Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Alexander Skwar <listen <at> alexander.skwar.name>
Subject: *** glibc detected *** double free or corruption (!prev): 0x08061060 ***
Newsgroups: gmane.comp.video.transcode.user
Date: Saturday 19th November 2005 14:43:56 UTC (over 11 years ago)
Hello.

I'm having a problem with transcode 1.0.x (1.0.1 and 1.0.2).
When I run it, I get the following error message:

*** glibc detected *** double free or corruption (!prev): 0x08061060 ***

Command that I ran:

$ transcode  -H 10 -o snapshot -y ppm,null -x vob,null -i
/data/Kingdom/vob/001 -c 4-5 -L 1727299

Here's the complete output:

transcode v1.0.2 (C) 2001-2003 Thomas Oestreich, 2003-2004 T. Bitterberg
(dvd_reader.c) no support for DVD reading configured - exit.
[transcode] (probe) suggested AV correction -D 0 (0 ms) | AV 0 ms | 0 ms
[transcode] auto-probing source /data/Kingdom/vob/001 (ok)
[transcode] V: import format    | MPEG-2  (V=vob|A=null)
[transcode] V: AV demux/sync    | (1) sync AV at initial MPEG sequence
[transcode] V: import frame     | 720x576  1.25:1  encoded @ 16:9
[transcode] V: bits/pixel       | 0.174
[transcode] V: decoding fps,frc | 25.000,3
[transcode] V: Y'CbCr           | YV12/I420
[transcode] A: import format    | 0x2000  AC3          [48000,16,2]  448
kbps
[transcode] A: export           | disabled
[transcode] V: encoding fps,frc | 25.000,3
[transcode] A: bytes per frame  | 7680 (7680.000000)
[transcode] A: adjustment       | [email protected]
[transcode] V: IA32/AMD64 accel | sse2 (sse2 sse mmxext mmx asm C)
tc_memcpy: using sse for memcpy
[transcode] V: video buffer     | 10 @ 720x576
[import_null.so] v0.2.0 (2002-01-19) (video) null | (audio) null
[import_vob.so] v0.6.0 (2003-10-02) (video) MPEG-2 | (audio) MPEG/AC3/PCM |
(subtitle)
[export_null.so] v0.1.2 (2001-08-17) (video) null | (audio) null
[export_ppm.so] v0.1.1 (2002-02-14) (video) PPM/PGM | (audio) MPEG/AC3/PCM
[import_vob.so] tccat -i "/data/Kingdom/vob/001" -t vob -d 0 -S 1727299 |
tcdemux -s 0x80 -x mpeg2 -S 0 -M 1 -d 0 | tcextract -t vob -a 0 -x mpeg2 -d
0 | tcdecode -x mpeg2 -d 0 -y yv12
*** glibc detected *** double free or corruption (!prev): 0x08061060 ***
[decode_mpeg2.c] libmpeg2 0.4.0b loop decoder
[decode_mpeg2.c] libmpeg2 acceleration: mmxext
tc_memcpy: using sse for memcpy

clean up | frame threads | unload modules | cancel signal | internal
threads | done
[transcode] encoded 0 frames (0 dropped, 0 cloned), clip length   0.00 s

This command works with tc 0.6.14 and the same input data.

I'm on a Gentoo Linux system and compiled tc "myself" using
the Gentoo transcode portage system.

I (or rather the system) ran:

./configure --prefix=/usr --host=i686-pc-linux-gnu --mandir=/usr/share/man
--infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc
--localstatedir=/var/lib --disable-altivec --disable-netstream
--disable-freetype2 --disable-v4l --disable-lame --disable-ogg
--disable-vorbis
--disable-theora --disable-libdvdread --disable-libdv
--disable-libquicktime --disable-lzo --disable-a52 --disable-libmpeg3
--disable-libxml2
--disable-mjpegtools --disable-sdl --disable-gtk --disable-libfame
--disable-imagemagick --disable-libjpeg --with-mod-path=/usr/lib/transcode
--without-x --without-libpostproc-builddir --disable-mmx --disable-3dnow
--disable-sse --disable-sse2 --disable-avifile --build=i686-pc-linux-gnu

CFLAGS="-O2 -mtune=pentium-m -pipe -fomit-frame-pointer"

To be able to debug, I downloaded CVS head and compiled it
with the above mentioned configure options and

CFLAGS="-O2 -mtune=pentium-m -pipe -fomit-frame-pointer -g"

I then ran the transcode command shown at the beginning of
this mail - and it worked!

Next, I compiled 1.0.2 with no patches or anything using
just the plain source from transcoding.org. I compiled
it with the above configure command and

CFLAGS="-O2 -mtune=pentium-m -pipe -fomit-frame-pointer -g"

After having done so, I ran (per <http://www.transcoding.org/cgi-bin/transcode?Reporting_Crashes>):

[email protected] /tmp/dvdrip7656.ppm $ gdb /dev/shm/tc/prog/bin/transcode
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db
library "/lib/tls/libthread_db.so.1".

gdb> run -H 10 -o snapshot -y ppm,null -x vob,null -i /data/Kingdom/vob/001
-c 4-5 -L 1727299 -q 2
[Thread debugging using libthread_db enabled]
[New Thread -1210390848 (LWP 27306)]
[New Thread -1210393680 (LWP 27309)]
transcode v1.0.2 (C) 2001-2003 Thomas Oestreich, 2003-2004 T. Bitterberg
(dvd_reader.c) no support for DVD reading configured - exit.
[tcprobe] MPEG program stream (PS)
att0=274, att1=0
[transcode] (probe) suggested AV correction -D 0 (0 ms) | AV 0 ms | 0 ms
(probe.c) V magic=0x0, A magic=0x0, V codec=0x10000, A codec=0x2000
(probe.c) V magic=, A magic=, V codec=MPEG-2, A codec=AC3
[transcode] auto-probing source /data/Kingdom/vob/001 (ok)
[transcode] V: import format    | MPEG-2  (V=vob|A=null)
4 frames to 5 frames
[transcode] V: AV demux/sync    | (1) sync AV at initial MPEG sequence
[transcode] V: import frame     | 720x576  1.25:1  encoded @ 16:9
[transcode] V: bits/pixel       | 0.174
[transcode] V: decoding fps,frc | 25.000,3
[transcode] V: Y'CbCr           | YV12/I420
[transcode] A: import format    | 0x2000  AC3          [48000,16,2]  448
kbps
[transcode] A: export           | disabled
[transcode] V: encoding fps,frc | 25.000,3
[transcode] A: bytes per frame  | 7680 (7680.000000)
[transcode] A: adjustment       | [email protected]
[transcode] V: IA32/AMD64 accel | sse2 (sse2 sse mmxext mmx asm C)
tc_memcpy: using sse for memcpy
[transcode] encoder delay = decode=40000 encode=40000 usec
[transcode] V: video buffer     | 10 @ 720x576
[transcode] allocating 10 framebuffer (static)
loading audio import module /dev/shm/tc/mod/import_null.so
loading video import module /dev/shm/tc/mod/import_vob.so
[import_null.so] v0.2.0 (2002-01-19) (video) null | (audio) null
Audio capability flag 0xffffffff | 0x1
[import_vob.so] v0.6.0 (2003-10-02) (video) MPEG-2 | (audio) MPEG/AC3/PCM |
(subtitle)
Video capability flag 0x2f | 0x2
loading audio export module /dev/shm/tc/mod/export_null.so
loading video export module /dev/shm/tc/mod/export_ppm.so
[export_null.so] v0.1.2 (2001-08-17) (video) null | (audio) null
(encoder.c) audio capability flag 0xffffffff | 0x1
[export_ppm.so] v0.1.1 (2002-02-14) (video) PPM/PGM | (audio) MPEG/AC3/PCM
(encoder.c) video capability flag 0x21f | 0x2
[transcode] starting 1 frame processing thread(s)
[New Thread -1258103888 (LWP 27311)]
[transcode] starting 1 frame processing thread(s)
[New Thread -1266496592 (LWP 27312)]
[import_vob.so] tccat -i "/data/Kingdom/vob/001" -t vob -d 3 -S 1727299 |
tcdemux -s 0x80 -x mpeg2 -S 0 -M 1 -d 3 | tcextract -t vob -a 0 -x mpeg2 -d
3 | tcdecode -x mpeg2 -d 3 -y yv12
(iodump.c) scanning directory "/data/Kingdom/vob/001"
(iodump.c) MPEG program stream (PS)
[New Thread -1274889296 (LWP 27314)]
(decoder.c) audio thread id=-1274889296
[New Thread -1283282000 (LWP 27319)]
(decoder.c) video thread id=-1283282000
[demuxer.c] (pid=27316) MPEG sequence start code in packet 000000 for PU
[0]
[demuxer.c] (pid=27316) processing PU [0], on at PTS=4158.6585 sec
[demuxer.c] (pid=27316) audio packet 000021 for PU [0] skipped (-0.3600)
[demuxer.c] AV fine-tuning: 32 ms
[demuxer.c] (pid=27316) audio packet 000036 for PU [0] skipped (-0.3280)
tc_memcpy: using sse for memcpy
[tcextract] (pid=27317) starting, doing mpeg2
[demuxer.c] (pid=27316) audio packet 000056 for PU [0] skipped (-0.2960)
[demuxer.c] (pid=27316) audio packet 000086 for PU [0] skipped (-0.2320)
[demuxer.c] (pid=27316) audio packet 000097 for PU [0] skipped (-0.2000)
[demuxer.c] (pid=27316) audio packet 000105 for PU [0] skipped (-0.1680)
[demuxer.c] (pid=27316) audio packet 000122 for PU [0] skipped (-0.1360)
[demuxer.c] (pid=27316) audio packet 000135 for PU [0] skipped (-0.1040)
[demuxer.c] (pid=27316) audio packet 000148 for PU [0] skipped (-0.0720)
[demuxer.c] (pid=27316) audio packet 000151 for PU [0] skipped (-0.0400)
[demuxer.c] (pid=27316) AV sync established for PU [0] at PTS=4158.6505
(-0.0080)
[decode_mpeg2.c] libmpeg2 0.4.0b loop decoder
[decode_mpeg2.c] libmpeg2 acceleration: mmxext
skipping frames [000000-000003],  71.46 fps, EMT: 0:00:00, ( 0| 0| 2)

(encoder.c) encoder last frame finished (5/5)
(encoder.c) encoder closed
(decoder.c) import stop requested by client=-1210390848 (main=-1210390848)
import status=1
(decoder.c) audio import cancelation requested (0)
[Thread -1274889296 (zombie) exited]
(decoder.c) A/V import canceled (-1210390848) (-1210390848)

Program received signal SIG32, Real-time event 32.
[Switching to Thread -1283282000 (LWP 27319)]
Error while running hook_stop:
Invalid type combination in ordering comparison.
0xffffe410 in __kernel_vsyscall ()
gdb> where
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7f2c71b in __read_nocancel () from /lib/tls/libpthread.so.0
#2  0x0805b959 in mfread (buf=0xb65d6000 '\020' ...,
size=0x97e00, nelem=0x1, f=0x1000) at decoder.c:459
#3  0x0805c28a in vimport_thread (vob=0x80a1008) at decoder.c:550
#4  0xb7f272c2 in start_thread () from /lib/tls/libpthread.so.0
gdb> bt full
#0  0xffffe410 in __kernel_vsyscall ()
No symbol table info available.
#1  0xb7f2c71b in __read_nocancel () from /lib/tls/libpthread.so.0
No symbol table info available.
#2  0x0805b959 in mfread (buf=0xb65d6000 '\020' ...,
size=0x97e00, nelem=0x1, f=0x1000) at decoder.c:459
        fd = 0x6
        n = 0x75400
        r1 = 0x1000
        r2 = 0x1000
#3  0x0805c28a in vimport_thread (vob=0x80a1008) at decoder.c:550
        i = 0x6
        ret = 0x1
        vbytes = 0x97e00
        ptr = (vframe_list_t *) 0x80a1708
        import_para = {flag = 0x0, fd = 0x0, size = 0x0, buffer = 0x0,
buffer2 = 0x0, attributes = 0x0}
#4  0xb7f272c2 in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
gdb> disass $pc-32 $pc+32
Dump of assembler code from 0xffffe3de to 0xffffe442:
0xffffe3de:     add    %al,(%eax)
0xffffe3e0:     add    %al,(%eax)
0xffffe3e2:     add    %al,(%eax)
0xffffe3e4:     add    %al,(%eax)
0xffffe3e6:     add    %al,(%eax)
0xffffe3e8:     add    %al,(%eax)
0xffffe3ea:     add    %al,(%eax)
0xffffe3ec:     add    %al,(%eax)
0xffffe3ee:     add    %al,(%eax)
0xffffe3f0:     add    %al,(%eax)
0xffffe3f2:     add    %al,(%eax)
0xffffe3f4:     add    %al,(%eax)
0xffffe3f6:     add    %al,(%eax)
0xffffe3f8:     add    %al,(%eax)
0xffffe3fa:     add    %al,(%eax)
0xffffe3fc:     add    %al,(%eax)
0xffffe3fe:     add    %al,(%eax)
0xffffe400 <__kernel_vsyscall+0>:       push   %ecx
0xffffe401 <__kernel_vsyscall+1>:       push   %edx
0xffffe402 <__kernel_vsyscall+2>:       push   %ebp
0xffffe403 <__kernel_vsyscall+3>:       mov    %esp,%ebp
0xffffe405 <__kernel_vsyscall+5>:       sysenter
0xffffe407 <__kernel_vsyscall+7>:       nop
0xffffe408 <__kernel_vsyscall+8>:       nop
0xffffe409 <__kernel_vsyscall+9>:       nop
0xffffe40a <__kernel_vsyscall+10>:      nop
0xffffe40b <__kernel_vsyscall+11>:      nop
0xffffe40c <__kernel_vsyscall+12>:      nop
0xffffe40d <__kernel_vsyscall+13>:      nop
0xffffe40e <__kernel_vsyscall+14>:      jmp    0xffffe403
<__kernel_vsyscall+3>
0xffffe410 <__kernel_vsyscall+16>:      pop    %ebp
0xffffe411 <__kernel_vsyscall+17>:      pop    %edx
0xffffe412 <__kernel_vsyscall+18>:      pop    %ecx
0xffffe413 <__kernel_vsyscall+19>:      ret
0xffffe414 <__kernel_vsyscall+20>:      nop
0xffffe415 <__kernel_vsyscall+21>:      nop
0xffffe416 <__kernel_vsyscall+22>:      nop
0xffffe417 <__kernel_vsyscall+23>:      nop
0xffffe418 <__kernel_vsyscall+24>:      nop
0xffffe419 <__kernel_vsyscall+25>:      nop
0xffffe41a <__kernel_vsyscall+26>:      nop
0xffffe41b <__kernel_vsyscall+27>:      nop
0xffffe41c <__kernel_vsyscall+28>:      nop
0xffffe41d <__kernel_vsyscall+29>:      nop
0xffffe41e <__kernel_vsyscall+30>:      nop
0xffffe41f <__kernel_vsyscall+31>:      nop
0xffffe420 <__kernel_sigreturn+0>:      pop    %eax
0xffffe421 <__kernel_sigreturn+1>:      mov    $0x77,%eax
0xffffe426 <__kernel_sigreturn+6>:      int    $0x80
0xffffe428 <__kernel_sigreturn+8>:      nop
0xffffe429 <__kernel_sigreturn+9>:      nop
0xffffe42a <__kernel_sigreturn+10>:     nop
0xffffe42b <__kernel_sigreturn+11>:     nop
0xffffe42c <__kernel_sigreturn+12>:     nop
0xffffe42d <__kernel_sigreturn+13>:     nop
0xffffe42e <__kernel_sigreturn+14>:     nop
0xffffe42f <__kernel_sigreturn+15>:     nop
0xffffe430 <__kernel_sigreturn+16>:     nop
0xffffe431 <__kernel_sigreturn+17>:     nop
0xffffe432 <__kernel_sigreturn+18>:     nop
0xffffe433 <__kernel_sigreturn+19>:     nop
0xffffe434 <__kernel_sigreturn+20>:     nop
0xffffe435 <__kernel_sigreturn+21>:     nop
0xffffe436 <__kernel_sigreturn+22>:     nop
0xffffe437 <__kernel_sigreturn+23>:     nop
0xffffe438 <__kernel_sigreturn+24>:     nop
0xffffe439 <__kernel_sigreturn+25>:     nop
0xffffe43a <__kernel_sigreturn+26>:     nop
0xffffe43b <__kernel_sigreturn+27>:     nop
0xffffe43c <__kernel_sigreturn+28>:     nop
0xffffe43d <__kernel_sigreturn+29>:     nop
0xffffe43e <__kernel_sigreturn+30>:     nop
0xffffe43f <__kernel_sigreturn+31>:     nop
0xffffe440 <__kernel_rt_sigreturn+0>:   mov    $0xad,%eax
End of assembler dump.
gdb>
No function contains specified address.

This command/call makes transcode 1.0.1 and 1.0.2 die with
the error message "*** glibc detected *** double free or
corruption (!prev): 0x08061060 ***" on my system. 0.6.14
and CVS HEAD work.

What's broken and how do I fix it?

Thanks,

Alexander Skwar
 
CD: 9ms