[mythtv] [mythtv-commits] Ticket #3074: AvFormatDecoder and avformat double free crashes

Jim Westfall jwestfall at surrealistic.net
Sat Jul 14 15:03:45 UTC 2007


MythTV <mythtv at cvs.mythtv.org> wrote [07.14.07]:
> #3074: AvFormatDecoder and avformat double free crashes
> -----------------------+----------------------------------------------------
>  Reporter:  jwestfall  |        Owner:  janne
>      Type:  defect     |       Status:  new  
>  Priority:  minor      |    Milestone:  0.21 
> Component:  mythtv     |      Version:  head 
>  Severity:  medium     |   Resolution:       
>   Mlocked:  0          |  
> -----------------------+----------------------------------------------------
> 
> Comment(by danielk):
> 
>  Janne, av_free has had a NULL pointer check for a very long time for those
>  few libc's that aren't NULL pointer safe, and to support the memalign
>  hack, which requires the NULL pointer check. (i.e. this wasn't any
>  different then the bug report was made, the backtrace may be bad if
>  compile time optimizations were enabled --release-type=profile, or if
>  something is overwriting memory.)
> 

I use --compile-type=debug, I would guess some memory corruption caused 
ptr to become NULL during the crash.

My local patch to fix this is to replace the av_free 
in AvFormatDecoder::CloseContext() with av_freep.  This forces  
ic->pb.buffer to NULL after its been free'd.  Any additional attempts to 
av_free it will hit the NULL check.

jim


More information about the mythtv-dev mailing list