Opened 16 years ago
Closed 13 years ago
#1120 closed defect (fixed)
Syscall param write(buf) points to uninitialised byte(s)
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | ad |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The mp3 file t1_delta0001.mp3 (in the .tgz archive at the url above) caused errors in the latest version of Mplayer. Valgrind reports Syscall param write(buf) points to uninitialised byte(s) at 0x4000792.
This is reproducible on Linux Debian Etch, with the latest Subversion head
mplayer (r27184). The machine used is VMWare Player.
Reproduce as follows:
wget http://www.eecs.berkeley.edu/~zhl210/864405-0-2550716097-SyscallParam.tgz
tar xzf 864405-0-2550716097-SyscallParam.tgz
Valgrind mplayer t1_delta0001.mp3
Here is the report by Valgrind:
==8696== Memcheck, a memory error detector.
==8696== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==8696== Using LibVEX rev 1854, a library for dynamic binary translation.
==8696== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==8696== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==8696== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==8696== For more details, rerun with: -v
==8696==
==8696== My PID = 8696, parent PID = 3386. Prog and args are:
==8696== mplayer
==8696== t1_delta0001.mp3
==8696==
==8696== Syscall param write(buf) points to uninitialised byte(s)
==8696== Stack hash: 2550720193
==8696== at 0x4000792: (within /lib/ld-2.3.6.so)
==8696== Address 0x42fb6a6 is 2,502 bytes inside a block of size 65,536 alloc'd==8696== Stack hash: 2166789651
==8696== at 0x401D898: malloc (vg_replace_malloc.c:207)
==8696== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==8696== by 0x80D850E: decode_audio (dec_audio.c:401)
==8696== by 0x8075E59: main (mplayer.c:2044)
==8696==
==8696== ERROR SUMMARY: 3 errors from 1 contexts (suppressed: 17 from 1)
==8696== malloc/free: in use at exit: 32,908 bytes in 12 blocks.
==8696== malloc/free: 9,683 allocs, 9,671 frees, 3,407,993 bytes allocated.
==8696== For counts of detected errors, rerun with: -v
==8696== searching for pointers to 12 not-freed blocks.
==8696== checked 2,743,472 bytes.
==8696==
==8696== LEAK SUMMARY:
==8696== definitely lost: 0 bytes in 0 blocks.
==8696== possibly lost: 0 bytes in 0 blocks.
==8696== still reachable: 32,908 bytes in 12 blocks.
==8696== suppressed: 0 bytes in 0 blocks.
==8696== Rerun with --leak-check=full to see details of leaked memory.
This bug was found as part of the SUPERB-TRUST 2008 project.
Change History (2)
comment:1 by , 13 years ago
| Owner: | changed from to |
|---|
comment:2 by , 13 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
No longer reproducible using the file with the same stack hash at
http://www.metafuzz.com/testcases/864405-0-2550716097-SyscallParam.tgz