Opened 11 years ago

Closed 9 years ago

#1120 closed defect (fixed)

Syscall param write(buf) points to uninitialised byte(s)

Reported by: zlai88@… Owned by: reimar
Priority: normal Component: ad
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

The mp3 file t1_delta0001.mp3 (in the .tgz archive at the url above) caused errors in the latest version of Mplayer. Valgrind reports Syscall param write(buf) points to uninitialised byte(s) at 0x4000792.

This is reproducible on Linux Debian Etch, with the latest Subversion head
mplayer (r27184). The machine used is VMWare Player.

Reproduce as follows:
wget http://www.eecs.berkeley.edu/~zhl210/864405-0-2550716097-SyscallParam.tgz
tar xzf 864405-0-2550716097-SyscallParam?.tgz
Valgrind mplayer t1_delta0001.mp3

Here is the report by Valgrind:

==8696== Memcheck, a memory error detector.
==8696== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==8696== Using LibVEX rev 1854, a library for dynamic binary translation.
==8696== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks? LLP.
==8696== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==8696== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==8696== For more details, rerun with: -v
==8696==
==8696== My PID = 8696, parent PID = 3386. Prog and args are:
==8696== mplayer
==8696== t1_delta0001.mp3
==8696==
==8696== Syscall param write(buf) points to uninitialised byte(s)
==8696== Stack hash: 2550720193
==8696== at 0x4000792: (within /lib/ld-2.3.6.so)
==8696== Address 0x42fb6a6 is 2,502 bytes inside a block of size 65,536 alloc'd==8696== Stack hash: 2166789651
==8696== at 0x401D898: malloc (vg_replace_malloc.c:207)
==8696== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==8696== by 0x80D850E: decode_audio (dec_audio.c:401)
==8696== by 0x8075E59: main (mplayer.c:2044)
==8696==
==8696== ERROR SUMMARY: 3 errors from 1 contexts (suppressed: 17 from 1)
==8696== malloc/free: in use at exit: 32,908 bytes in 12 blocks.
==8696== malloc/free: 9,683 allocs, 9,671 frees, 3,407,993 bytes allocated.
==8696== For counts of detected errors, rerun with: -v
==8696== searching for pointers to 12 not-freed blocks.
==8696== checked 2,743,472 bytes.
==8696==
==8696== LEAK SUMMARY:
==8696== definitely lost: 0 bytes in 0 blocks.
==8696== possibly lost: 0 bytes in 0 blocks.
==8696== still reachable: 32,908 bytes in 12 blocks.
==8696== suppressed: 0 bytes in 0 blocks.
==8696== Rerun with --leak-check=full to see details of leaked memory.

This bug was found as part of the SUPERB-TRUST 2008 project.

Change History (2)

comment:1 Changed 9 years ago by compn

  • Owner changed from r_togni@… to reimar

comment:2 Changed 9 years ago by reimar

  • Resolution set to fixed
  • Status changed from new to closed

No longer reproducible using the file with the same stack hash at
http://www.metafuzz.com/testcases/864405-0-2550716097-SyscallParam.tgz

Note: See TracTickets for help on using tickets.