Skip to content

Video frames backed by dav1d can no longer be kept around past the end of dav1d_close().

9057d286 breaks the ability to keep video frames backed by dav1d around past dav1d_close(). If that's an expected outcome the documentation should be updated to ensure folks provide a custom allocator in these cases. If that's not intended, here's a bug report :)

[ RUN      ] Dav1dVideoDecoderTest.DecodeFrame_10bitMono
=================================================================
==12942==ERROR: AddressSanitizer: heap-use-after-free on address 0x62d000027f48 at pc 0x5578329cab36 bp 0x7ffef0770930 sp 0x7ffef0770928
READ of size 8 at 0x62d000027f48 thread T0
    #0 0x5578329cab35 in dav1d_mem_pool_push third_party/dav1d/libdav1d/src/mem.c:37:23
    #1 0x5578329ccf26 in free_buffer third_party/dav1d/libdav1d/src/picture.c:98:5
    #2 0x5578329caa43 in dav1d_ref_dec third_party/dav1d/libdav1d/src/ref.c:103:9
    #3 0x5578329cca49 in dav1d_picture_unref_internal third_party/dav1d/libdav1d/src/picture.c:264:9
    #4 0x5578329aca30 in dav1d_picture_unref third_party/dav1d/libdav1d/src/lib.c:619:5
    #5 0x55782d43523c in operator() media/filters/dav1d_video_decoder.cc:127:5
    #6 0x55782d43523c in reset buildtools/third_party/libc++/trunk/include/memory:2633:7
    #7 0x55782d43523c in ~unique_ptr buildtools/third_party/libc++/trunk/include/memory:2587:19
    #8 0x55782d43523c in Invoke<(lambda at ../../base/callback_helpers.h:171:21), std::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree> > base/bind_internal.h:379:5
    #9 0x55782d43523c in MakeItSo<(lambda at ../../base/callback_helpers.h:171:21), std::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree> > base/bind_internal.h:637:12
    #10 0x55782d43523c in RunImpl<(lambda at ../../base/callback_helpers.h:171:21), std::tuple<>> base/bind_internal.h:710:12
    #11 0x55782d43523c in base::internal::Invoker<base::internal::BindState<base::OnceCallback<void (std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>)> base::DoNothing::Once<std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree> >()::'lambda'(std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>)>, void (std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>)>::RunOnce(base::internal::BindStateBase*, std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>&&) base/bind_internal.h:679:12
    #12 0x55782d4356e8 in Run base/callback.h:101:12
    #13 0x55782d4356e8 in void base::internal::FunctorTraits<base::OnceCallback<void (std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>)>, void>::Invoke<base::OnceCallback<void (std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>)>, std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree> >(base::OnceCallback<void (std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>)>&&, std::__1::unique_ptr<Dav1dPicture, media::ScopedDav1dPictureFree>&&) base/bind_internal.h:597:49
    #14 0x55782c051801 in Run base/callback.h:101:12
    #15 0x55782c051801 in media::VideoFrame::~VideoFrame() media/base/video_frame.cc:1311:25
    #16 0x55782c051d2d in media::VideoFrame::~VideoFrame() media/base/video_frame.cc:1298:27
    #17 0x55782addaafb in DeleteInternal<media::VideoFrame> base/memory/ref_counted.h:411:5
    #18 0x55782addaafb in Destruct base/memory/ref_counted.h:366:5
    #19 0x55782addaafb in Release base/memory/ref_counted.h:400:7
    #20 0x55782addaafb in Release base/memory/scoped_refptr.h:322:8
    #21 0x55782addaafb in ~scoped_refptr base/memory/scoped_refptr.h:224:7
    #22 0x55782addaafb in destroy buildtools/third_party/libc++/trunk/include/memory:1920:64
    #23 0x55782addaafb in __destroy<scoped_refptr<media::VideoFrame> > buildtools/third_party/libc++/trunk/include/memory:1782:18
    #24 0x55782addaafb in destroy<scoped_refptr<media::VideoFrame> > buildtools/third_party/libc++/trunk/include/memory:1619:14
    #25 0x55782addaafb in __destruct_at_end buildtools/third_party/libc++/trunk/include/vector:426:9
    #26 0x55782addaafb in clear buildtools/third_party/libc++/trunk/include/vector:369:29
    #27 0x55782addaafb in ~__vector_base buildtools/third_party/libc++/trunk/include/vector:463:9
    #28 0x55782addaafb in ~vector buildtools/third_party/libc++/trunk/include/vector:555:5
    #29 0x55782addaafb in media::Dav1dVideoDecoderTest::~Dav1dVideoDecoderTest() media/filters/dav1d_video_decoder_unittest.cc:45:50
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

VideoLAN code repository instance