* [FFmpeg-devel] Re: [FFmpeg-cvslog] [ffmpeg] branch master updated. fd1fd5850d fftools/ffmpeg_sched: unchoke upstream nodes on recv-closed filter inputs
[not found] <20250930112036.4AD8768EDAD@ffbox0-bg.ffmpeg.org>
@ 2026-01-30 15:45 ` Michael Niedermayer via ffmpeg-devel
2026-01-30 16:02 ` Michael Niedermayer via ffmpeg-devel
0 siblings, 1 reply; 5+ messages in thread
From: Michael Niedermayer via ffmpeg-devel @ 2026-01-30 15:45 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Niklas Haas, Michael Niedermayer
[-- Attachment #1.1: Type: text/plain, Size: 4403 bytes --]
Hi
56d9ca69d7f229dccee6ad47c67a37f558196fb7 introduces a "use after free"
with a srt file as input like this:
1
00:00:00,000 --> 00:00:01,000
Test
valgrind ./ffmpeg_g -i test.srt -f hls t.m3u8
you get this in about 50% of the runs
I noticed this issue when debuging the format string issue submited by Sarthak Munshi
==3961210== Thread 2:
==3961210== Invalid read of size 1
==3961210== at 0x4853DF0: __memcpy_chk (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3961210== by 0x324297: enc_open (in ffmpeg/ffmpeg_g)
==3961210== by 0x325F59: encoder_thread (in ffmpeg/ffmpeg_g)
==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
==3961210== by 0x7498A63: clone (clone.S:100)
==3961210== Address 0xca93ac4 is 580 bytes inside a block of size 582 free'd
==3961210== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3961210== by 0x29824A: ff_codec_close (in ffmpeg/ffmpeg_g)
==3961210== by 0xD101FC: avcodec_free_context (in ffmpeg/ffmpeg_g)
==3961210== by 0x31C768: decoder_thread (in ffmpeg/ffmpeg_g)
==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
==3961210== by 0x7498A63: clone (clone.S:100)
==3961210== Block was alloc'd at
==3961210== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3961210== by 0x1871164: av_malloc (in ffmpeg/ffmpeg_g)
==3961210== by 0x184E70A: av_asprintf (in ffmpeg/ffmpeg_g)
==3961210== by 0x1301482: ff_ass_subtitle_header_full (in ffmpeg/ffmpeg_g)
==3961210== by 0x13014FA: ff_ass_subtitle_header (in ffmpeg/ffmpeg_g)
==3961210== by 0x130152B: ff_ass_subtitle_header_default (in ffmpeg/ffmpeg_g)
==3961210== by 0x9464B6: avcodec_open2 (in ffmpeg/ffmpeg_g)
==3961210== by 0x31B996: dec_open (in ffmpeg/ffmpeg_g)
==3961210== by 0x31E23F: dec_init (in ffmpeg/ffmpeg_g)
==3961210== by 0x3212D5: ist_use (in ffmpeg/ffmpeg_g)
==3961210== by 0x331FAC: ost_add (in ffmpeg/ffmpeg_g)
==3961210== by 0x333E40: map_auto_subtitle (in ffmpeg/ffmpeg_g)
==3961210==
==3961210== Invalid read of size 1
==3961210== at 0x4853DFD: __memcpy_chk (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3961210== by 0x324297: enc_open (in ffmpeg/ffmpeg_g)
==3961210== by 0x325F59: encoder_thread (in ffmpeg/ffmpeg_g)
==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
==3961210== by 0x7498A63: clone (clone.S:100)
==3961210== Address 0xca93ac2 is 578 bytes inside a block of size 582 free'd
==3961210== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3961210== by 0x29824A: ff_codec_close (in ffmpeg/ffmpeg_g)
==3961210== by 0xD101FC: avcodec_free_context (in ffmpeg/ffmpeg_g)
==3961210== by 0x31C768: decoder_thread (in ffmpeg/ffmpeg_g)
==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
==3961210== by 0x7498A63: clone (clone.S:100)
==3961210== Block was alloc'd at
==3961210== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3961210== by 0x1871164: av_malloc (in ffmpeg/ffmpeg_g)
==3961210== by 0x184E70A: av_asprintf (in ffmpeg/ffmpeg_g)
==3961210== by 0x1301482: ff_ass_subtitle_header_full (in ffmpeg/ffmpeg_g)
==3961210== by 0x13014FA: ff_ass_subtitle_header (in ffmpeg/ffmpeg_g)
==3961210== by 0x130152B: ff_ass_subtitle_header_default (in ffmpeg/ffmpeg_g)
==3961210== by 0x9464B6: avcodec_open2 (in ffmpeg/ffmpeg_g)
==3961210== by 0x31B996: dec_open (in ffmpeg/ffmpeg_g)
==3961210== by 0x31E23F: dec_init (in ffmpeg/ffmpeg_g)
==3961210== by 0x3212D5: ist_use (in ffmpeg/ffmpeg_g)
==3961210== by 0x331FAC: ost_add (in ffmpeg/ffmpeg_g)
==3961210== by 0x333E40: map_auto_subtitle (in ffmpeg/ffmpeg_g)
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If you fake or manipulate statistics in a paper in physics you will never
get a job again.
If you fake or manipulate statistics in a paper in medicin you will get
a job for life at the pharma industry.
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 163 bytes --]
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 5+ messages in thread
* [FFmpeg-devel] Re: [FFmpeg-cvslog] [ffmpeg] branch master updated. fd1fd5850d fftools/ffmpeg_sched: unchoke upstream nodes on recv-closed filter inputs
2026-01-30 15:45 ` [FFmpeg-devel] Re: [FFmpeg-cvslog] [ffmpeg] branch master updated. fd1fd5850d fftools/ffmpeg_sched: unchoke upstream nodes on recv-closed filter inputs Michael Niedermayer via ffmpeg-devel
@ 2026-01-30 16:02 ` Michael Niedermayer via ffmpeg-devel
2026-01-30 16:05 ` James Almer via ffmpeg-devel
0 siblings, 1 reply; 5+ messages in thread
From: Michael Niedermayer via ffmpeg-devel @ 2026-01-30 16:02 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Michael Niedermayer
[-- Attachment #1.1: Type: text/plain, Size: 18036 bytes --]
On Fri, Jan 30, 2026 at 04:45:16PM +0100, Michael Niedermayer via ffmpeg-devel wrote:
> Hi
>
> 56d9ca69d7f229dccee6ad47c67a37f558196fb7 introduces a "use after free"
>
> with a srt file as input like this:
> 1
> 00:00:00,000 --> 00:00:01,000
> Test
>
> valgrind ./ffmpeg_g -i test.srt -f hls t.m3u8
>
> you get this in about 50% of the runs
>
> I noticed this issue when debuging the format string issue submited by Sarthak Munshi
>
> ==3961210== Thread 2:
> ==3961210== Invalid read of size 1
> ==3961210== at 0x4853DF0: __memcpy_chk (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==3961210== by 0x324297: enc_open (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x325F59: encoder_thread (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
> ==3961210== by 0x7498A63: clone (clone.S:100)
> ==3961210== Address 0xca93ac4 is 580 bytes inside a block of size 582 free'd
> ==3961210== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==3961210== by 0x29824A: ff_codec_close (in ffmpeg/ffmpeg_g)
> ==3961210== by 0xD101FC: avcodec_free_context (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x31C768: decoder_thread (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
> ==3961210== by 0x7498A63: clone (clone.S:100)
> ==3961210== Block was alloc'd at
> ==3961210== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==3961210== by 0x1871164: av_malloc (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x184E70A: av_asprintf (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x1301482: ff_ass_subtitle_header_full (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x13014FA: ff_ass_subtitle_header (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x130152B: ff_ass_subtitle_header_default (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x9464B6: avcodec_open2 (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x31B996: dec_open (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x31E23F: dec_init (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x3212D5: ist_use (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x331FAC: ost_add (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x333E40: map_auto_subtitle (in ffmpeg/ffmpeg_g)
> ==3961210==
> ==3961210== Invalid read of size 1
> ==3961210== at 0x4853DFD: __memcpy_chk (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==3961210== by 0x324297: enc_open (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x325F59: encoder_thread (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
> ==3961210== by 0x7498A63: clone (clone.S:100)
> ==3961210== Address 0xca93ac2 is 578 bytes inside a block of size 582 free'd
> ==3961210== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==3961210== by 0x29824A: ff_codec_close (in ffmpeg/ffmpeg_g)
> ==3961210== by 0xD101FC: avcodec_free_context (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x31C768: decoder_thread (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x33E9AF: task_wrapper (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x740BAA3: start_thread (pthread_create.c:447)
> ==3961210== by 0x7498A63: clone (clone.S:100)
> ==3961210== Block was alloc'd at
> ==3961210== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==3961210== by 0x1871164: av_malloc (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x184E70A: av_asprintf (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x1301482: ff_ass_subtitle_header_full (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x13014FA: ff_ass_subtitle_header (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x130152B: ff_ass_subtitle_header_default (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x9464B6: avcodec_open2 (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x31B996: dec_open (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x31E23F: dec_init (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x3212D5: ist_use (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x331FAC: ost_add (in ffmpeg/ffmpeg_g)
> ==3961210== by 0x333E40: map_auto_subtitle (in ffmpeg/ffmpeg_g)
and with line numbers:
this is based on 56d9ca69d7f229dccee6ad47c67a37f558196fb7
==3985450== Thread 2:
==3985450== Invalid read of size 8
==3985450== at 0x4852DFD: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x260231: enc_open (ffmpeg_enc.c:327)
==3985450== by 0x2626E5: encoder_thread (ffmpeg_enc.c:887)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Address 0x9cae800 is 0 bytes inside a block of size 582 free'd
==3985450== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E65A2: av_free (mem.c:243)
==3985450== by 0x14E65EE: av_freep (mem.c:253)
==3985450== by 0x8FA4D7: ff_codec_close (avcodec.c:493)
==3985450== by 0xC92E95: avcodec_free_context (options.c:171)
==3985450== by 0x2555F5: decoder_thread (ffmpeg_dec.c:1021)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Block was alloc'd at
==3985450== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E620D: av_malloc (mem.c:107)
==3985450== by 0x14BDC0F: av_asprintf (avstring.c:127)
==3985450== by 0x10F1FC7: ff_ass_subtitle_header_full (ass.c:37)
==3985450== by 0x10F207E: ff_ass_subtitle_header (ass.c:90)
==3985450== by 0x10F20C5: ff_ass_subtitle_header_default (ass.c:100)
==3985450== by 0x8F9E50: avcodec_open2 (avcodec.c:342)
==3985450== by 0x256EA8: dec_open (ffmpeg_dec.c:1602)
==3985450== by 0x257227: dec_init (ffmpeg_dec.c:1668)
==3985450== by 0x25B51B: ist_use (ffmpeg_demux.c:994)
==3985450== by 0x275C64: ost_add (ffmpeg_mux_init.c:1547)
==3985450== by 0x276594: map_auto_subtitle (ffmpeg_mux_init.c:1727)
==3985450==
==3985450== Invalid read of size 8
==3985450== at 0x4852E0F: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x260231: enc_open (ffmpeg_enc.c:327)
==3985450== by 0x2626E5: encoder_thread (ffmpeg_enc.c:887)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Address 0x9cae808 is 8 bytes inside a block of size 582 free'd
==3985450== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E65A2: av_free (mem.c:243)
==3985450== by 0x14E65EE: av_freep (mem.c:253)
==3985450== by 0x8FA4D7: ff_codec_close (avcodec.c:493)
==3985450== by 0xC92E95: avcodec_free_context (options.c:171)
==3985450== by 0x2555F5: decoder_thread (ffmpeg_dec.c:1021)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Block was alloc'd at
==3985450== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E620D: av_malloc (mem.c:107)
==3985450== by 0x14BDC0F: av_asprintf (avstring.c:127)
==3985450== by 0x10F1FC7: ff_ass_subtitle_header_full (ass.c:37)
==3985450== by 0x10F207E: ff_ass_subtitle_header (ass.c:90)
==3985450== by 0x10F20C5: ff_ass_subtitle_header_default (ass.c:100)
==3985450== by 0x8F9E50: avcodec_open2 (avcodec.c:342)
==3985450== by 0x256EA8: dec_open (ffmpeg_dec.c:1602)
==3985450== by 0x257227: dec_init (ffmpeg_dec.c:1668)
==3985450== by 0x25B51B: ist_use (ffmpeg_demux.c:994)
==3985450== by 0x275C64: ost_add (ffmpeg_mux_init.c:1547)
==3985450== by 0x276594: map_auto_subtitle (ffmpeg_mux_init.c:1727)
==3985450==
==3985450== Invalid read of size 8
==3985450== at 0x4852E17: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x260231: enc_open (ffmpeg_enc.c:327)
==3985450== by 0x2626E5: encoder_thread (ffmpeg_enc.c:887)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Address 0x9cae810 is 16 bytes inside a block of size 582 free'd
==3985450== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E65A2: av_free (mem.c:243)
==3985450== by 0x14E65EE: av_freep (mem.c:253)
==3985450== by 0x8FA4D7: ff_codec_close (avcodec.c:493)
==3985450== by 0xC92E95: avcodec_free_context (options.c:171)
==3985450== by 0x2555F5: decoder_thread (ffmpeg_dec.c:1021)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Block was alloc'd at
==3985450== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E620D: av_malloc (mem.c:107)
==3985450== by 0x14BDC0F: av_asprintf (avstring.c:127)
==3985450== by 0x10F1FC7: ff_ass_subtitle_header_full (ass.c:37)
==3985450== by 0x10F207E: ff_ass_subtitle_header (ass.c:90)
==3985450== by 0x10F20C5: ff_ass_subtitle_header_default (ass.c:100)
==3985450== by 0x8F9E50: avcodec_open2 (avcodec.c:342)
==3985450== by 0x256EA8: dec_open (ffmpeg_dec.c:1602)
==3985450== by 0x257227: dec_init (ffmpeg_dec.c:1668)
==3985450== by 0x25B51B: ist_use (ffmpeg_demux.c:994)
==3985450== by 0x275C64: ost_add (ffmpeg_mux_init.c:1547)
==3985450== by 0x276594: map_auto_subtitle (ffmpeg_mux_init.c:1727)
==3985450==
==3985450== Invalid read of size 8
==3985450== at 0x4852E1F: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x260231: enc_open (ffmpeg_enc.c:327)
==3985450== by 0x2626E5: encoder_thread (ffmpeg_enc.c:887)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Address 0x9cae818 is 24 bytes inside a block of size 582 free'd
==3985450== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E65A2: av_free (mem.c:243)
==3985450== by 0x14E65EE: av_freep (mem.c:253)
==3985450== by 0x8FA4D7: ff_codec_close (avcodec.c:493)
==3985450== by 0xC92E95: avcodec_free_context (options.c:171)
==3985450== by 0x2555F5: decoder_thread (ffmpeg_dec.c:1021)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Block was alloc'd at
==3985450== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E620D: av_malloc (mem.c:107)
==3985450== by 0x14BDC0F: av_asprintf (avstring.c:127)
==3985450== by 0x10F1FC7: ff_ass_subtitle_header_full (ass.c:37)
==3985450== by 0x10F207E: ff_ass_subtitle_header (ass.c:90)
==3985450== by 0x10F20C5: ff_ass_subtitle_header_default (ass.c:100)
==3985450== by 0x8F9E50: avcodec_open2 (avcodec.c:342)
==3985450== by 0x256EA8: dec_open (ffmpeg_dec.c:1602)
==3985450== by 0x257227: dec_init (ffmpeg_dec.c:1668)
==3985450== by 0x25B51B: ist_use (ffmpeg_demux.c:994)
==3985450== by 0x275C64: ost_add (ffmpeg_mux_init.c:1547)
==3985450== by 0x276594: map_auto_subtitle (ffmpeg_mux_init.c:1727)
==3985450==
==3985450== Invalid read of size 8
==3985450== at 0x4852E04: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x260231: enc_open (ffmpeg_enc.c:327)
==3985450== by 0x2626E5: encoder_thread (ffmpeg_enc.c:887)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Address 0x9cae820 is 32 bytes inside a block of size 582 free'd
==3985450== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E65A2: av_free (mem.c:243)
==3985450== by 0x14E65EE: av_freep (mem.c:253)
==3985450== by 0x8FA4D7: ff_codec_close (avcodec.c:493)
==3985450== by 0xC92E95: avcodec_free_context (options.c:171)
==3985450== by 0x2555F5: decoder_thread (ffmpeg_dec.c:1021)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Block was alloc'd at
==3985450== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E620D: av_malloc (mem.c:107)
==3985450== by 0x14BDC0F: av_asprintf (avstring.c:127)
==3985450== by 0x10F1FC7: ff_ass_subtitle_header_full (ass.c:37)
==3985450== by 0x10F207E: ff_ass_subtitle_header (ass.c:90)
==3985450== by 0x10F20C5: ff_ass_subtitle_header_default (ass.c:100)
==3985450== by 0x8F9E50: avcodec_open2 (avcodec.c:342)
==3985450== by 0x256EA8: dec_open (ffmpeg_dec.c:1602)
==3985450== by 0x257227: dec_init (ffmpeg_dec.c:1668)
==3985450== by 0x25B51B: ist_use (ffmpeg_demux.c:994)
==3985450== by 0x275C64: ost_add (ffmpeg_mux_init.c:1547)
==3985450== by 0x276594: map_auto_subtitle (ffmpeg_mux_init.c:1727)
==3985450==
==3985450== Invalid read of size 2
==3985450== at 0x4852EB0: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x260231: enc_open (ffmpeg_enc.c:327)
==3985450== by 0x2626E5: encoder_thread (ffmpeg_enc.c:887)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Address 0x9caea40 is 576 bytes inside a block of size 582 free'd
==3985450== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E65A2: av_free (mem.c:243)
==3985450== by 0x14E65EE: av_freep (mem.c:253)
==3985450== by 0x8FA4D7: ff_codec_close (avcodec.c:493)
==3985450== by 0xC92E95: avcodec_free_context (options.c:171)
==3985450== by 0x2555F5: decoder_thread (ffmpeg_dec.c:1021)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Block was alloc'd at
==3985450== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E620D: av_malloc (mem.c:107)
==3985450== by 0x14BDC0F: av_asprintf (avstring.c:127)
==3985450== by 0x10F1FC7: ff_ass_subtitle_header_full (ass.c:37)
==3985450== by 0x10F207E: ff_ass_subtitle_header (ass.c:90)
==3985450== by 0x10F20C5: ff_ass_subtitle_header_default (ass.c:100)
==3985450== by 0x8F9E50: avcodec_open2 (avcodec.c:342)
==3985450== by 0x256EA8: dec_open (ffmpeg_dec.c:1602)
==3985450== by 0x257227: dec_init (ffmpeg_dec.c:1668)
==3985450== by 0x25B51B: ist_use (ffmpeg_demux.c:994)
==3985450== by 0x275C64: ost_add (ffmpeg_mux_init.c:1547)
==3985450== by 0x276594: map_auto_subtitle (ffmpeg_mux_init.c:1727)
==3985450==
==3985450== Invalid read of size 1
==3985450== at 0x4852EE0: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x260231: enc_open (ffmpeg_enc.c:327)
==3985450== by 0x2626E5: encoder_thread (ffmpeg_enc.c:887)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Address 0x9caea44 is 580 bytes inside a block of size 582 free'd
==3985450== at 0x484988F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E65A2: av_free (mem.c:243)
==3985450== by 0x14E65EE: av_freep (mem.c:253)
==3985450== by 0x8FA4D7: ff_codec_close (avcodec.c:493)
==3985450== by 0xC92E95: avcodec_free_context (options.c:171)
==3985450== by 0x2555F5: decoder_thread (ffmpeg_dec.c:1021)
==3985450== by 0x2884C9: task_wrapper (ffmpeg_sched.c:2577)
==3985450== by 0x6670AA3: start_thread (pthread_create.c:447)
==3985450== by 0x66FDA63: clone (clone.S:100)
==3985450== Block was alloc'd at
==3985450== at 0x484E366: posix_memalign (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3985450== by 0x14E620D: av_malloc (mem.c:107)
==3985450== by 0x14BDC0F: av_asprintf (avstring.c:127)
==3985450== by 0x10F1FC7: ff_ass_subtitle_header_full (ass.c:37)
==3985450== by 0x10F207E: ff_ass_subtitle_header (ass.c:90)
==3985450== by 0x10F20C5: ff_ass_subtitle_header_default (ass.c:100)
==3985450== by 0x8F9E50: avcodec_open2 (avcodec.c:342)
==3985450== by 0x256EA8: dec_open (ffmpeg_dec.c:1602)
==3985450== by 0x257227: dec_init (ffmpeg_dec.c:1668)
==3985450== by 0x25B51B: ist_use (ffmpeg_demux.c:994)
==3985450== by 0x275C64: ost_add (ffmpeg_mux_init.c:1547)
==3985450== by 0x276594: map_auto_subtitle (ffmpeg_mux_init.c:1727)
==3985450==
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 163 bytes --]
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 5+ messages in thread
* [FFmpeg-devel] Re: [FFmpeg-cvslog] [ffmpeg] branch master updated. fd1fd5850d fftools/ffmpeg_sched: unchoke upstream nodes on recv-closed filter inputs
2026-01-30 16:02 ` Michael Niedermayer via ffmpeg-devel
@ 2026-01-30 16:05 ` James Almer via ffmpeg-devel
2026-01-30 16:10 ` James Almer via ffmpeg-devel
0 siblings, 1 reply; 5+ messages in thread
From: James Almer via ffmpeg-devel @ 2026-01-30 16:05 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: James Almer
[-- Attachment #1.1.1: Type: text/plain, Size: 770 bytes --]
Does this fix it?
> diff --git a/fftools/ffmpeg_dec.c b/fftools/ffmpeg_dec.c
> index 5020684a28..5dca26fbb2 100644
> --- a/fftools/ffmpeg_dec.c
> +++ b/fftools/ffmpeg_dec.c
> @@ -1621,7 +1621,11 @@ static int dec_open(DecoderPriv *dp, AVDictionary **dec_opts,
> dp->dec_ctx->extra_hw_frames = extra_frames;
> }
>
> - dp->dec.subtitle_header = dp->dec_ctx->subtitle_header;
> + if (dp->dec_ctx->subtitle_header) {
> + dp->dec.subtitle_header) = av_memdup(dp->dec_ctx->subtitle_header, dp->dec_ctx->subtitle_header_size);
> + if (!dp->dec.subtitle_header)
> + return AVERROR(ENOMEM);
> + }
> dp->dec.subtitle_header_size = dp->dec_ctx->subtitle_header_size;
>
> if (param_out) {
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
[-- Attachment #2: Type: text/plain, Size: 163 bytes --]
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 5+ messages in thread
* [FFmpeg-devel] Re: [FFmpeg-cvslog] [ffmpeg] branch master updated. fd1fd5850d fftools/ffmpeg_sched: unchoke upstream nodes on recv-closed filter inputs
2026-01-30 16:05 ` James Almer via ffmpeg-devel
@ 2026-01-30 16:10 ` James Almer via ffmpeg-devel
2026-02-01 1:11 ` Michael Niedermayer via ffmpeg-devel
0 siblings, 1 reply; 5+ messages in thread
From: James Almer via ffmpeg-devel @ 2026-01-30 16:10 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: James Almer
[-- Attachment #1.1.1: Type: text/plain, Size: 1901 bytes --]
Now compiling and not leaking:
> diff --git a/fftools/ffmpeg_dec.c b/fftools/ffmpeg_dec.c
> index 5020684a28..8ca5189202 100644
> --- a/fftools/ffmpeg_dec.c
> +++ b/fftools/ffmpeg_dec.c
> @@ -141,6 +141,8 @@ void dec_free(Decoder **pdec)
> av_freep(&dp->views_requested);
> av_freep(&dp->view_map);
>
> + av_freep(&dec->subtitle_header);
> +
> av_freep(pdec);
> }
>
> @@ -1621,7 +1623,11 @@ static int dec_open(DecoderPriv *dp, AVDictionary **dec_opts,
> dp->dec_ctx->extra_hw_frames = extra_frames;
> }
>
> - dp->dec.subtitle_header = dp->dec_ctx->subtitle_header;
> + if (dp->dec_ctx->subtitle_header) {
> + dp->dec.subtitle_header = av_memdup(dp->dec_ctx->subtitle_header, dp->dec_ctx->subtitle_header_size);
> + if (!dp->dec.subtitle_header)
> + return AVERROR(ENOMEM);
> + }
> dp->dec.subtitle_header_size = dp->dec_ctx->subtitle_header_size;
>
> if (param_out) {
On 1/30/2026 1:05 PM, James Almer wrote:
> Does this fix it?
>
>> diff --git a/fftools/ffmpeg_dec.c b/fftools/ffmpeg_dec.c
>> index 5020684a28..5dca26fbb2 100644
>> --- a/fftools/ffmpeg_dec.c
>> +++ b/fftools/ffmpeg_dec.c
>> @@ -1621,7 +1621,11 @@ static int dec_open(DecoderPriv *dp,
>> AVDictionary **dec_opts,
>> dp->dec_ctx->extra_hw_frames = extra_frames;
>> }
>>
>> - dp->dec.subtitle_header = dp->dec_ctx->subtitle_header;
>> + if (dp->dec_ctx->subtitle_header) {
>> + dp->dec.subtitle_header) = av_memdup(dp->dec_ctx-
>> >subtitle_header, dp->dec_ctx->subtitle_header_size);
>> + if (!dp->dec.subtitle_header)
>> + return AVERROR(ENOMEM);
>> + }
>> dp->dec.subtitle_header_size = dp->dec_ctx->subtitle_header_size;
>>
>> if (param_out) {
>
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
[-- Attachment #2: Type: text/plain, Size: 163 bytes --]
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 5+ messages in thread
* [FFmpeg-devel] Re: [FFmpeg-cvslog] [ffmpeg] branch master updated. fd1fd5850d fftools/ffmpeg_sched: unchoke upstream nodes on recv-closed filter inputs
2026-01-30 16:10 ` James Almer via ffmpeg-devel
@ 2026-02-01 1:11 ` Michael Niedermayer via ffmpeg-devel
0 siblings, 0 replies; 5+ messages in thread
From: Michael Niedermayer via ffmpeg-devel @ 2026-02-01 1:11 UTC (permalink / raw)
To: FFmpeg development discussions and patches; +Cc: Michael Niedermayer
[-- Attachment #1.1: Type: text/plain, Size: 1316 bytes --]
Hi
On Fri, Jan 30, 2026 at 01:10:46PM -0300, James Almer via ffmpeg-devel wrote:
> Now compiling and not leaking:
>
> > diff --git a/fftools/ffmpeg_dec.c b/fftools/ffmpeg_dec.c
> > index 5020684a28..8ca5189202 100644
> > --- a/fftools/ffmpeg_dec.c
> > +++ b/fftools/ffmpeg_dec.c
> > @@ -141,6 +141,8 @@ void dec_free(Decoder **pdec)
> > av_freep(&dp->views_requested);
> > av_freep(&dp->view_map);
> > + av_freep(&dec->subtitle_header);
> > +
> > av_freep(pdec);
> > }
> > @@ -1621,7 +1623,11 @@ static int dec_open(DecoderPriv *dp, AVDictionary **dec_opts,
> > dp->dec_ctx->extra_hw_frames = extra_frames;
> > }
> > - dp->dec.subtitle_header = dp->dec_ctx->subtitle_header;
> > + if (dp->dec_ctx->subtitle_header) {
> > + dp->dec.subtitle_header = av_memdup(dp->dec_ctx->subtitle_header, dp->dec_ctx->subtitle_header_size);
> > + if (!dp->dec.subtitle_header)
> > + return AVERROR(ENOMEM);
> > + }
> > dp->dec.subtitle_header_size = dp->dec_ctx->subtitle_header_size;
> > if (param_out) {
tested, works
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 163 bytes --]
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-02-01 1:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20250930112036.4AD8768EDAD@ffbox0-bg.ffmpeg.org>
2026-01-30 15:45 ` [FFmpeg-devel] Re: [FFmpeg-cvslog] [ffmpeg] branch master updated. fd1fd5850d fftools/ffmpeg_sched: unchoke upstream nodes on recv-closed filter inputs Michael Niedermayer via ffmpeg-devel
2026-01-30 16:02 ` Michael Niedermayer via ffmpeg-devel
2026-01-30 16:05 ` James Almer via ffmpeg-devel
2026-01-30 16:10 ` James Almer via ffmpeg-devel
2026-02-01 1:11 ` Michael Niedermayer via ffmpeg-devel
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git