[MPlayer-users] [patch] mplayer segfaults at the end of FLV movies

[Dennis Schneider]

Hi.
I'm using mplayer r29371 right now on FreeBSD with malloc debugging 
enabled.
Mplayer is really nice, but when playing FLV movies (downloaded from 
youtube, e.g) it exits with a SIGSEGV at the end of the movie.  Because 
FreeBSD malloc says:
	Assertion failed: (diff == regind * size), function 
	arena_run_reg_dalloc, file /usr/src/lib/libc/stdlib/malloc.c, line 
	2536.

A stacktrace shows that free() is called via av_free() from av_freep() 
in libmpcodecs/vd_ffmpeg.c:440:
	av_freep(&avctx->palctrl);

Digging deeper, I found that it only occured with CONFIG_MEMALIGN_HACK 
enabled (the default on this platform), but this is only hiding the 
problem.

The cause sits also in libmpcodecs/vd_ffmpeg.c, line 389:
	avctx->palctrl = calloc(1, sizeof(AVPaletteControl));
Which is clearly wrong since it is freed with the align-correcting 
av_free(p).

Could somebody please fix this, e.g. with the patch below?

Index: libmpcodecs/vd_ffmpeg.c
===================================================================
--- libmpcodecs/vd_ffmpeg.c	(Revision 29371)
+++ libmpcodecs/vd_ffmpeg.c	(Arbeitskopie)
@@ -386,7 +386,7 @@
      }
      /* Pass palette to codec */
      if (sh->bih && (sh->bih->biBitCount <= 8)) {
-        avctx->palctrl = calloc(1, sizeof(AVPaletteControl));
+        avctx->palctrl = av_malloc(sizeof(AVPaletteControl));
				 avctx->palctrl->palette_changed = 1;
          if (sh->bih->biSize-sizeof(BITMAPINFOHEADER))
              /* Palette size in biSize */


Please Cc me since I am not subscribed to this list.

Dennis