[x264-devel] [PATCH] Fix free of invalid pointer for tune tmp value.
Evan McClain
evan.mcclain at gatech.edu
Fri Jun 11 04:13:00 CEST 2010
The attached x264_tune_film.txt gdb backtrace recently started happening
on my OpenSUSE facotry workstation with --tune film. The rather trivial
attached patch fixes the issue for me.
It's probably related to some relatively recent glibc or gcc change
(bug?), but I don't follow the changes too closely.
--
Evan McClain
Aerospace Engineering
Graduate Student Senator .
evan.mcclain at gatech.edu ..:
-------------- next part --------------
GNU gdb (GDB) SUSE (7.1-3.6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/x264...done.
[Thread debugging using libthread_db enabled]
Program received signal SIGABRT, Aborted.
0x00007ffff763c9e5 in raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
in ../nptl/sysdeps/unix/sysv/linux/raise.c
#0 0x00007ffff763c9e5 in raise (sig=<value optimized out>)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = 0
pid = <value optimized out>
selftid = <value optimized out>
#1 0x00007ffff763dee6 in abort () at abort.c:92
save_stage = 2
act = {__sigaction_handler = {sa_handler = 0x7fffffffccb0,
sa_sigaction = 0x7fffffffccb0}, sa_mask = {__val = {
140737488342176, 140737488348125, 19, 140737344874254, 3,
140737488342186, 6, 140737344874258, 2, 140737488342174, 2,
140737344865454, 1, 140737344874254, 3, 140737488342180}},
sa_flags = 12, sa_restorer = 0x7ffff772a712}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007ffff7677c53 in __libc_message (do_abort=2,
fmt=0x7ffff772bfd8 "*** glibc detected *** %s: %s: 0x%s ***\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
ap = {{gp_offset = 40, fp_offset = 48,
overflow_arg_area = 0x7fffffffd620,
reg_save_area = 0x7fffffffd530}}
ap_copy = {{gp_offset = 16, fp_offset = 48,
overflow_arg_area = 0x7fffffffd620,
reg_save_area = 0x7fffffffd530}}
fd = 9
on_2 = <value optimized out>
list = <value optimized out>
nlist = <value optimized out>
cp = <value optimized out>
written = <value optimized out>
#3 0x00007ffff767d226 in malloc_printerr (action=3,
str=0x7ffff77291be "free(): invalid pointer", ptr=<value optimized out>)
at malloc.c:6267
buf = "00000000006a2010"
cp = <value optimized out>
#4 0x000000000040df9f in x264_free (p=<value optimized out>)
at common/common.c:1070
No locals.
#5 0x000000000040e7e7 in x264_param_apply_tune (param=0x7fffffffdbb0,
preset=<value optimized out>, tune=<value optimized out>)
at common/common.c:383
tmp = 0x6a2010 "film"
s = 0x0
psy_tuning_used = <value optimized out>
#6 x264_param_default_preset (param=0x7fffffffdbb0,
preset=<value optimized out>, tune=<value optimized out>)
at common/common.c:393
No locals.
#7 0x0000000000404691 in Parse (argc=8, argv=0x7fffffffdf88) at x264.c:945
input_filename = 0x0
output_filename = 0x0
muxer = 0x481189 "auto"
profile = 0x0
b_turbo = 0
b_user_ref = 0
tune = 0x7fffffffe409 "film"
input_opt = {index_file = 0x0, resolution = 0x0, timebase = 0x0,
seek = 0}
tcfile_name = 0x0
defaults = {cpu = 1914, i_threads = 0, b_sliced_threads = 0,
b_deterministic = 1, i_sync_lookahead = -1, i_width = 0,
i_height = 0, i_csp = 1, i_level_idc = -1, i_frame_total = 0,
i_nal_hrd = 0, vui = {i_sar_height = 0, i_sar_width = 0,
i_overscan = 0, i_vidformat = 5, b_fullrange = 0,
i_colorprim = 2, i_transfer = 2, i_colmatrix = 2,
i_chroma_loc = 0}, i_frame_reference = 3, i_keyint_max = 250,
i_keyint_min = 0, i_scenecut_threshold = 40, b_intra_refresh = 0,
i_bframe = 3, i_bframe_adaptive = 1, i_bframe_bias = 0,
i_bframe_pyramid = 2, b_deblocking_filter = 1,
i_deblocking_filter_alphac0 = 0, i_deblocking_filter_beta = 0,
b_cabac = 1, i_cabac_init_idc = 0, b_interlaced = 0,
b_constrained_intra = 0, i_cqm_preset = 0, psz_cqm_file = 0x0,
cqm_4iy = '\020' <repeats 16 times>,
cqm_4ic = '\020' <repeats 16 times>,
cqm_4py = '\020' <repeats 16 times>,
cqm_4pc = '\020' <repeats 16 times>,
cqm_8iy = '\020' <repeats 64 times>,
cqm_8py = '\020' <repeats 64 times>,
pf_log = 0x40b150 <x264_log_default>, p_log_private = 0x0,
i_log_level = 2, b_visualize = 0, psz_dump_yuv = 0x0, analyse = {
intra = 3, inter = 275, b_transform_8x8 = 1,
i_weighted_pred = 2, b_weighted_bipred = 1,
i_direct_mv_pred = 1, i_chroma_qp_offset = 0, i_me_method = 1,
i_me_range = 16, i_mv_range = -1, i_mv_range_thread = -1,
i_subpel_refine = 7, b_chroma_me = 1, b_mixed_references = 1,
i_trellis = 1, b_fast_pskip = 1, b_dct_decimate = 1,
i_noise_reduction = 0, f_psy_rd = 1, f_psy_trellis = 0,
b_psy = 1, i_luma_deadzone = {21, 11}, b_psnr = 0, b_ssim = 0},
rc = {i_rc_method = 1, i_qp_constant = 23, i_qp_min = 10,
i_qp_max = 51, i_qp_step = 4, i_bitrate = 0,
f_rf_constant = 23, f_rf_constant_max = 0,
f_rate_tolerance = 1, i_vbv_max_bitrate = 0,
i_vbv_buffer_size = 0, f_vbv_buffer_init = 0.899999976,
f_ip_factor = 1.39999998, f_pb_factor = 1.29999995,
i_aq_mode = 1, f_aq_strength = 1, b_mb_tree = 1,
i_lookahead = 40, b_stat_write = 0,
psz_stat_out = 0x487ddc "x264_2pass.log", b_stat_read = 0,
psz_stat_in = 0x487ddc "x264_2pass.log",
f_qcompress = 0.600000024, f_qblur = 0.5,
f_complexity_blur = 20, zones = 0x0, i_zones = 0,
psz_zones = 0x0}, b_aud = 0, b_repeat_headers = 1,
b_annexb = 1, i_sps_id = 0, b_vfr_input = 1, i_fps_num = 25,
i_fps_den = 1, i_timebase_num = 0, i_timebase_den = 0,
b_dts_compress = 0, b_tff = 1, b_pic_struct = 0,
b_fake_interlaced = 0, i_slice_max_size = 0, i_slice_max_mbs = 0,
i_slice_count = 0, param_free = 0}
b_thread_input = 0
b_user_fps = 0
info = {csp = 5, fps_num = 0, fps_den = 4294958360, height = 32767,
interlaced = -134432696, sar_width = 32767,
sar_height = 4150323976, tff = 32767, timebase_num = 4294958224,
timebase_den = 32767, vfr = -136418630, width = 32767}
demuxername = "\005\000\000\000"
demuxer = 0x481189 "auto"
b_user_interlaced = 0
preset = 0x7fffffffe3fa "placebo"
#8 main (argc=8, argv=0x7fffffffdf88) at x264.c:164
param = {cpu = 1914, i_threads = 0, b_sliced_threads = 0,
b_deterministic = 1, i_sync_lookahead = -1, i_width = 0,
i_height = 0, i_csp = 1, i_level_idc = -1, i_frame_total = 0,
i_nal_hrd = 0, vui = {i_sar_height = 0, i_sar_width = 0,
i_overscan = 0, i_vidformat = 5, b_fullrange = 0,
i_colorprim = 2, i_transfer = 2, i_colmatrix = 2,
i_chroma_loc = 0}, i_frame_reference = 16, i_keyint_max = 250,
i_keyint_min = 0, i_scenecut_threshold = 40, b_intra_refresh = 0,
i_bframe = 16, i_bframe_adaptive = 2, i_bframe_bias = 0,
i_bframe_pyramid = 2, b_deblocking_filter = 1,
i_deblocking_filter_alphac0 = -1, i_deblocking_filter_beta = -1,
b_cabac = 1, i_cabac_init_idc = 0, b_interlaced = 0,
b_constrained_intra = 0, i_cqm_preset = 0, psz_cqm_file = 0x0,
cqm_4iy = '\020' <repeats 16 times>,
cqm_4ic = '\020' <repeats 16 times>,
cqm_4py = '\020' <repeats 16 times>,
cqm_4pc = '\020' <repeats 16 times>,
cqm_8iy = '\020' <repeats 64 times>,
cqm_8py = '\020' <repeats 64 times>,
pf_log = 0x40b150 <x264_log_default>, p_log_private = 0x0,
i_log_level = 2, b_visualize = 0, psz_dump_yuv = 0x0, analyse = {
intra = 3, inter = 307, b_transform_8x8 = 1,
i_weighted_pred = 2, b_weighted_bipred = 1,
i_direct_mv_pred = 3, i_chroma_qp_offset = 0, i_me_method = 4,
i_me_range = 24, i_mv_range = -1, i_mv_range_thread = -1,
i_subpel_refine = 10, b_chroma_me = 1, b_mixed_references = 1,
i_trellis = 2, b_fast_pskip = 0, b_dct_decimate = 1,
i_noise_reduction = 0, f_psy_rd = 1,
f_psy_trellis = 0.150000006, b_psy = 1, i_luma_deadzone = {21,
11}, b_psnr = 0, b_ssim = 0}, rc = {i_rc_method = 1,
i_qp_constant = 23, i_qp_min = 10, i_qp_max = 51,
i_qp_step = 4, i_bitrate = 0, f_rf_constant = 23,
f_rf_constant_max = 0, f_rate_tolerance = 1,
i_vbv_max_bitrate = 0, i_vbv_buffer_size = 0,
f_vbv_buffer_init = 0.899999976, f_ip_factor = 1.39999998,
f_pb_factor = 1.29999995, i_aq_mode = 1, f_aq_strength = 1,
b_mb_tree = 1, i_lookahead = 60, b_stat_write = 0,
psz_stat_out = 0x487ddc "x264_2pass.log", b_stat_read = 0,
psz_stat_in = 0x487ddc "x264_2pass.log",
f_qcompress = 0.600000024, f_qblur = 0.5,
f_complexity_blur = 20, zones = 0x0, i_zones = 0,
psz_zones = 0x0}, b_aud = 0, b_repeat_headers = 1,
b_annexb = 1, i_sps_id = 0, b_vfr_input = 1, i_fps_num = 25,
i_fps_den = 1, i_timebase_num = 0, i_timebase_den = 0,
b_dts_compress = 0, b_tff = 1, b_pic_struct = 0,
b_fake_interlaced = 0, i_slice_max_size = 0, i_slice_max_mbs = 0,
i_slice_count = 0, param_free = 0}
opt = {b_progress = 1, i_seek = 0, hin = 0x0, hout = 0x0,
qpfile = 0x0, tcfile_out = 0x0, timebase_convert_multiplier = 0,
i_pulldown = 0}
ret = 0
rax 0x0 0
rbx 0x0 0
rcx 0xffffffffffffffff -1
rdx 0x6 6
rsi 0x300b 12299
rdi 0x300b 12299
rbp 0x7fffffffd610 0x7fffffffd610
rsp 0x7fffffffcbc8 0x7fffffffcbc8
r8 0x7ffff7722880 140737344841856
r9 0x48a2e0 4760288
r10 0x8 8
r11 0x202 514
r12 0xb 11
r13 0x7fffffffcef0 140737488342768
r14 0x5c 92
r15 0x7 7
rip 0x7ffff763c9e5 0x7ffff763c9e5 <raise+53>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0}, v8_int16 = {0xff, 0x0, 0x0, 0x0, 0xff00, 0x0, 0x0,
0x0}, v4_int32 = {0xff, 0x0, 0xff00, 0x0}, v2_int64 = {0xff, 0xff00},
uint128 = 0x000000000000ff0000000000000000ff}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x0}, v16_int8 = {0xff <repeats 13 times>, 0x0,
0x0, 0x0}, v8_int16 = {0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
0xff, 0x0}, v4_int32 = {0xffffffff, 0xffffffff, 0xffffffff, 0xff},
v2_int64 = {0xffffffffffffffff, 0xffffffffff},
uint128 = 0x000000ffffffffffffffffffffffffff}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {
0x8000000000000000, 0x0}, v16_int8 = {0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int16 = {
0xffff, 0xffff, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {
0xffffffff, 0xffffffff, 0x0, 0x0}, v2_int64 = {0xffffffffffffffff,
0x0}, uint128 = 0x0000000000000000ffffffffffffffff}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm8 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm9 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm10 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm11 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm12 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm13 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm14 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm15 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
A debugging session is active.
Inferior 1 [process 12299] will be killed.
Quit anyway? (y or n) [answered Y; input not from terminal]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-free-of-invalid-pointer-for-tune-tmp-value.patch
Type: text/x-patch
Size: 834 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/x264-devel/attachments/20100610/32fee9dc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 271 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/x264-devel/attachments/20100610/32fee9dc/attachment.pgp>
More information about the x264-devel
mailing list