid pointer", ptr=<optimized out>, ar_ptr=<optimized out>) at > malloc.c:5004 > #4 0x00007f1ba92dae9e in _int_free (av=0x7f1ba9601b20 <main_arena>, > p=<optimized out>, have_lock=0) at malloc.c:3865 > #5 0x00007f1baa6d4a9d in av_buffer_unref () from > /usr/lib/x86_64-linux-gnu/libavutil.so.55 > #6 0x00007f1baa6e15d2 in av_frame_unref () from > /usr/lib/x86_64-linux-gnu/libavutil.so.55 > #7 0x00007f1bab93cf10 in avcodec_decode_video2 () from > /usr/lib/x86_64-linux-gnu/libavcodec.so.57 > #8 0x000000000090b26c in CDVDDemuxFFmpeg::ParsePacket(AVPacket*) () > #9 0x000000000090d0c2 in CDVDDemuxFFmpeg::Read() () > #10 0x0000000001079b53 in CDVDPlayer::ReadPacket(DemuxPacket*&, > CDemuxStream*&) () > #11 0x000000000107ecd7 in CDVDPlayer::Process() () > #12 0x00000000012103ff in CThread::Action() () > #13 0x00000000012106bf in CThread::staticThread(void*) () > #14 0x00007f1bb23e5464 in start_thread (arg=0x7f1b6bffe700) at > pthread_create.c:333 > #15 0x00007f1ba934d30d in clone () at > ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 > > Looking at the ParsePacket function reveals [1]: > AVFrame picture; > memset(&picture, 0, sizeof(AVFrame)); > picture.pts = picture.pkt_dts = picture.pkt_pts = > picture.best_effort_timestamp = AV_NOPTS_VALUE; > picture.pkt_pos = -1; > picture.key_frame = 1; > picture.format = -1; > > This is using non-public ABI, e.g. the size of AVFrame, while the > documentation > explicitly says "sizeof(AVFrame) is not a part of the public ABI" [2]. > What's worse is that it doesn't use av_frame_alloc as required [3]: > "AVFrame must be allocated using av_frame_alloc()." > > The whole block quoted above should be replaced with: > AVFrame *picture = av_frame_alloc(). > > Then the following code should use picture instead of &picture: > avcodec_decode_video2(st->codec, picture, &got_picture, pkt); > > And at the end it can be freed (instead of using av_frame_unref) with: > av_frame_free(&picture); > > In the experimental kodi branch there is another occurrence of this bug > in xbmc/cores/VideoPlayer/VideoRenderers/HwDecRender/MMALRenderer.cpp. Thank you for the triaging and extensive description of the problem. I have now forwarded the patch to upstream under your name since I did not really add anything to the patch. > > Best regards, > Andreas > > > 1: > https://anonscm.debian.org/cgit/pkg-multimedia/kodi.git/tree/xbmc/cores/dvdplayer/DVDDemuxers/DVDDemuxFFmpeg.cpp?id=8d5cf423001aa4e7f850c20b158b2811e637e607#n1665 > 2: > https://anonscm.debian.org/cgit/pkg-multimedia/ffmpeg.git/tree/libavutil/frame.h?id=87b93f4e3ee2b6253ab9f5a166860a1ff18877d5#n174 > 3: > https://anonscm.debian.org/cgit/pkg-multimedia/ffmpeg.git/tree/libavutil/frame.h?id=87b93f4e3ee2b6253ab9f5a166860a1ff18877d5#n154 > >
