zms and nph-zms crashing when viewing event

Post by **kylejohnson** » Sat May 01, 2010 1:26 pm

When trying to view an event, both zms and nph-zms crash (apache or lighttpd). Specifically, when $streamMode is set to jpeg, zms crashes and my error log shows the following. However, zms works fine when streaming a live feed. Ideas?

Code: Select all

*** glibc detected *** /usr/lib/cgi-bin/zms: double free or corruption (!prev): 0x0000000006dcf5c0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f731a65da58]
/lib/libc.so.6(cfree+0x76)[0x7f731a6600a6]
/lib/libc.so.6(fclose+0x151)[0x7f731a64dcf1]
/usr/lib/cgi-bin/zms[0x41a17c]
======= Memory map: ========
00400000-00473000 r-xp 00000000 09:00 222134                             /usr/lib/cgi-bin/zms
00672000-00673000 r--p 00072000 09:00 222134                             /usr/lib/cgi-bin/zms
00673000-0067d000 rw-p 00073000 09:00 222134                             /usr/lib/cgi-bin/zms
0067d000-060d5000 rw-p 0067d000 00:00 0 
06db0000-06df2000 rw-p 06db0000 00:00 0                                  [heap]
7f7310000000-7f7310021000 rw-p 7f7310000000 00:00 0 
7f7310021000-7f7314000000 ---p 7f7310021000 00:00 0 
7f7314de2000-7f7314fa6000 rw-p 7f7314de2000 00:00 0 
7f7314fa7000-7f7314ff3000 rw-p 7f7314fa7000 00:00 0 
7f7314ff3000-7f7317be6000 rw-s 00000000 00:09 294913                     /SYSV7a6d0002 (deleted)
7f7317be6000-7f7317bf1000 r-xp 00000000 09:00 358618                     /lib/libnss_files-2.8.90.so
7f7317bf1000-7f7317df0000 ---p 0000b000 09:00 358618                     /lib/libnss_files-2.8.90.so
7f7317df0000-7f7317df1000 r--p 0000a000 09:00 358618                     /lib/libnss_files-2.8.90.so
7f7317df1000-7f7317df2000 rw-p 0000b000 09:00 358618                     /lib/libnss_files-2.8.90.so
7f7317df2000-7f7317df5000 r-xp 00000000 09:00 358489                     /lib/libgpg-error.so.0.3.0
7f7317df5000-7f7317ff4000 ---p 00003000 09:00 358489                     /lib/libgpg-error.so.0.3.0
7f7317ff4000-7f7317ff5000 rw-p 00002000 09:00 358489                     /lib/libgpg-error.so.0.3.0
7f7317ff5000-7f7317ffa000 r-xp 00000000 09:00 206590                     /usr/lib/libogg.so.0.5.3
7f7317ffa000-7f73181f9000 ---p 00005000 09:00 206590                     /usr/lib/libogg.so.0.5.3
7f73181f9000-7f73181fa000 r--p 00004000 09:00 206590                     /usr/lib/libogg.so.0.5.3
7f73181fa000-7f73181fb000 rw-p 00005000 09:00 206590                     /usr/lib/libogg.so.0.5.3
7f73181fb000-7f7318211000 r-xp 00000000 09:00 358614                     /lib/libnsl-2.8.90.so
7f7318211000-7f7318410000 ---p 00016000 09:00 358614                     /lib/libnsl-2.8.90.so
7f7318410000-7f7318411000 r--p 00015000 09:00 358614                     /lib/libnsl-2.8.90.so
7f7318411000-7f7318412000 rw-p 00016000 09:00 358614                     /lib/libnsl-2.8.90.so
7f7318412000-7f7318414000 rw-p 7f7318412000 00:00 0 
7f7318414000-7f731841d000 r-xp 00000000 09:00 358608                     /lib/libcrypt-2.8.90.so
7f731841d000-7f731861c000 ---p 00009000 09:00 358608                     /lib/libcrypt-2.8.90.so
7f731861c000-7f731861d000 r--p 00008000 09:00 358608                     /lib/libcrypt-2.8.90.so
7f731861d000-7f731861e000 rw-p 00009000 09:00 358608                     /lib/libcrypt-2.8.90.so
7f731861e000-7f731864c000 rw-p 7f731861e000 00:00 0 
7f731864c000-7f73186ef000 r-xp 00000000 09:00 206668                     /usr/lib/libgnutls.so.26.4.5
7f73186ef000-7f73188ee000 ---p 000a3000 09:00 206668                     /usr/lib/libgnutls.so.26.4.5
7f73188ee000-7f73188f8000 r--p 000a2000 09:00 206668                     /usr/lib/libgnutls.so.26.4.5
7f73188f8000-7f73188f9000 rw-p 000ac000 09:00 206668                     /usr/lib/libgnutls.so.26.4.5
7f73188f9000-7f731895e000 r-xp 00000000 09:00 358485                     /lib/libgcrypt.so.11.4.4
7f731895e000-7f7318b5d000 ---p 00065000 09:00 358485                     /lib/libgcrypt.so.11.4.4
7f7318b5d000-7f7318b5e000 r--p 00064000 09:00 358485                     /lib/libgcrypt.so.11.4.4
7f7318b5e000-7f7318b60000 rw-p 00065000 09:00 358485                     /lib/libgcrypt.so.11.4.4
7f7318b60000-7f7318b70000 r-xp 00000000 09:00 206004                     /usr/lib/libtasn1.so.3.0.15
7f7318b70000-7f7318d6f000 ---p 00010000 09:00 206004                     /usr/lib/libtasn1.so.3.0.15
7f7318d6f000-7f7318d71000 rw-p 0000f000 09:00 206004                     /usr/lib/libtasn1.so.3.0.15
7f7318d71000-7f7318d90000 r-xp 00000000 09:00 204739                     /usr/lib/libvorbis.so.0.4.0
7f7318d90000-7f7318f8f000 ---p 0001f000 09:00 204739                     /usr/lib/libvorbis.so.0.4.0
7f7318f8f000-7f7318f90000 r--p 0001e000 09:00 204739                     /usr/lib/libvorbis.so.0.4.0
7f7318f90000-7f7318f9e000 rw-p 0001f000 09:00 204739                     /usr/lib/libvorbis.so.0.4.0
7f7318f9e000-7f7318fb8000 r-xp 00000000 09:00 204743                     /usr/lib/libvorbisenc.so.2.0.3
7f7318fb8000-7f73191b7000 ---p 0001a000 09:00 204743                     /usr/lib/libvorbisenc.so.2.0.3
7f73191b7000-7f73191b8000 r--p 00019000 09:00 204743                     /usr/lib/libvorbisenc.so.2.0.3
7f73191b8000-7f7319378000 rw-p 0001a000 09:00 204743                     /usr/lib/libvorbisenc.so.2.0.3
7f7319378000-7f73193be000 r-xp 00000000 09:00 206592                     /usr/lib/libtheora.so.0.3.3
7f73193be000-7f73195bd000 ---p 00046000 09:00 206592                     /usr/lib/libtheora.so.0.3.3
7f73195bd000-7f73195bf000 rw-p 00045000 09:00 206592                     /usr/lib/libtheora.so.0.3.3
7f73195bf000-7f73195cc000 r-xp 00000000 09:00 206022                     /usr/lib/libgsm.so.1.0.12
7f73195cc000-7f73197cb000 ---p 0000d000 09:00 206022                     /usr/lib/libgsm.so.1.0.12
7f73197cb000-7f73197cc000 rw-p 0000c000 09:00 206022                     /usr/lib/libgsm.so.1.0.12
7f73197cc000-7f7319cdc000 r-xp 00000000 09:00 221485                     /usr/local/lib/libavcodec.so.52.59.0
7f7319cdc000-7f7319edc000 ---p 00510000 09:00 221485                     /usr/local/lib/libavcodec.so.52.59.0
7f7319edc000-7f7319ee7000 r--p 00510000 09:00 221485                     /usr/local/lib/libavcodec.so.52.59.0
7f7319ee7000-7f7319ef5000 rw-p 0051b000 09:00 221485                     /usr/local/lib/libavcodec.so.52.59.0
7f7319ef5000-7f731a3d2000 rw-p 7f7319ef5000 00:00 0 
7f731a3d2000-7f731a3df000 r-xp 00000000 09:00 221494                     /usr/local/lib/libavutil.so.50.12.0
7f731a3df000-7f731a5df000 ---p 0000d000 09:00 221494                     /usr/local/lib/libavutil.so.50.12.0
7f731a5df000-7f731a5e0000 r--p 0000d000 09:00 221494                     /usr/local/lib/libavutil.so.50.12.0
7f731a5e0000-7f731a5e1000 rw-p 0000e000 09:00 221494                     /usr/local/lib/libavutil.so.50.12.0
7f731a5e1000-7f731a5e4000 rw-p 7f731a5e1000 00:00 0 
7f731a5e4000-7f731a74d000 r-xp 00000000 09:00 358555                     /lib/libc-2.8.90.so
7f731a74d000-7f731a94c000 ---p 00169000 09:00 358555                     /lib/libc-2.8.90.so
7f731a94c000-7f731a950000 r--p 00168000 09:00 358555                     /lib/libc-2.8.90.so
7f731a950000-7f731a951000 rw-p 0016c000 09:00 358555                     /lib/libc-2.8.90.so
7f731a951000-7f731a956000 rw-p 7f731a951000 00:00 0 
7f731a956000-7f731a96c000 r-xp 00000000 09:00 358548                     /lib/libgcc_s.so.1
7f731a96c000-7f731ab6c000 ---p 00016000 09:00 358548                     /lib/libgcc_s.so.1
7f731ab6c000-7f731ab6d000 r--p 00016000 09:00 358548                     /lib/libgcc_s.so.1
7f731ab6d000-7f731ab6e000 rw-p 00017000 09:00 358548                     /lib/libgcc_s.so.1
7f731ab6e000-7f731abf2000 r-xp 00000000 09:00 358612                     /lib/libm-2.8.90.so
7f731abf2000-7f731adf1000 ---p 00084000 09:00 358612                     /lib/libm-2.8.90.so
7f731adf1000-7f731adf2000 r--p 00083000 09:00 358612                     /lib/libm-2.8.90.so
7f731adf2000-7f731adf3000 rw-p 00084000 09:00 358612                     /lib/libm-2.8.90.so
7f731adf3000-7f731aee4000 r-xp 00000000 09:00 204535                     /usr/lib/libstdc++.so.6.0.10
7f731aee4000-7f731b0e4000 ---p 000f1000 09:00 204535                     /usr/lib/libstdc++.so.6.0.10
7f731b0e4000-7f731b0eb000 r--p 000f1000 09:00 204535                     /usr/lib/libstdc++.so.6.0.10
7f731b0eb000-7f731b0ed000 rw-p 000f8000 09:00 204535                     /usr/lib/libstdc++.so.6.0.10
7f731b0ed000-7f731b100000 rw-p 7f731b0ed000 00:00 0 
7f731b100000-7f731b2b5000 r-xp 00000000 09:00 205013                     /usr/lib/libmysqlclient.so.15.0.0
7f731b2b5000-7f731b4b4000 ---p 001b5000 09:00 205013                     /usr/lib/libmysqlclient.so.15.0.0
7f731b4b4000-7f731b4b9000 r--p 001b4000 09:00 205013                     /usr/lib/libmysqlclient.so.15.0.0
7f731b4b9000-7f731b4fd000 rw-p 001b9000 09:00 205013                     /usr/lib/libmysqlclient.so.15.0.0
7f731b4fd000-7f731b4ff000 rw-p 7f731b4fd000 00:00 0 
7f731b4ff000-7f731b521000 r-xp 00000000 09:00 206620                     /usr/lib/libjpeg.so.62.0.0
7f731b521000-7f731b721000 ---p 00022000 09:00 206620                     /usr/lib/libjpeg.so.62.0.0
7f731b721000-7f731b722000 rw-p 00022000 09:00 206620                     /usr/lib/libjpeg.so.62.0.0
7f731b722000-7f731b739000 r-xp 00000000 09:00 358623                     /lib/libpthread-2.8.90.so
7f731b739000-7f731b938000 ---p 00017000 09:00 358623                     /lib/libpthread-2.8.90.so
7f731b938000-7f731b939000 r--p 00016000 09:00 358623                     /lib/libpthread-2.8.90.so
7f731b939000-7f731b93a000 rw-p 00017000 09:00 358623                     /lib/libpthread-2.8.90.so
7f731b93a000-7f731b93e000 rw-p 7f731b93a000 00:00 0 
7f731b93e000-7f731b940000 r-xp 00000000 09:00 358610                     /lib/libdl-2.8.90.so
7f731b940000-7f731bb40000 ---p 00002000 09:00 358610                     /lib/libdl-2.8.90.so
7f731bb40000-7f731bb41000 r--p 00002000 09:00 358610                     /lib/libdl-2.8.90.so
7f731bb41000-7f731bb42000 rw-p 00003000 09:00 358610                     /lib/libdl-2.8.90.so
7f731bb42000-7f731bb4f000 r-xp 00000000 09:00 206672                     /usr/lib/libgnutls-openssl.so.26.4.5
7f731bb4f000-7f731bd4e000 ---p 0000d000 09:00 206672                     /usr/lib/libgnutls-openssl.so.26.4.5
7f731bd4e000-7f731bd4f000 r--p 0000c000 09:00 206672                     /usr/lib/libgnutls-openssl.so.26.4.5
7f731bd4f000-7f731bd50000 rw-p 0000d000 09:00 206672                     /usr/lib/libgnutls-openssl.so.26.4.5
7f731bd50000-7f731bd78000 r-xp 00000000 09:00 358412                     /lib/libpcre.so.3.12.1
7f731bd78000-7f731bf77000 ---p 00028000 09:00 358412                     /lib/libpcre.so.3.12.1
7f731bf77000-7f731bf78000 r--p 00027000 09:00 358412                     /lib/libpcre.so.3.12.1
7f731bf78000-7f731bf79000 rw-p 00028000 09:00 358412                     /lib/libpcre.so.3.12.1
7f731bf79000-7f731bf82000 r-xp 00000000 09:00 204599                     /usr/lib/libavutil.so.49.6.0
7f731bf82000-7f731c181000 ---p 00009000 09:00 204599                     /usr/lib/libavutil.so.49.6.0
7f731c181000-7f731c182000 r--p 00008000 09:00 204599                     /usr/lib/libavutil.so.49.6.0
7f731c182000-7f731c183000 rw-p 00009000 09:00 204599                     /usr/lib/libavutil.so.49.6.0
7f731c183000-7f731c186000 rw-p 7f731c183000 00:00 0 
7f731c186000-7f731c5a6000 r-xp 00000000 09:00 204730                     /usr/lib/libavcodec.so.51.50.0
7f731c5a6000-7f731c7a5000 ---p 00420000 09:00 204730                     /usr/lib/libavcodec.so.51.50.0
7f731c7a5000-7f731c7b1000 r--p 0041f000 09:00 204730                     /usr/lib/libavcodec.so.51.50.0
7f731c7b1000-7f731c7ba000 rw-p 0042b000 09:00 204730                     /usr/lib/libavcodec.so.51.50.0
7f731c7ba000-7f731c8b3000 rw-p 7f731c7ba000 00:00 0 
7f731c8b3000-7f731c96c000 r-xp 00000000 09:00 221481                     /usr/local/lib/libavformat.so.52.56.0
7f731c96c000-7f731cb6b000 ---p 000b9000 09:00 221481                     /usr/local/lib/libavformat.so.52.56.0
7f731cb6b000-7f731cb6f000 r--p 000b8000 09:00 221481                     /usr/local/lib/libavformat.so.52.56.0
7f731cb6f000-7f731cb79000 rw-p 000bc000 09:00 221481                     /usr/local/lib/libavformat.so.52.56.0
7f731cb79000-7f731cbac000 r-xp 00000000 09:00 221489                     /usr/local/lib/libswscale.so.0.10.0
7f731cbac000-7f731cdac000 ---p 00033000 09:00 221489                     /usr/local/lib/libswscale.so.0.10.0
7f731cdac000-7f731cdad000 r--p 00033000 09:00 221489                     /usr/local/lib/libswscale.so.0.10.0
7f731cdad000-7f731cdae000 rw-p 00034000 09:00 221489                     /usr/local/lib/libswscale.so.0.10.0
7f731cdae000-7f731cdc5000 r-xp 00000000 09:00 205502                     /usr/lib/libz.so.1.2.3.3
7f731cdc5000-7f731cfc4000 ---p 00017000 09:00 205502                     /usr/lib/libz.so.1.2.3.3
7f731cfc4000-7f731cfc6000 rw-p 00016000 09:00 205502                     /usr/lib/libz.so.1.2.3.3
7f731cfc6000-7f731cfe5000 r-xp 00000000 09:00 358550                     /lib/ld-2.8.90.so
7f731d00b000-7f731d1db000 rw-p 7f731d00b000 00:00 0 
7f731d1e1000-7f731d1e4000 rw-p 7f731d1e1000 00:00 0 
7f731d1e4000-7f731d1e5000 r--p 0001e000 09:00 358550                     /lib/ld-2.8.90.so
7f731d1e5000-7f731d1e6000 rw-p 0001f000 09:00 358550                     /lib/ld-2.8.90.so
7fff251d1000-7fff251e6000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff251ff000-7fff25200000 r-xp 7fff251ff000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

jdhar · Post by **jdhar** » Sun Oct 03, 2010 4:01 pm

bump on this... same issue here.

christophe_y2k · Post by **christophe_y2k** » Sun Jan 02, 2011 11:28 am

With ZoneMinder 1.24.2 On Gentoo 64 Linux update (with libjpeg-turbo-1.0.1)

When you play an event and you change resize image apache2 crash immediatly

reproduce always

[Sun Jan 02 12:15:42 2011] [error] [client 127.0.0.1] *** glibc detected *** /video/zoneminder/cgi-bin/nph-zms: double free or corruption (!prev): 0x0000000007dc3fd0 ***, referer: http://gentoo/zoneminder/index.php?view ... c=1&page=1

[Sun Jan 02 12:20:42 2011] [warn] [client 127.0.0.1] Timeout waiting for output from CGI script /video/zoneminder/cgi-bin/nph-zms, referer: http://gentoo/zoneminder/index.php?view ... c=1&page=1

mastertheknife · Post by **mastertheknife** » Sun Jan 02, 2011 3:08 pm

Hi,

It's hard to locate the source of the crash, but i recently created a patch for fixing a double free issue happening inside zm's ffmpeg code, its possible that this is the double free shown in your crash log.

Please try this patch, patch with patch -p1 -i this.patch.file
1) I replaced av_free() with the safer av_freep(), which sets the pointer to NULL after the data is freed, to avoid freeing the same memory twice in case the terminator is being called again (unlikely).
2) freeing mCodecContext and mFormatContext is unnessecary, closing them should free any used resources automatically.

Code: Select all

--- a/src/zm_ffmpeg_camera.cpp        2010-12-31 19:31:13.754142164 +0200
+++ b/src/zm_ffmpeg_camera.cpp        2010-12-31 19:31:13.770135335 +0200
@@ -43,13 +43,13 @@
 
 FfmpegCamera::~FfmpegCamera()
 {
-    av_free( mFrame );
-    av_free( mRawFrame );
+    av_freep( mFrame );
+    av_freep( mRawFrame );
     
     avcodec_close( mCodecContext );
-    av_free( mCodecContext );
+    mCodecContext = NULL;
     av_close_input_file( mFormatContext );
-    av_free( mFormatContext );
+    mFormatContext = NULL;
 
        if ( capture )
        {

mastertheknife.

mastertheknife · Post by **mastertheknife** » Sun Jan 02, 2011 3:10 pm

christophe_y2k wrote:When you play an event and you change resize image apache2 crash immediatly

Hi, Please try this:
http://www.zoneminder.com/forums/viewtopic.php?t=16482

christophe_y2k · Post by **christophe_y2k** » Sun Jan 02, 2011 5:50 pm

Sorry for that ...

Many thanks i just read this topic
i go to apply all patch

ZoneMinder Forums

zms and nph-zms crashing when viewing event

zms and nph-zms crashing when viewing event

ZM 1.24.2 - Crash when you play & resize an event

Re: ZM 1.24.2 - Crash when you play & resize an event

sorry mastertheknife