In encthread.c at around line 1482:
if (out_fn)
free(out_fn);
if (enc_opts.filename)
free(enc_opts.filename);
enc_opts.filename points to the same address as out_fn (see line 1246), hence the double free.
However, it's worse than that. out_fn (and enc_opts.filename) actually points to the stack array strFileName[] (see line 1219). So it tries to free same stack address twice, which leads this encoding thread to a crash.
I was somewhat surprised to see that this file is not touched after year 2008, and no one ever complained about this bug.
In encthread.c at around line 1482:
if (out_fn)
free(out_fn);
if (enc_opts.filename)
free(enc_opts.filename);
enc_opts.filename points to the same address as out_fn (see line 1246), hence the double free.
However, it's worse than that. out_fn (and enc_opts.filename) actually points to the stack array strFileName[] (see line 1219). So it tries to free same stack address twice, which leads this encoding thread to a crash.
I was somewhat surprised to see that this file is not touched after year 2008, and no one ever complained about this bug.
Thanks for the interest. I'll look into this when I return home later.