Bug#898428: vlc-plugin-base: memory corruption in vlc_module_unload -> avcodec_close
Vincas Dargis
vindrg at gmail.com
Fri May 11 14:39:09 BST 2018
Package: src:vlc
Version: 2.2.7-1~deb9u1
Severity: normal
Dear Maintainer,
We are developing application using VLC-Qt, that uses libvlc,
libvlcore libraries from Debian repository for displaying RTSP streams.
Everything was OK while application was running on Jessie amd64 machine.
When running on Strech, aborts started to occur, like this (when
application decided to stop and start (restart) stream):
```
libvlc: picture is too late to be displayed (missing 21 ms)
libvlc: picture might be displayed late (missing 11 ms)
libvlc: ES_OUT_SET_(GROUP_)PCRis called too late (pts_delay increased
to 201 ms)
libvlc: ES_OUT_RESET_PCR called
qml: VlcPlayer.onBuffering:0, state=3, firstBufferingDone=true,
bufferingEventCount=1
qml: VlcPlayer.onBuffering: restarting because of buffering!!!!
4:34:56 AM EDT
qml: camItem.onAborted() !!!
libvlc: Buffering 0%
qml: VlcPlayer.state 3
libvlc: Buffering 0%
libvlc: control: stopping input
libvlc: removing module "avcodec"
[Thread 0x7fffd47b9700 (LWP 4114) exited]
libvlc: available hardware decoder output format 109 (vdpau)
libvlc: available hardware decoder output format 53 (vaapi_vld)
libvlc: available software decoder output format 12 (yuvj420p)
libvlc: looking for hw decoder module matching "vaapi": 4 candidates
libva info: VA-API version 0.39.4
libva info: va_getDriverName() returns 0
libva info: Trying to open
/usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_39
libva info: va_openDriver() returns 0
libva info: Trying to open
/usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_39
libva info: va_openDriver() returns 0
libvlc: using hw decoder module "vaapi_drm"
libvlc: Using Intel i965 driver for Intel(R) Skylake - 1.7.3 for
hardware decoding.
[Thread 0x7fffcbfff700 (LWP 4110) exited]
[Thread 0x7fffb51c6700 (LWP 4112) exited]
[Thread 0x7fffb49c5700 (LWP 4113) exited]
[Thread 0x7fffb59c7700 (LWP 4111) exited]
*** Error in `/home/myuser/Desktop/MyApp/MyApp': free(): invalid size:
0x00007fff9c09ea40 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7ffff35ffbfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7ffff3605fc6]
/lib/x86_64-linux-gnu/libc.so.6(+0x7780e)[0x7ffff360680e]
/usr/lib/x86_64-linux-gnu/vlc/plugins/codec/libavcodec_plugin.so(+0xaa87c)[0x7fffbb9b787c]
/usr/lib/x86_64-linux-gnu/vlc/plugins/codec/libavcodec_plugin.so(+0xd0bc5)[0x7fffbb9ddbc5]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(vlc_module_unload+0xa0)[0x7ffff30f7d40]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(input_DecoderDelete+0x84)[0x7ffff30aaea4]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(+0x46046)[0x7ffff30b0046]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(+0x4a258)[0x7ffff30b4258]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(+0x4c829)[0x7ffff30b6829]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(+0x4e45f)[0x7ffff30b845f]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(+0x50789)[0x7ffff30ba789]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(+0x51273)[0x7ffff30bb273]
/usr/lib/x86_64-linux-gnu/libvlccore.so.8(+0x5809d)[0x7ffff30c209d]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x7494)[0x7ffff41d2494]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7ffff3677acf]
```
Some other malloc error variations, with same backtraces:
```
*** Error in `/home/myuser/Desktop/MyApp/MyApp': free(): invalid pointer: 0x00007fff9808be00 ***
*** Error in `/home/myuser/Desktop/MyApp/MyApp': double free or corruption (out): 0x00007fff9c08f160 ***
*** Error in `./MyApp': double free or corruption (out): 0x00007f77e4056c20 ***
```
gdb backtrace:
```
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff35c342a in __GI_abort () at abort.c:89
#2 0x00007ffff35ffc00 in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x7ffff36f4d98 "*** Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff3605fc6 in malloc_printerr (action=3, str=0x7ffff36f1918 "free(): invalid size", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5049
#4 0x00007ffff360680e in _int_free (av=0x7ffff3928b00 <main_arena>, p=0x7fff9c09ea30, have_lock=0) at malloc.c:3905
#5 0x00007fffbb9b787c in avcodec_close (avctx=0x7fffa40b0240) at ./ffmpeg-2-8-13/libavcodec/utils.c:2936
#6 0x00007fffbb9ddbc5 in CloseDecoder (p_this=0x7fffa40ab5c8) at codec/avcodec/avcodec.c:371
#7 0x00007ffff30f7d40 in vlc_module_unload (module=<optimized out>, deinit=deinit at entry=0x7ffff30f7240 <generic_stop>) at modules/modules.c:340
#8 0x00007ffff30f7dce in module_unneed (obj=obj at entry=0x7fffa40ab5c8, module=<optimized out>) at modules/modules.c:373
#9 0x00007ffff30aaea4 in input_DecoderDelete (p_dec=0x7fffa40ab5c8) at input/decoder.c:347
#10 0x00007ffff30b0046 in EsDestroyDecoder (out=0x25b79e0, p_es=0x7fffa40008c0, p_es=0x7fffa40008c0) at input/es_out.c:1590
#11 EsUnselect (out=out at entry=0x25b79e0, es=0x7fffa40008c0, b_update=<optimized out>) at input/es_out.c:1701
#12 0x00007ffff30b4258 in EsOutControlLocked (args=<optimized out>, i_query=<optimized out>, out=0x25b79e0) at input/es_out.c:2189
#13 EsOutControl (out=0x25b79e0, i_query=<optimized out>, args=<optimized out>) at input/es_out.c:2718
#14 0x00007ffff30b6829 in es_out_vaControl (args=0x7fffc81ebaf0, i_query=<optimized out>, out=<optimized out>) at ../include/vlc_es_out.h:126
#15 es_out_Control (out=<optimized out>, i_query=<optimized out>) at ../include/vlc_es_out.h:135
#16 0x00007ffff30b845f in ControlLocked (args=<optimized out>, i_query=<optimized out>, p_out=<optimized out>) at input/es_out_timeshift.c:618
#17 Control (p_out=<optimized out>, i_query=<optimized out>, args=<optimized out>) at input/es_out_timeshift.c:716
#18 0x00007ffff30ba789 in es_out_vaControl (args=0x7fffc81ebc50, i_query=65536, out=<optimized out>) at ../include/vlc_es_out.h:126
#19 es_out_Control (out=<optimized out>, i_query=i_query at entry=65536) at ../include/vlc_es_out.h:135
#20 0x00007ffff30bb273 in es_out_SetMode (i_mode=0, p_out=<optimized out>) at input/es_out.h:89
#21 End (p_input=p_input at entry=0x29c8348) at input/input.c:1354
#22 0x00007ffff30c209d in Run (obj=0x29c8348) at input/input.c:526
#23 0x00007ffff41d2494 in start_thread (arg=0x7fffc81ec700) at pthread_create.c:333
#24 0x00007ffff3677acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
```
Our use case results is rather frequent stopping and starting
(restarting) of video playbacks, and it seems that libavcodec_plugin
invokes malloc heap corruption while unloading plugin instance (or
something like that).
If I set MALLOC_CHECK_=0, it does not abort very fast, though it
crashes in different places much later, possibly due to heap
corruption.
Interestingly, if I manage to launch application on Stretch machine
BUT with older Jessie's libavcoded_plugin.so and all dependencies
(like libavcodec56, libx264, ...) extracted from Jesssie's .debs and
with help of VLC_PLUGIN_PATH and LD_LIBRARY_PATH, I cannot reproduce
crash any more.
It kinda seems that if VLC uses libavcoded implementation from
ffmpeg.org (Strech), instead of libav.org (Jessie), it does not handle
unloading of plugins in correct way? Since VLC version is the same on
Jessie and Stretch, this is only hypothesis I could get yet.
Feel free to reassign to ffmpeg, as I'm not sure exactly what could be
the culprit here.
-- System Information:
Debian Release: 9.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.16.0-0.bpo.1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages vlc-plugin-base depends on:
ii liba52-0.7.4 0.7.4-19
ii libasound2 1.1.3-5
ii libass5 1:0.13.4-2
ii libavahi-client3 0.6.32-2
ii libavahi-common3 0.6.32-2
ii libavc1394-0 0.5.4-4+b1
ii libbasicusageenvironment1 2016.11.28-1
ii libbluray1 1:0.9.3-3
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.24-11+deb9u3
ii libcairo2 1.14.8-1
ii libcddb2 1.3.2-5
ii libcdio13 0.83-4.3+b1
ii libchromaprint1 1.4.2-1
ii libcrystalhd3 1:0.0~git20110715.fdd2f19-12
ii libdbus-1-3 1.10.26-0+deb9u1
ii libdc1394-22 2.2.5-1
ii libdca0 0.0.5-10
ii libdirectfb-1.2-9 1.2.10.0-8+deb9u1
ii libdvbpsi10 1.3.0-5
ii libdvdnav4 5.0.3-3
ii libdvdread4 5.0.3-2
ii libebml4v5 1.3.4-1
ii libfaad2 2.8.0~cvs20161113-1
ii libflac8 1.3.2-1
ii libfontconfig1 2.11.0-6.7+b1
ii libfreetype6 2.6.3-3.2
ii libfribidi0 0.19.7-1+b1
ii libgcc1 1:6.3.0-18+deb9u1
ii libgcrypt20 1.7.6-2+deb9u2
ii libglib2.0-0 2.50.3-2
ii libgme0 0.6.0-4
ii libgnutls30 3.5.8-5+deb9u3
ii libgpg-error0 1.26-2
ii libgroupsock8 2016.11.28-1
ii libgsm1 1.0.13-4+b2
ii libjpeg62-turbo 1:1.5.1-2
ii libkate1 0.4.1-7+b1
ii liblirc-client0 0.9.4c-9
ii liblivemedia57 2016.11.28-1
ii liblua5.2-0 5.2.4-1.1+b2
ii liblzma5 5.2.2-1.2+b1
ii libmad0 0.15.1b-8+deb9u1
ii libmatroska6v5 1.4.5-2
ii libmp3lame0 3.99.5+repack1-9+b2
ii libmpcdec6 2:0.1~r495-1+b1
ii libmpeg2-4 0.5.1-7+b2
ii libmtp9 1.1.13-1
ii libncursesw5 6.0+20161126-1+deb9u2
ii libogg0 1.3.2-1
ii libopenmpt-modplug1 0.2.7386~beta20.3-3+deb9u2
ii libopus0 1.2~alpha2-1
ii libpng16-16 1.6.28-1
ii libpulse0 10.0-1+deb9u1
ii libraw1394-11 2.1.2-1+b1
ii libresid-builder0c2a 2.1.1-15
ii librsvg2-2 2.40.16-1+b1
ii librtmp1 2.4+20151223.gitfa8646d.1-1+b1
ii libsamplerate0 0.1.8-8+b2
ii libsdl-image1.2 1.2.12-5+deb9u1
ii libsdl1.2debian 1.2.15+dfsg1-4
ii libshine3 3.1.0-5
ii libshout3 2.3.1-3
ii libsidplay2 2.1.1-15
ii libsnappy1v5 1.1.3-3
ii libsndio6.1 1.1.0-3
ii libspeex1 1.2~rc1.2-1+b2
ii libspeexdsp1 1.2~rc1.2-1+b2
ii libssh-gcrypt-4 0.7.3-2
ii libssh2-1 1.7.0-1
ii libstdc++6 6.3.0-18+deb9u1
ii libtag1v5 1.11.1+dfsg.1-0.1
ii libtheora0 1.1.1+dfsg.1-14+b1
ii libtinfo5 6.0+20161126-1+deb9u2
ii libtwolame0 0.3.13-2
ii libudev1 232-25+deb9u3
ii libupnp6 1:1.6.19+git20160116-1.2
ii libusageenvironment3 2016.11.28-1
ii libva-drm1 1.7.3-2
ii libva-x11-1 1.7.3-2
ii libva1 1.7.3-2
ii libvcdinfo0 0.7.24+dfsg-0.2
ii libvlccore8 2.2.7-1~deb9u1
ii libvorbis0a 1.3.5-4+deb9u2
ii libvorbisenc2 1.3.5-4+deb9u2
ii libvpx4 1.6.1-3+deb9u1
ii libwavpack1 5.0.0-2+deb9u2
ii libwebp6 0.5.2-1
ii libwebpmux2 0.5.2-1
ii libx11-6 2:1.6.4-3
ii libx264-148 2:0.148.2748+git97eaef2-1
ii libx265-95 2.1-2+b2
ii libxcb-keysyms1 0.4.0-1+b2
ii libxcb1 1.12-1
ii libxml2 2.9.4+dfsg1-2.2+deb9u2
ii libxvidcore4 2:1.3.4-1+b2
ii libzvbi0 0.2.35-13
ii vlc-data 2.2.7-1~deb9u1
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages vlc-plugin-base recommends:
ii xdg-utils 1.1.1-1
Versions of packages vlc-plugin-base suggests:
pn libdvdcss2 <none>
Versions of packages libvlc-bin depends on:
ii libc6 2.24-11+deb9u3
ii libvlc5 2.2.7-1~deb9u1
Versions of packages libvlc5 depends on:
ii dpkg 1.18.24
ii libc6 2.24-11+deb9u3
ii libvlccore8 2.2.7-1~deb9u1
Versions of packages libvlc5 recommends:
ii libvlc-bin 2.2.7-1~deb9u1
Versions of packages libvlccore8 depends on:
ii dpkg 1.18.24
ii libc6 2.24-11+deb9u3
ii libdbus-1-3 1.10.26-0+deb9u1
ii libidn11 1.33-1
Versions of packages libvlccore8 recommends:
ii libproxy-tools 0.4.14-2
Versions of packages vlc depends on:
ii dpkg 1.18.24
ii vlc-bin 2.2.7-1~deb9u1
ii vlc-l10n 2.2.7-1~deb9u1
ii vlc-plugin-qt 2.2.7-1~deb9u1
ii vlc-plugin-video-output 2.2.7-1~deb9u1
Versions of packages vlc recommends:
ii vlc-plugin-notify 2.2.7-1~deb9u1
ii vlc-plugin-samba 2.2.7-1~deb9u1
ii vlc-plugin-skins2 2.2.7-1~deb9u1
ii vlc-plugin-video-splitter 2.2.7-1~deb9u1
ii vlc-plugin-visualization 2.2.7-1~deb9u1
Versions of packages vlc-bin depends on:
ii libc6 2.24-11+deb9u3
ii libvlc-bin 2.2.7-1~deb9u1
ii libvlc5 2.2.7-1~deb9u1
Versions of packages vlc-plugin-notify depends on:
ii dpkg 1.18.24
ii libc6 2.24-11+deb9u3
ii libgdk-pixbuf2.0-0 2.36.5-2+deb9u2
ii libglib2.0-0 2.50.3-2
ii libgtk2.0-0 2.24.31-2
ii libnotify4 0.7.7-2
ii libvlccore8 2.2.7-1~deb9u1
Versions of packages vlc-plugin-qt depends on:
ii libc6 2.24-11+deb9u3
ii libgcc1 1:6.3.0-18+deb9u1
ii libqt5core5a 5.7.1+dfsg-3+b1
ii libqt5gui5 5.7.1+dfsg-3+b1
ii libqt5widgets5 5.7.1+dfsg-3+b1
ii libqt5x11extras5 5.7.1~20161021-2
ii libstdc++6 6.3.0-18+deb9u1
ii libvlccore8 2.2.7-1~deb9u1
ii libx11-6 2:1.6.4-3
ii libxi6 2:1.7.9-1
Versions of packages vlc-plugin-qt recommends:
ii vlc-bin 2.2.7-1~deb9u1
Versions of packages vlc-plugin-skins2 depends on:
ii fonts-freefont-ttf 20120503-6
ii libc6 2.24-11+deb9u3
ii libfreetype6 2.6.3-3.2
ii libfribidi0 0.19.7-1+b1
ii libgcc1 1:6.3.0-18+deb9u1
ii libstdc++6 6.3.0-18+deb9u1
ii libvlccore8 2.2.7-1~deb9u1
ii libx11-6 2:1.6.4-3
ii libxext6 2:1.3.3-1+b2
ii libxinerama1 2:1.1.3-1+b3
ii libxpm4 1:3.5.12-1
ii vlc-plugin-qt 2.2.7-1~deb9u1
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages vlc-plugin-skins2 recommends:
ii vlc-bin 2.2.7-1~deb9u1
Versions of packages vlc-plugin-video-output depends on:
ii libaa1 1.4p5-44+b1
ii libc6 2.24-11+deb9u3
ii libcaca0 0.99.beta19-2+b2
ii libegl1-mesa [libegl1-x11] 13.0.6-1+b2
ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2
ii libgles1-mesa [libgles1] 13.0.6-1+b2
ii libgles2-mesa [libgles2] 13.0.6-1+b2
ii libvlccore8 2.2.7-1~deb9u1
ii libx11-6 2:1.6.4-3
ii libxcb-keysyms1 0.4.0-1+b2
ii libxcb-shm0 1.12-1
ii libxcb-xv0 1.12-1
ii libxcb1 1.12-1
Versions of packages vlc-plugin-video-splitter depends on:
ii libc6 2.24-11+deb9u3
ii libvlccore8 2.2.7-1~deb9u1
ii libxcb-randr0 1.12-1
ii libxcb1 1.12-1
Versions of packages vlc-plugin-visualization depends on:
ii libc6 2.24-11+deb9u3
ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2
ii libvlccore8 2.2.7-1~deb9u1
-- no debconf information
More information about the pkg-multimedia-maintainers
mailing list