Valgrind reports invalid read

[ethiodad@…]

Valgrind reported an invalid read of 2. Client is switching stacks, and Valgrind shows the stack pointer to where it switched which is a sever problem.

The file that produced this bug is (125-short-dying.wav) which you can find in the URL link that i specified above. In addition, this bug is reproducible in mplayer version dev-SVN-r27138-4.1.2 (c) 2000-2008. the procedures to reproduce this bug is as follows.

zzuf -s 0:10 -c valgrind mplayer 125-short-dying.wav

output:

MPlayer dev-SVN-r27138-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2

Playing 125-short-dying.wav.
Audio file file format detected.
==========================================================================
Opening audio decoder: [pcm] Uncompressed PCM audio decoder
AUDIO: 1073785924 Hz, 2 ch, s16le, 1411.2 kbit/100.00% (ratio: 176400->176400)
Selected audio codec: [pcm] afm: pcm (Uncompressed PCM)
==========================================================================
[AO OSS] audio_setup: Can't open audio device /dev/dsp: Device or resource busy
DVB card number must be between 1 and 4
AO: [null] 1073785924Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...
==6149== Warning: client switching stacks? SP change: 0xBEA32440 --> 0xBE805270==6149== to suppress, use: --max-stackframe=2281936 or greater
==6149== Invalid write of size 4
==6149== Stack hash: 136116246
==6149== at 0x81CF816: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805278 is on thread 1's stack
==6149==
==6149== Invalid write of size 8
==6149== Stack hash: 136116253
==6149== at 0x81CF81D: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 135067011
==6149== at 0x80CF583: af_lencalc (in /usr/local/bin/mplayer)
==6149== Address 0xbe805278 is on thread 1's stack
==6149==
==6149== Invalid read of size 8
==6149== Stack hash: 135067024
==6149== at 0x80CF590: af_lencalc (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136117045
==6149== at 0x81CFB35: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136117052
==6149== at 0x81CFB3C: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 135067688
==6149== at 0x80CF828: af_resize_local_buffer (in /usr/local/bin/mplayer)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 135067705
==6149== at 0x80CF839: af_resize_local_buffer (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116785
==6149== at 0x81CFA31: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116793
==6149== at 0x81CFA39: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 67271158
==6149== at 0x40279F6: realloc (lib-mem.c:170)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 67271166
==6149== at 0x40279FE: realloc (lib-mem.c:170)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116472
==6149== at 0x81CF8F8: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805288 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116482
==6149== at 0x81CF902: (within /usr/local/bin/mplayer)
==6149== Address 0xbe80527c is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116486
==6149== at 0x81CF906: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805280 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116490
==6149== at 0x81CF90A: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805284 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116500
==6149== at 0x81CF914: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805278 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116507
==6149== at 0x81CF91B: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116513
==6149== at 0x81CF921: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137787959
==6149== at 0x8367A37: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137787966
==6149== at 0x8367A3E: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137787973
==6149== at 0x8367A45: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788034
==6149== at 0x8367A82: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788051
==6149== at 0x8367A93: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805284 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788066
==6149== at 0x8367AA2: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788073
==6149== at 0x8367AA9: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788080
==6149== at 0x8367AB0: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788723
==6149== at 0x8367D33: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805278 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788736
==6149== at 0x8367D40: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805280 is on thread 1's stack
==6149==
==6149== Invalid write of size 2
==6149== Stack hash: 137788388
==6149== at 0x8367BE4: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805290 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788434
==6149== at 0x8367C12: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805284 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788175
==6149== at 0x8367B0F: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805280 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788188
==6149== at 0x8367B1C: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788620
==6149== at 0x8367CCC: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805278 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788462
==6149== at 0x8367C2E: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe80527c is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788484
==6149== at 0x8367C44: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788510
==6149== at 0x8367C5E: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805288 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 137788534
==6149== at 0x8367C76: av_resample (in /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116573
==6149== at 0x81CF95D: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805278 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116580
==6149== at 0x81CF964: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid write of size 4
==6149== Stack hash: 136116586
==6149== at 0x81CF96A: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 67234645
==6149== at 0x401EB55: memmove (mc_replace_strmem.c:517)
==6149== Address 0xbe805270 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 67234648
==6149== at 0x401EB58: memmove (mc_replace_strmem.c:517)
==6149== Address 0xbe805274 is on thread 1's stack
==6149==
==6149== Invalid read of size 4
==6149== Stack hash: 67234651
==6149== at 0x401EB5B: memmove (mc_replace_strmem.c:517)
==6149== Address 0xbe805278 is on thread 1's stack
==6149==
==6149== Invalid read of size 2
==6149== Stack hash: 136116835
==6149== at 0x81CFA63: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805290 is on thread 1's stack
==6149==
==6149== Invalid read of size 2
==6149== Stack hash: 136116845
==6149== at 0x81CFA6D: (within /usr/local/bin/mplayer)
==6149== Address 0xbe86202e is on thread 1's stack
==6149==
==6149== Invalid read of size 2
==6149== Stack hash: 136116861
==6149== at 0x81CFA7D: (within /usr/local/bin/mplayer)
==6149== Address 0xbe805294 is on thread 1's stack
==6149== Warning: client switching stacks? SP change: 0xBE805270 --> 0xBEA324BC==6149== to suppress, use: --max-stackframe=2282060 or greater
==6149== Warning: client switching stacks? SP change: 0xBEA32440 --> 0xBE825EC0==6149== to suppress, use: --max-stackframe=2147712 or greater
==6149== further instances of this message will not be shown.
==6149==
==6149== More than 10000000 total errors detected. I'm not reporting any more.
==6149== Final error counts will be inaccurate. Go fix your program!
==6149== Rerun with --error-limit=no to disable this cutoff. Note
==6149== that errors may occur in your program without prior warning from
==6149== Valgrind, because errors are no longer being displayed.
==6149==

[6]+ Stopped zzuf -s 0:10 -c valgrind mplayer 125-short-dying.wav

This run was done on Linux debian 2.6.18-4-486 #1 Mon Mar 26 16:39:10 UTC 2007 i686 GNU/Linux.
Switching Stack is an important Security issue that needs more attention; so let me know if i can provide of more information. This bug was found while doing a research on testing software for SEPERB-TRUST research program.