Package: vlc Version: 3.0.17.4-0+deb11u1 Severity: normal I discovered this bug when I tried to take the screenshot of "I Died in a Car Crash" contemporary dance video by Ana Zimhart ([1]), which have been downloaded to my computer. The video resolution was 540x360.
When the video was played at position 1:53 (when Ana did arc penché trick at 90 degrees leg position), I took a snapshot. Instead of vlcsnap-* image on ~/Pictures be generated, VLC exited with invalid pointer error on free(). The tail from "vlc -vvv" was: ``` [0000555556b17d80] main filter debug: Filter 'VAAPI filters' (0x555556b184f0) appended to chain [0000555556b1c9d0] main filter debug: looking for video converter module matching "any": 23 candidates [0000555556b1c9d0] swscale filter debug: 540x360 (544x368) chroma: I420 -> 540x360 (544x368) chroma: RV24 with scaling using Bicubic (good quality) [0000555556b1c9d0] main filter debug: using video converter module "swscale" [0000555556b17d80] main filter debug: Filter 'Swscale' (0x555556b1c9d0) appended to chain [0000555556b17d80] main filter debug: using video converter module "chain" [0000555556b16560] main filter debug: Filter 'chain' (0x555556b17d80) appended to chain [0000555556b2f2f0] main filter debug: looking for video converter module matching "any": 23 candidates [swscaler @ 0x555556b31e40] Forcing full internal H chroma due to input having non subsampled chroma [0000555556b2f2f0] swscale filter debug: 540x360 (544x368) chroma: RV24 -> 540x360 (540x360) chroma: RV24 with scaling using Bicubic (good quality) [0000555556b2f2f0] main filter debug: using video converter module "swscale" [0000555556b16560] main filter debug: Filter 'Swscale' (0x555556b2f2f0) appended to chain [0000555556b16560] main filter debug: using video converter module "chain" [0000555556b0ee00] main encoder debug: removing module "png" [0000555556b16560] main filter debug: removing module "chain" [0000555556b17d80] main filter debug: removing module "chain" [0000555556b184f0] main filter debug: removing module "vaapi_filters" free(): invalid pointer ``` The log above was from gdb session. When vlc was invoked outside gdb with the reproducer above, I got double free or corruption (!prev) error. The tail log for that case was: ``` [00007efe3044dcb0] main filter debug: Filter 'VAAPI filters' (0x7efe300d5d30) appended to chain [00007efe300d0f70] main filter debug: looking for video converter module matching "any": 23 candidates [00007efe300d0f70] swscale filter debug: 540x360 (544x368) chroma: I420 -> 540x360 (544x368) chroma: RV24 with scaling using Bicubic (good quality) [00007efe300d0f70] main filter debug: using video converter module "swscale" [00007efe3044dcb0] main filter debug: Filter 'Swscale' (0x7efe300d0f70) appended to chain [00007efe3044dcb0] main filter debug: using video converter module "chain" [00007efe306b3d00] main filter debug: Filter 'chain' (0x7efe3044dcb0) appended to chain [00007efe300d0700] main filter debug: looking for video converter module matching "any": 23 candidates [swscaler @ 0x7efe309eac80] Forcing full internal H chroma due to input having non subsampled chroma [00007efe300d0700] swscale filter debug: 540x360 (544x368) chroma: RV24 -> 540x360 (540x360) chroma: RV24 with scaling using Bicubic (good quality) [00007efe300d0700] main filter debug: using video converter module "swscale" [00007efe306b3d00] main filter debug: Filter 'Swscale' (0x7efe300d0700) appended to chain [00007efe306b3d00] main filter debug: using video converter module "chain" [00007efe30188880] main encoder debug: removing module "png" [00007efe306b3d00] main filter debug: removing module "chain" [00007efe3044dcb0] main filter debug: removing module "chain" [00007efe300d5d30] main filter debug: removing module "vaapi_filters" double free or corruption (!prev) ``` The bug didn't occur on 640x360 and 1280x720 videos. The similar bug have been reported on Ubuntu ([2]) with older VLC version. [1]: https://www.youtube.com/watch?v=eoocJ3euHy8 [2]: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1894968 -- System Information: Debian Release: 11.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.19.12-local (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages vlc depends on: ii vlc-bin 3.0.17.4-0+deb11u1 ii vlc-plugin-base 3.0.17.4-0+deb11u1 ii vlc-plugin-qt 3.0.17.4-0+deb11u1 ii vlc-plugin-video-output 3.0.17.4-0+deb11u1 Versions of packages vlc recommends: ii vlc-l10n 3.0.17.4-0+deb11u1 ii vlc-plugin-access-extra 3.0.17.4-0+deb11u1 ii vlc-plugin-notify 3.0.17.4-0+deb11u1 ii vlc-plugin-samba 3.0.17.4-0+deb11u1 ii vlc-plugin-skins2 3.0.17.4-0+deb11u1 ii vlc-plugin-video-splitter 3.0.17.4-0+deb11u1 ii vlc-plugin-visualization 3.0.17.4-0+deb11u1 Versions of packages vlc suggests: pn vlc-plugin-fluidsynth <none> pn vlc-plugin-jack <none> pn vlc-plugin-svg <none> Versions of packages libvlc-bin depends on: ii libc6 2.31-13+deb11u4 ii libvlc5 3.0.17.4-0+deb11u1 Versions of packages libvlc5 depends on: ii libc6 2.31-13+deb11u4 ii libvlccore9 3.0.17.4-0+deb11u1 Versions of packages libvlc5 recommends: ii libvlc-bin 3.0.17.4-0+deb11u1 Versions of packages vlc-bin depends on: ii libc6 2.31-13+deb11u4 ii libvlc-bin 3.0.17.4-0+deb11u1 ii libvlc5 3.0.17.4-0+deb11u1 Versions of packages vlc-plugin-access-extra depends on: ii libc6 2.31-13+deb11u4 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 ii libvncclient1 0.9.13+dfsg-2 ii libxcb-composite0 1.14-3 ii libxcb-shm0 1.14-3 ii libxcb1 1.14-3 Versions of packages vlc-plugin-base depends on: ii liba52-0.7.4 0.7.4-20 ii libarchive13 3.4.3-2+deb11u1 ii libaribb24-0 1.0.3-2 ii libasound2 1.2.4-1.1 ii libass9 1:0.15.0-2 ii libavahi-client3 0.8-5+deb11u1 ii libavahi-common3 0.8-5+deb11u1 ii libavc1394-0 0.5.4-5 ii libavcodec58 7:4.3.4-0+deb11u1 ii libavformat58 7:4.3.4-0+deb11u1 ii libavutil56 7:4.3.4-0+deb11u1 ii libbluray2 1:1.2.1-4+deb11u1 ii libc6 2.31-13+deb11u4 ii libcairo2 1.16.0-5 ii libcddb2 1.3.2-6+b1 ii libchromaprint1 1.5.0-2 ii libdav1d4 0.7.1-3 ii libdbus-1-3 1.12.20-2 ii libdc1394-25 2.2.6-3 ii libdca0 0.0.7-2 ii libdvbpsi10 1.3.3-1 ii libdvdnav4 6.1.0-1+b1 ii libdvdread8 6.1.1-2 ii libebml5 1.4.2-1 ii libfaad2 2.10.0-1 ii libflac8 1.3.3-2+deb11u1 ii libfontconfig1 2.13.1-4.2 ii libfreetype6 2.10.4+dfsg-1+deb11u1 ii libfribidi0 1.0.8-2+deb11u1 ii libgcc-s1 10.2.1-6 ii libgcrypt20 1.8.7-6 ii libglib2.0-0 2.66.8-1 ii libgnutls30 3.7.1-5+deb11u2 ii libgpg-error0 1.38-2 ii libharfbuzz0b 2.7.4-1 ii libixml10 1:1.8.4-2 ii libjpeg62-turbo 1:2.0.6-4 ii libkate1 0.4.1-11 ii liblirc-client0 0.10.1-6.3 ii liblua5.2-0 5.2.4-1.1+b3 ii libmad0 0.15.1b-10 ii libmatroska7 1.6.2-1 ii libmpcdec6 2:0.1~r495-2 ii libmpeg2-4 0.5.1-9 ii libmpg123-0 1.26.4-1 ii libmtp9 1.1.17-3 ii libncursesw6 6.2+20201114-2 ii libnfs13 4.0.0-1 ii libogg0 1.3.4-0.1 ii libopenmpt-modplug1 0.4.11-1 ii libopus0 1.3.1-0.1 ii libpng16-16 1.6.37-3 ii libpostproc55 7:4.3.4-0+deb11u1 ii libprotobuf-lite23 3.12.4-1 ii libpulse0 14.2-2 ii libraw1394-11 2.1.2-2 ii libresid-builder0c2a 2.1.1-15+b1 ii librsvg2-2 2.50.3+dfsg-1 ii libsamplerate0 0.2.1+ds0-1 ii libsdl-image1.2 1.2.12-12 ii libsdl1.2debian 1.2.15+dfsg2-6 ii libsecret-1-0 0.20.4-2 ii libshine3 3.1.1-2 ii libshout3 2.4.5-1+b1 ii libsidplay2 2.1.1-15+b1 ii libsndio7.0 1.5.0-3 ii libsoxr0 0.1.3-4 ii libspatialaudio0 0.3.0+git20180730+dfsg1-2+b1 ii libspeex1 1.2~rc1.2-1.1 ii libspeexdsp1 1.2~rc1.2-1.1 ii libssh2-1 1.9.0-2 ii libstdc++6 10.2.1-6 ii libswscale5 7:4.3.4-0+deb11u1 ii libsystemd0 247.3-7+deb11u1 ii libtag1v5 1.11.1+dfsg.1-3 ii libtheora0 1.1.1+dfsg.1-15 ii libtinfo6 6.2+20201114-2 ii libtwolame0 0.4.0-2 ii libudev1 247.3-7+deb11u1 ii libupnp13 1:1.8.4-2 ii libva-drm2 2.10.0-1 ii libva2 2.10.0-1 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 ii libvorbis0a 1.3.7-1 ii libvorbisenc2 1.3.7-1 ii libx264-160 2:0.160.3011+gitcde9a93-2.1 ii libx265-192 3.4-2 ii libxcb-keysyms1 0.4.0-1+b2 ii libxcb1 1.14-3 ii libxml2 2.9.10+dfsg-6.7+deb11u2 ii libzvbi0 0.2.35-18 ii vlc-data 3.0.17.4-0+deb11u1 ii zlib1g 1:1.2.11.dfsg-2+deb11u2 Versions of packages vlc-plugin-base recommends: ii xdg-utils 1.1.3-4.1 Versions of packages vlc-plugin-base suggests: pn libdvdcss2 <none> Versions of packages vlc-plugin-notify depends on: ii libc6 2.31-13+deb11u4 ii libgdk-pixbuf-2.0-0 2.42.2+dfsg-1+deb11u1 ii libglib2.0-0 2.66.8-1 ii libgtk-3-0 3.24.24-4+deb11u2 ii libnotify4 0.7.9-3 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 Versions of packages vlc-plugin-qt depends on: ii libc6 2.31-13+deb11u4 ii libgcc-s1 10.2.1-6 ii libqt5core5a 5.15.2+dfsg-9 ii libqt5gui5 5.15.2+dfsg-9 ii libqt5svg5 5.15.2-3 ii libqt5widgets5 5.15.2+dfsg-9 ii libqt5x11extras5 5.15.2-2 ii libstdc++6 10.2.1-6 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 ii libwayland-client0 1.18.0-2~exp1.1 ii libx11-6 2:1.7.2-1 Versions of packages vlc-plugin-qt recommends: ii vlc-bin 3.0.17.4-0+deb11u1 Versions of packages vlc-plugin-skins2 depends on: ii fonts-freefont-ttf 20120503-10 ii libc6 2.31-13+deb11u4 ii libfreetype6 2.10.4+dfsg-1+deb11u1 ii libfribidi0 1.0.8-2+deb11u1 ii libgcc-s1 10.2.1-6 ii libstdc++6 10.2.1-6 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 ii libx11-6 2:1.7.2-1 ii libxext6 2:1.3.3-1.1 ii libxinerama1 2:1.1.4-2 ii libxpm4 1:3.5.12-1 ii vlc-plugin-qt 3.0.17.4-0+deb11u1 Versions of packages vlc-plugin-skins2 recommends: ii vlc-bin 3.0.17.4-0+deb11u1 Versions of packages vlc-plugin-video-output depends on: ii libaa1 1.4p5-48 ii libavcodec58 7:4.3.4-0+deb11u1 ii libavutil56 7:4.3.4-0+deb11u1 ii libc6 2.31-13+deb11u4 ii libcaca0 0.99.beta19-2.2 ii libegl1 1.3.2-1 ii libgl1 1.3.2-1 ii libgles2 1.3.2-1 ii libplacebo72 2.72.2-1 ii libva-drm2 2.10.0-1 ii libva-wayland2 2.10.0-1 ii libva-x11-2 2.10.0-1 ii libva2 2.10.0-1 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 ii libwayland-client0 1.18.0-2~exp1.1 ii libwayland-egl1 1.18.0-2~exp1.1 ii libx11-6 2:1.7.2-1 ii libxcb-keysyms1 0.4.0-1+b2 ii libxcb-shm0 1.14-3 ii libxcb-xv0 1.14-3 ii libxcb1 1.14-3 Versions of packages vlc-plugin-video-splitter depends on: ii libc6 2.31-13+deb11u4 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 ii libxcb-randr0 1.14-3 ii libxcb1 1.14-3 Versions of packages vlc-plugin-visualization depends on: ii libc6 2.31-13+deb11u4 ii libgl1 1.3.2-1 ii libvlccore9 [vlc-plugin-abi-3-0-0f] 3.0.17.4-0+deb11u1 -- no debconf information
