Ubuntu
vlc package

vlc assert failure: double free or corruption (!prev) when taking screenshot the second time on same time position

Bug #1894968 reported by Bagas Sanjaya
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

I discovered this bug when I tried to take a snapshot of "I Died in a Car Crash" contemporary dance video by Ana Zimhart (https://www.youtube.com/watch?v=eoocJ3euHy8), which the video itself had been downloaded long time ago.

When the video played at time position 1:37 (when Ana did headstand/handstand [baby freeze headstand] trick) I took a snapshot two times. The first attempt succeed, but the second attempt triggered double free crash.

Examining log (tail) when running vlc with `vlc -vvv`, I got:

[00007f55c81ee320] main filter debug: using video converter module "vaapi_filters"
[00007f55c844abc0] main filter debug: Filter 'VAAPI filters' (0x7f55c81ee320) appended to chain
[00007f55c8563940] main filter debug: looking for video converter module matching "any": 23 candidates
[00007f55c8563940] swscale filter debug: 540x360 (544x368) chroma: I420 -> 540x360 (544x368) chroma: YUVA with scaling using Bicubic (good quality)
[00007f55c8563940] main filter debug: using video converter module "swscale"
[00007f55c844abc0] main filter debug: Filter 'Swscale' (0x7f55c8563940) appended to chain
[00007f55c844abc0] main filter debug: using video converter module "chain"
[00007f55c844abc0] main filter debug: removing module "chain"
[00007f55c81ee320] main filter debug: removing module "vaapi_filters"
double free or corruption (!prev)

ProblemType: Crash
DistroRelease: Ubuntu 20.04
Package: vlc-bin 3.0.9.2-1
ProcVersionSignature: Ubuntu 5.4.0-33.37-generic 5.4.34
Uname: Linux 5.4.0-33-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu27.8
Architecture: amd64
AssertionMessage: double free or corruption (!prev)
CasperMD5CheckResult: skip
CurrentDesktop: ubuntu:GNOME
Date: Wed Sep 9 16:14:10 2020
ExecutablePath: /usr/bin/vlc
ExecutableTimestamp: 1586460584
InstallationDate: Installed on 2020-05-05 (126 days ago)
InstallationMedia: Ubuntu-MATE 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
ProcCmdline: vlc -vvv I\ Died\ in\ a\ Car\ Crash\ -\ Contemporary\ Solo.mp4
ProcCwd: /home/bagas/vlc-bug
Signal: 6
SourcePackage: vlc
StacktraceTop:
 __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f55f8fdf285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
 malloc_printerr (str=str@entry=0x7f55f8fe1690 "double free or corruption (!prev)") at malloc.c:5347
 _int_free (av=Quit
Title: vlc assert failure: double free or corruption (!prev)
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2020-08-11T18:33:58.913741
separator:

Revision history for this message
Bagas Sanjaya (bagasme) wrote :
information type: Private → Public
Revision history for this message
Bagas Sanjaya (bagasme) wrote :

To reproduce this bug:

 - `mkdir vlc-bug && cd vlc-bug`
 - Get this video attachment
 - Invoke `vlc 'I Died in a Car Crash - Contemporary Solo.mp4'`
 - Pause at 1:37 (when Ana is doing headstand/handstand trick). Wait until her legs are fully straight.
 - Either click 'Take a snapshot' button (requires enabling advanced controls on View -> Advanced Controls) or click Video -> Take Snapshot. Take snapshot twice.

Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f55f8fdf285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
 malloc_printerr (str=str@entry=0x7f55f8fe1690 "double free or corruption (!prev)") at malloc.c:5347
 _int_free (av=0x7f55c8000020, p=0x7f55c8817630, have_lock=<optimized out>) at malloc.c:4317
 CopyCleanCache () from /tmp/apport_sandbox_auyehdsf/usr/lib/x86_64-linux-gnu/vlc/plugins/vaapi/libvaapi_filters_plugin.so
 vlc_vaapi_CloseChroma () from /tmp/apport_sandbox_auyehdsf/usr/lib/x86_64-linux-gnu/vlc/plugins/vaapi/libvaapi_filters_plugin.so

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in vlc (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Bagas Sanjaya (bagasme) wrote :

Use wget to download the testing video attachment above.

Revision history for this message
Bagas Sanjaya (bagasme) wrote :

ping

Revision history for this message
Jani Uusitalo (uusijani) wrote :

Same "double free or corruption (!prev)" reproducible here too (VLC 3.0.9.2-1, Ubuntu 20.04), even more easily: the position doesn't matter, and the first attempt to screenshot is already enough to trigger the issue.

I came across this when trying to screenshot a Superman cartoon I downloaded from Internet Archive [1].

* [1] https://archive.org/download/dom-6746superman-episode7-theundergroundworld512kb/dom-6746superman-episode7-theundergroundworld512kb.mp4

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vlc (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.