ccextractor
ccextractor copied to clipboard
Published
20 hours ago •
CCExtractor
CCExtractor
[BUG] double free or corruption (out)
CCExtractor version: 0.93
In raising this issue, I confirm the following:
- [x] I have read and understood the contributors guide.
- [x] I have checked that the bug-fix I am reporting can be replicated, or that the feature I am suggesting isn't already present.
- [x] I have checked that the issue I'm posting isn't already reported.
- [x] I have checked that the issue I'm porting isn't already solved and no duplicates exist in closed issues and in opened issues
- [x] I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.
- [x] I have used the latest available version of CCExtractor to verify this issue exists.
- [x] I have ticked all the boxes in this section and to prove it I'm deleting the section completely to remove boilerplate text.
Necessary information
Video links
- https://sampleplatform.ccextractor.org/sample/download/3
- https://sampleplatform.ccextractor.org/sample/download/21
Additional information
Happened with several other files when ccx runs together on them, All were from sample platform.
Logs -
<Katbin/>
╭─techno_disaster at pop-os in ~/Projects/Opensource/ccextractorfluttergui/samples on master✘✘✘
╰─± ccextractor 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg 85c7fc1ad7c3dd56d4e836750b5b309a5bfa9ab9d846844f1aba62bcf9f286db.mpg d41b53b5042771fc645faa7fd9cfb040727336793586b026ec6101908ddd9c92.mpg
CCExtractor 0.92, Carlos Fernandez Sanz, Volker Quetschke.
Teletext portions taken from Petr Kutalek's telxcc
--------------------------------------------------------------------------
Input: 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg, 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg, 85c7fc1ad7c3dd56d4e836750b5b309a5bfa9ab9d846844f1aba62bcf9f286db.mpg, d41b53b5042771fc645faa7fd9cfb040727336793586b026ec6101908ddd9c92.mpg
[Extract: 1] [Stream mode: Autodetect]
[Program : Auto ] [Hauppage mode: No] [Use MythTV code: Auto]
[Timing mode: Auto] [Debug: No] [Buffer input: No]
[Use pic_order_cnt_lsb for H.264: No] [Print CC decoder traces: No]
[Target format: .srt] [Encoding: UTF-8] [Delay: 0] [Trim lines: No]
[Add font color data: Yes] [Add font typesetting: Yes]
[Convert case: No][Filter profanity: No] [Video-edit join: No]
[Extraction start time: not set (from start)]
[Extraction end time: not set (to end)]
[Live stream: No] [Clock frequency: 90000]
[Teletext page: Autodetect]
[Start credits text: None]
[Quantisation-mode: CCExtractor's internal function]
-----------------------------------------------------------------
Opening file: 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg
File seems to be a transport stream, enabling TS mode
Analyzing data in general mode
eng.traineddata not found! No Switching Possible
3% | 01:32
-----------------------------------------------------------------
Opening file: 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg
File seems to be a transport stream, enabling TS mode
Notice: PAT changed, clearing all variables.
VBI/teletext stream ID 272 (0x110) for SID 1 (0x1)
8% | 00:04
-----------------------------------------------------------------
Opening file: 85c7fc1ad7c3dd56d4e836750b5b309a5bfa9ab9d846844f1aba62bcf9f286db.mpg
File seems to be a transport stream, enabling TS mode
Notice: PAT changed, clearing all variables.
double free or corruption (out)
[1] 23827 IOT instruction (core dumped) ccextractor
╭─techno_disaster at pop-os in ~/Projects/Opensource/ccextractorfluttergui/samples on master✘✘✘
╰─± ccextractor 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg d41b53b5042771fc645faa7fd9cfb040727336793586b026ec6101908ddd9c92.mpg
CCExtractor 0.92, Carlos Fernandez Sanz, Volker Quetschke.
Teletext portions taken from Petr Kutalek's telxcc
--------------------------------------------------------------------------
Input: 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg, 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg, d41b53b5042771fc645faa7fd9cfb040727336793586b026ec6101908ddd9c92.mpg
[Extract: 1] [Stream mode: Autodetect]
[Program : Auto ] [Hauppage mode: No] [Use MythTV code: Auto]
[Timing mode: Auto] [Debug: No] [Buffer input: No]
[Use pic_order_cnt_lsb for H.264: No] [Print CC decoder traces: No]
[Target format: .srt] [Encoding: UTF-8] [Delay: 0] [Trim lines: No]
[Add font color data: Yes] [Add font typesetting: Yes]
[Convert case: No][Filter profanity: No] [Video-edit join: No]
[Extraction start time: not set (from start)]
[Extraction end time: not set (to end)]
[Live stream: No] [Clock frequency: 90000]
[Teletext page: Autodetect]
[Start credits text: None]
[Quantisation-mode: CCExtractor's internal function]
-----------------------------------------------------------------
Opening file: 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg
File seems to be a transport stream, enabling TS mode
Analyzing data in general mode
eng.traineddata not found! No Switching Possible
28% | 01:49
-----------------------------------------------------------------
Opening file: 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg
File seems to be a transport stream, enabling TS mode
Notice: PAT changed, clearing all variables.
VBI/teletext stream ID 272 (0x110) for SID 1 (0x1)
67% | 00:04
-----------------------------------------------------------------
Opening file: d41b53b5042771fc645faa7fd9cfb040727336793586b026ec6101908ddd9c92.mpg
File seems to be a transport stream, enabling TS mode
Notice: PAT changed, clearing all variables.
double free or corruption (out)
[1] 23848 IOT instruction (core dumped) ccextractor
╭─techno_disaster at pop-os in ~/Projects/Opensource/ccextractorfluttergui/samples on master✘✘✘
╰─± ccextractor 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg
CCExtractor 0.92, Carlos Fernandez Sanz, Volker Quetschke.
Teletext portions taken from Petr Kutalek's telxcc
--------------------------------------------------------------------------
Input: 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg, 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg
[Extract: 1] [Stream mode: Autodetect]
[Program : Auto ] [Hauppage mode: No] [Use MythTV code: Auto]
[Timing mode: Auto] [Debug: No] [Buffer input: No]
[Use pic_order_cnt_lsb for H.264: No] [Print CC decoder traces: No]
[Target format: .srt] [Encoding: UTF-8] [Delay: 0] [Trim lines: No]
[Add font color data: Yes] [Add font typesetting: Yes]
[Convert case: No][Filter profanity: No] [Video-edit join: No]
[Extraction start time: not set (from start)]
[Extraction end time: not set (to end)]
[Live stream: No] [Clock frequency: 90000]
[Teletext page: Autodetect]
[Start credits text: None]
[Quantisation-mode: CCExtractor's internal function]
-----------------------------------------------------------------
Opening file: 85271be4d28a2af0be40572e72ddedf650b314155a2ed935140826ace0ad8167.mpg
File seems to be a transport stream, enabling TS mode
Analyzing data in general mode
eng.traineddata not found! No Switching Possible
42% | 01:49
-----------------------------------------------------------------
Opening file: 73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg
File seems to be a transport stream, enabling TS mode
Notice: PAT changed, clearing all variables.
VBI/teletext stream ID 272 (0x110) for SID 1 (0x1)
Premature end of file - Transport Stream packet is incomplete (expected 188 bytes, got 128).
100% | 00:04
Number of NAL_type_7: 0
Number of VCL_HRD: 0
Number of NAL HRD: 0
Number of jump-in-frames: 0
Number of num_unexpected_sei_length: 0
Min PTS: 13:08:15:350
Max PTS: 13:08:19:788
Length: 00:00:04:438
Done, processing time = 1 seconds
[1] 23868 segmentation fault (core dumped) ccextractor
Opening file: /mnt/c/Downloads/73d9313d64b0ddf1542bc3521d19cc8a601967fbbb8ee8eb3e6d03c53d7b55d9.mpg
File seems to be a transport stream, enabling TS mode
Notice: PAT changed, clearing all variables.
VBI/teletext stream ID 272 (0x110) for SID 1 (0x1)
==549== Invalid read of size 1
==549== at 0x17A399: set_tlt_delta (telxcc.c:1261)
==549== by 0x1814F8: general_loop (general_loop.c:1024)
==549== by 0x141EE8: api_start (ccextractor.c:204)
==549== by 0x142C3E: main (ccextractor.c:462)
==549== Address 0x7ea5339 is 5,273 bytes inside a block of size 17,023 free'd
==549== at 0x483D74F: operator delete[](void*) (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==549== by 0x4B99B74: tesseract::LSTMRecognizer::RecognizeLine(tesseract::ImageData const&, bool, bool, double, TBOX const&,
tesseract::PointerVector<WERD_RES>*, int) (in /usr/lib/x86_64-linux-gnu/libtesseract.so.4.0.1)
==549== by 0x4A60CD7: tesseract::Tesseract::LSTMRecognizeWord(BLOCK const&, ROW*, WERD_RES*, tesseract::PointerVector<WERD_RE
S>*) (in /usr/lib/x86_64-linux-gnu/libtesseract.so.4.0.1)
There's a lot more. Clearly when we do clean up we're deallocating stuff we later need (and keeping a pointer to it too).
Update: Bugs still happening
=================================================================
==1550755==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6070000017c9 at pc 0x55cfb6bb60e7 bp 0x7ffe73d39980 sp 0x7ffe73d39970
READ of size 1 at 0x6070000017c9 thread T0
#0 0x55cfb6bb60e6 in set_tlt_delta ../src/lib_ccx/telxcc.c:1261
#1 0x55cfb6bd2f40 in process_non_multiprogram_general_loop ../src/lib_ccx/general_loop.c:967
#2 0x55cfb6bd3bf3 in general_loop ../src/lib_ccx/general_loop.c:1062
#3 0x55cfb6ad1986 in api_start ../src/ccextractor.c:205
#4 0x55cfb6ad3cdb in main ../src/ccextractor.c:463
#5 0x7f79b822350f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#6 0x7f79b82235c8 in __libc_start_main_impl ../csu/libc-start.c:381
#7 0x55cfb6ad0cc4 in _start (/home/cfsmp3/codebase/ccex/ccextractor/linux/ccextractor+0x17acc4)
0x6070000017c9 is located 1057 bytes to the right of 72-byte region [0x607000001360,0x6070000013a8)
freed by thread T0 here:
#0 0x7f79b8ec1530 in operator delete(void*, unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:164
#1 0x7f79b8c19327 in tesseract::ELIST::internal_clear(void (*)(void*)) (/lib/x86_64-linux-gnu/libtesseract.so.5+0x219327)
previously allocated by thread T0 here:
#0 0x7f79b8ec0488 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:95
#1 0x7f79b8ba35fa in tesseract::complete_edge(tesseract::CRACKEDGE*, tesseract::C_OUTLINE_IT*) (/lib/x86_64-linux-gnu/libtesseract.so.5+0x1a35fa)
#2 0x7ffe73d38247 ([stack]+0x1c247)
SUMMARY: AddressSanitizer: heap-buffer-overflow ../src/lib_ccx/telxcc.c:1261 in set_tlt_delta
Shadow bytes around the buggy address:
0x0c0e7fff82a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff82b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff82c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff82d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff82e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c0e7fff82f0: fa fa fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa
0x0c0e7fff8300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8310: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8320: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8330: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c0e7fff8340: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1550755==ABORTING