asf demuxer leaks decoded frames

[ajschult]

If I load up a WMV, play it for a bit (20sec) and then quit, valgrind sees

Code Select Expand


290,666 bytes in 188 blocks are definitely lost in loss record 471 of 471
at 0x4A0881C: malloc (vg_replace_malloc.c:270)
by 0x5EB79CA: ADM_alloc (in /build/andrew/avidemux/avidemux_2.6.0/install/usr/lib64/libADM_core6.so)
by 0x14ADB883: ???
by 0x14ADBF83: ???
by 0x14ADA92D: ???
by 0x460D2D: ADM_Composer::DecodeNextPicture(unsigned int) (ADM_edRenderInternal.cpp:216)
by 0x460B6B: ADM_Composer::nextPictureInternal(unsigned int, ADMImage*) (ADM_edRenderInternal.cpp:153)
by 0x45F414: ADM_Composer::nextPicture(ADMImage*, bool) (ADM_edRender.cpp:232)


Sadly, valrgind can't seem to pick up the stack frames in the middle.  gdb tells me DecodeNextPicture is calling into asfHeader::getFrame and I've rebuilt the lib with symbols, but valgrind still gives me ??.  Anyway, gdb sees a few different calls to ADM_malloc under DecodeNextPicture, but the only one that seems to allocate in a big enough chunk is

Code Select Expand


#0  ADM_alloc (size=6618)
    at /build/andrew/avidemux/avidemux_2.6.0/avidemux_core/ADM_core/src/ADM_memsupport.cpp:97
#1  0x00007ffff6b50db8 in operator new[] (t=6618)
    at /build/andrew/avidemux/avidemux_2.6.0/avidemux_core/ADM_core/src/ADM_memsupport.cpp:174
#2  0x00007fffe830dafc in asfPacket::pushPacket (this=0x1816260, keyframe=0,
    packetnb=3, offset=7367, sequence=4, payloadLen=6618, stream=2, dts=307000, pts=3120000)
    at /build/andrew/avidemux/avidemux_2.6.0/avidemux_plugins/ADM_demuxers/Asf/ADM_asfPacket.cpp:330
#3  0x00007fffe830d96d in asfPacket::nextPacket (this=0x1816260, streamWanted=2 '\002')
    at /build/andrew/avidemux/avidemux_2.6.0/avidemux_plugins/ADM_demuxers/Asf/ADM_asfPacket.cpp:281
#4  0x00007fffe830c814 in asfHeader::getFrame (this=0x18185a0, framenum=3, img=0x7fffd67e6b60)
    at /build/andrew/avidemux/avidemux_2.6.0/avidemux_plugins/ADM_demuxers/Asf/ADM_asf.cpp:351
#5  0x0000000000460d2e in ADM_Composer::DecodeNextPicture (this=0x14aeaa0, ref=0)
    at /build/andrew/avidemux/avidemux_2.6.0/avidemux/qt4/common/ADM_editor/src/ADM_edRenderInternal.cpp:216


[mean]

Probably a cousin of the one i fixed earlier
Valgrind does not pick it up because it 's a std::vector or something like that

[ajschult]

Code Select Expand


Index: ADM_asfPacket.cpp
===================================================================
--- ADM_asfPacket.cpp   (revision 8312)
+++ ADM_asfPacket.cpp   (working copy)
@@ -43,6 +43,7 @@ bool freeQueue(queueOfAsfBits *q)
     {
         asfBit *bit=q->front();
         q->pop_front();
+        delete [] bit->data;
         delete bit;
     }
     return true;

@@ -320,6 +321,7 @@ uint8_t   asfPacket::nextPacket(uint8_t streamWant
     {
         bit=storage->front();
         storage->pop_front();
+        delete [] bit->data;
     }

    aprintf("Pushing packet stream=%d len=%d offset=%d seq=%d packet=%d dts=%s \n",


a bit's data does not get freed in freeQueue, but the bigger issue was that a bit taken from storage had its data replaced by a new array.  Alternatively, the data could get nuked whenever a bit is added to storage.

[gruntster]

Thanks, committed r8313.