[Bug]: Intel iHD driver alloc-dealloc-mismatch #1985
Description
Which component impacted?
Video Processing
Is it regression? Good in old configuration?
None
What happened?
Description
When an application uses VA-API for hardware decode (e.g. FFmpeg/libav av_hwframe_transfer_data with VAAPI) and is built with AddressSanitizer, ASan reports:
ERROR: AddressSanitizer: alloc-dealloc-mismatch (malloc vs operator delete []) on 0x...
#0 operator delete[](void*)
#1 ... iHD_drv_video.so ...
#2 vaDestroyImage ... libva.so
#3 ... libavutil ... av_buffer_unref / av_frame_free
Memory is allocated with malloc() (in the driver, during vaCreateImage / image creation path) and freed with operator delete[] (during vaDestroyImage). That is undefined behaviour: allocation and deallocation must use matching functions (malloc/free vs new/delete).
Environment
-Processor: Intel Ultra 7 255U (14) @ 5.200GHz
- Driver: Intel iHD driver for VAAPI (
/usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so) - Driver version: e.g. 24.1.0 (from
vainfo: "Driver version: Intel iHD driver for Intel(R) Gen Graphics - 24.1.0") - libva: e.g. 2.12.0
- OS: e.g. Ubuntu 24.04, x86_64
- Reproduction: Application linked with
-fsanitize=addressthat uses VA-API HW decode and transfers frames (e.g.av_hwframe_transfer_data). Crash occurs when frames are released.
Expected
Allocations from the driver should be freed with the matching deallocator (malloc → free, new → delete).
Actual
Driver frees with operator delete[] memory that was allocated with malloc().
Note
The mismatch is only visible when the application is built with AddressSanitizer. It may manifest only on certain Intel GPU generations (different code paths in the driver).
What's the usage scenario when you are seeing the problem?
Playback
What impacted?
No response
Debug Information
No response
Do you want to contribute a patch to fix the issue?
None