[kde] [Bug 392497] kdenlive crashing in frei0r scurves with double free

Thu Mar 29 19:57:21 BST 2018

https://bugs.kde.org/show_bug.cgi?id=392497

--- Comment #1 from Perry Harrington <pedward at apsoft.com> ---
I installed debuginfos for everything (like 1.6GB worth!) and ran it in GDB,
this is the backtrace:

free(): corrupted unsorted chunks

Thread 35 "kdenlive" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fff2c9c9700 (LWP 24827)]
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      }
Missing separate debuginfos, use: dnf debuginfo-install
ffmpeg-libs-3.4.2-1.fc27.x86_64 kvazaar-libs-1.2.0-1.fc27.x86_64
libavdevice-3.4.2-1.fc27.x86_64 libfdk-aac-0.1.5-7.fc27.x86_64
librtmp-2.4-8.20151223gitfa8646d.fc27.x86_64 openh264-libs-1.7.0-1.fc27.x86_64
x264-libs-0.152-13.20171224gite9a5903.fc27.x86_64 x265-libs-2.6-1.fc27.x86_64
(gdb) bt
#0  0x00007fffeba51660 in __GI_raise (sig=sig at entry=6) at
../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007fffeba52c41 in __GI_abort () at abort.c:79
#2  0x00007fffeba93f17 in __libc_message (action=action at entry=do_abort,
fmt=fmt at entry=0x7fffebb99677 "%s\n")
    at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007fffeba9a21a in malloc_printerr (str=str at entry=0x7fffebb9b2c8
"free(): corrupted unsorted chunks") at malloc.c:5368
#4  0x00007fffeba9c258 in _int_free (av=0x7fff14000020, p=0x7ffeec0c30a0,
have_lock=<optimized out>) at malloc.c:4325
#5  0x00007fff3c455bec in updateCsplineMap (instance=0x7fff23058480) at
filter/curves/curves.c:763
#6  0x00007fffa03fe17a in process_frei0r_item
(service=service at entry=0x55555a43a9e0, position=position at entry=228,
time=7.5999999999999996, prop=prop at entry=0x55555a43a9e0,
this=this at entry=0x7fff0e847700, image=image at entry=0x7fff2c9c8a48,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44) at
frei0r_helper.c:119
#7  0x00007fffa03fdb8f in filter_get_image (this=this at entry=0x7fff0e847700,
image=image at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
    at filter_frei0r.c:39
#8  0x00007ffff6f5d72f in mlt_frame_get_image (self=self at entry=0x7fff0e847700,
buffer=buffer at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
    at mlt_frame.c:585
#9  0x00007fffa03fdb30 in filter_get_image (this=this at entry=0x7fff0e847700,
image=image at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
    at filter_frei0r.c:32
#10 0x00007ffff6f5d72f in mlt_frame_get_image (self=self at entry=0x7fff0e847700,
buffer=buffer at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
    at mlt_frame.c:585
#11 0x00007fffa03fdb30 in filter_get_image (this=this at entry=0x7fff0e847700,
image=image at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
    at filter_frei0r.c:32
#12 0x00007ffff6f5d72f in mlt_frame_get_image (self=self at entry=0x7fff0e847700,
buffer=buffer at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
    at mlt_frame.c:585
#13 0x00007fffa03fdb30 in filter_get_image (this=this at entry=0x7fff0e847700,
image=image at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=1)
    at filter_frei0r.c:32
#14 0x00007ffff6f5d72f in mlt_frame_get_image (self=self at entry=0x7fff0e847700,
buffer=buffer at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=1)
    at mlt_frame.c:585
#15 0x00007fff63b2197e in filter_get_image (frame=frame at entry=0x7fff0e847700,
image=image at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=1, writable at entry=0)
    at filter_lift_gamma_gain.c:174
#16 0x00007ffff6f5d72f in mlt_frame_get_image (self=self at entry=0x7fff0e847700,
buffer=buffer at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
    at mlt_frame.c:585
#17 0x00007fffa03fdb30 in filter_get_image (this=this at entry=0x7fff0e847700,
image=image at entry=0x7fff2c9c8a48, format=format at entry=0x7fff2c9c8cac,
width=width at entry=0x7fff2c9c8a40, height=height at entry=0x7fff2c9c8a44,
writable=writable at entry=0)
---Type <return> to continue, or q <return> to quit---q
 at filter_frei0r.c:32Quit

And the stack frames:

(gdb) up
#1  0x00007fffeba52c41 in __GI_abort () at abort.c:79
79            raise (SIGABRT);
(gdb) up
#2  0x00007fffeba93f17 in __libc_message (action=action at entry=do_abort,
fmt=fmt at entry=0x7fffebb99677 "%s\n")
    at ../sysdeps/posix/libc_fatal.c:181
181           abort ();
(gdb) up
#3  0x00007fffeba9a21a in malloc_printerr (str=str at entry=0x7fffebb9b2c8
"free(): corrupted unsorted chunks") at malloc.c:5368
5368      __libc_message (do_abort, "%s\n", str);
(gdb) up
#4  0x00007fffeba9c258 in _int_free (av=0x7fff14000020, p=0x7ffeec0c30a0,
have_lock=<optimized out>) at malloc.c:4325
4325            malloc_printerr ("free(): corrupted unsorted chunks");
(gdb) up
#5  0x00007fff3c455bec in updateCsplineMap (instance=0x7fff23058480) at
filter/curves/curves.c:763
763     filter/curves/curves.c: No such file or directory.

Unfortunately, filter/curves/curves.c does not show up in whatprovides, so I'm
not sure what package contains this source.

-- 
You are receiving this mail because:
You are the assignee for the bug.