From 378da3457150c8ac8cb34909a4ecfafab6f4f7ba Mon Sep 17 00:00:00 2001 From: Ettore Di Giacinto Date: Mon, 8 Jun 2026 20:25:19 +0000 Subject: [PATCH] chore(llama-cpp): re-pin to upstream #24316, drop vendored stdin patch Upstream replaced the ad-hoc video stdin handling with a proper RAII refactor (ggml-org/llama.cpp#24316, "mtmd: refactor video subproc handling"), which includes the same `sp->stdin_file = nullptr` guard our patch added (plus join-before-destroy ordering). Re-pin LLAMA_VERSION to that branch head and drop patches/0001 - it's now redundant. Verified e2e with gemma-4-e2b-it-qat-q4_0: no crash, video frames decode and the model answers correctly (red clip -> "Red", blue -> "Blue"). NOTE: #24316 is not yet merged, so this pins to its branch-head commit (28ca1e60). Re-pin to the squash-merge commit on master once it lands, otherwise `git fetch` may lose the commit after the branch is deleted. Signed-off-by: Ettore Di Giacinto --- backend/cpp/llama-cpp/Makefile | 2 +- ...01-mtmd-fix-video-stdin-double-close.patch | 30 ------------------- 2 files changed, 1 insertion(+), 31 deletions(-) delete mode 100644 backend/cpp/llama-cpp/patches/0001-mtmd-fix-video-stdin-double-close.patch diff --git a/backend/cpp/llama-cpp/Makefile b/backend/cpp/llama-cpp/Makefile index 3e84ab59b..13f0de3ee 100644 --- a/backend/cpp/llama-cpp/Makefile +++ b/backend/cpp/llama-cpp/Makefile @@ -1,5 +1,5 @@ -LLAMA_VERSION?=8f83d6c271d194bde2d410145a0ce73bc42e85cd +LLAMA_VERSION?=28ca1e600c5dac1854fb7e09611914013430b037 LLAMA_REPO?=https://github.com/ggerganov/llama.cpp CMAKE_ARGS?= diff --git a/backend/cpp/llama-cpp/patches/0001-mtmd-fix-video-stdin-double-close.patch b/backend/cpp/llama-cpp/patches/0001-mtmd-fix-video-stdin-double-close.patch deleted file mode 100644 index a4c3261a4..000000000 --- a/backend/cpp/llama-cpp/patches/0001-mtmd-fix-video-stdin-double-close.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Ettore Di Giacinto -Subject: [PATCH] mtmd: fix double-close of ffmpeg/ffprobe stdin in video helper - -mtmd_helper_video::feed_stdin() obtains the subprocess stdin via -subprocess_stdin(sp), which returns sp->stdin_file directly, then -fclose()s that FILE. Closing the local copy leaves sp->stdin_file -dangling (still non-NULL), so the subsequent subprocess_destroy() -fclose()s the same FILE a second time. The resulting heap corruption -aborts the process ("corrupted double-linked list" / "corrupted size -vs. prev_size") - notably on the server's base64 input_video path, -where every probe()/start_ffmpeg() feeds the buffer via stdin. The CLI ---video file path is unaffected (it never spawns the stdin feeder). - -Clear sp->stdin_file after fclose so subprocess_destroy() skips it. - ---- a/tools/mtmd/mtmd-helper.cpp -+++ b/tools/mtmd/mtmd-helper.cpp -@@ -642,7 +642,12 @@ - LOG_DBG("%s: feeding %zu bytes to stdin\n", __func__, input_buf.size()); - size_t written = fwrite(input_buf.data(), 1, input_buf.size(), f); - LOG_DBG("%s: wrote %zu bytes, closing stdin\n", __func__, written); - fclose(f); -+ // subprocess_stdin() returns sp->stdin_file directly; fclosing our local -+ // copy leaves the struct pointer dangling, so subprocess_destroy() would -+ // fclose() the same FILE again -> heap corruption. Null it so the later -+ // destroy skips stdin. -+ sp->stdin_file = nullptr; - } - - bool probe(float fps_target_arg) {