Opened 16 years ago
Last modified 13 years ago
#1132 new defect
Valgrind reports use of uninitialised value of size 4 in MP3_DecodeFrame() (layer2.c:178)
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | if idle | Component: | ad |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
In the tgz archive which can be downloaded from the URL
http://www.metafuzz.com/testcases/624265-199-2872679194-UninitValue.tgz, there is an mp3 file (199-MusicInMe.mp3) where Valgrind reports use of uninitialised value of size 4.
I confirmed that this bug is reproducible in the latest subversion of MPlayer, r27240-4.1.2 .
My System Information:
OS: Linux Debian x32
kernel: Linux debian 2.6.18-6-486 #1 Fri Jun 6 21:47:01 UTC 2008 i686 GNU/Linux
libc version: libc-2.3.6.so
gcc version 4.1.2 20061115
ld version 2.17
My Hardware Information:
32-bit Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Multimedia audio controller: Ensoniq ES1371 [AudioPCI-97] (rev 02)
To reproduce:
wget http://www.metafuzz.com/testcases/624265-199-2872679194-UninitValue.tgz
tar xzvf 624265-199-2872679194-UninitValue.tgz
valgrind mplayer 199-MusicInMe.mp3
The following is the output from Valgrind:
==7131== Memcheck, a memory error detector.
==7131== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==7131== Using LibVEX rev 1854, a library for dynamic binary translation.
==7131== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==7131== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==7131== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==7131== For more details, rerun with: -v
==7131==
MPlayer dev-SVN-r27240-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
Playing 624265-199-2872679194-UninitValue.tgz_FILES/199-MusicInMe.mp3.
Audio file file format detected.
==========================================================================
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
AUDIO: 44100 Hz, 2 ch, s16le, 320.0 kbit/22.68% (ratio: 40000->176400)
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
AO: [oss] 44100Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...
mpg123: Can't rewind stream by 171 bits!
mpg123: Can't rewind stream by 574 bits!
mpg123: Can't rewind stream by 239 bits!
mpg123: Can't rewind stream by 310 bits!
mpg123: Can't rewind stream by 897 bits!
mpg123: Can't rewind stream by 1 bits!
mpg123: Can't rewind stream by 41 bits!
mpg123: Can't rewind stream by 29 bits!
mpg123: Can't rewind stream by 756 bits!
mpg123: Can't rewind stream by 8 bits!
mpg123: Can't rewind stream by 22 bits!
mpg123: Can't rewind stream by 18 bits!
mpg123: Can't rewind stream by 58 bits!
==7131== Use of uninitialised value of size 4
==7131== Stack hash: 2643174522
==7131== at 0x81E94F5: MP3_DecodeFrame (layer2.c:178)
==7131== by 0x80DA9E4: decode_audio (dec_audio.c:383)
==7131== by 0x8078459: main (mplayer.c:2044)
==7131==
==7131== Use of uninitialised value of size 4
==7131== Stack hash: 2643203271
==7131== at 0x81E950A: MP3_DecodeFrame (layer2.c:179)
==7131== by 0x80DA9E4: decode_audio (dec_audio.c:383)
==7131== by 0x8078459: main (mplayer.c:2044)
==7131==
==7131== Use of uninitialised value of size 4
==7131== Stack hash: 2643227913
==7131== at 0x81E951C: MP3_DecodeFrame (layer2.c:180)
==7131== by 0x80DA9E4: decode_audio (dec_audio.c:383)
==7131== by 0x8078459: main (mplayer.c:2044)
==7131==
==7131== Use of uninitialised value of size 4
==7131== Stack hash: 2644324482
==7131== at 0x81E983D: MP3_DecodeFrame (layer2.c:167)
==7131== by 0x80DA9E4: decode_audio (dec_audio.c:383)
==7131== by 0x8078459: main (mplayer.c:2044)
mpg123: Can't rewind stream by 139 bits!
mpg123: Can't rewind stream by 84 bits!
mpg123: Can't rewind stream by 11 bits!
mpg123: Can't rewind stream by 24 bits!
mpg123: Can't rewind stream by 14 bits!
big_values too large!
mpg123: Can't rewind stream by 1084 bits!
mpg123: Can't rewind stream by 102 bits!
mpg123: Can't rewind stream by 10 bits!
mpg123: Can't rewind stream by 9 bits!
mpg123: Can't rewind stream by 13 bits!
mpg123: Can't rewind stream by 75 bits!
mpg123: Can't rewind stream by 5 bits!
mpg123: Can't rewind stream by 310 bits!
mpg123: Can't rewind stream by 57 bits!
big_values too large!
mpg123: Can't rewind stream by 102 bits!
mpg123: Can't rewind stream by 2 bits!
mpg123: Can't rewind stream by 85 bits!
mpg123: Can't rewind stream by 11 bits!
mpg123: Can't rewind stream by 73 bits!
mpg123: Can't rewind stream by 14 bits!
A: 1.7 (01.7) of 2.0 (02.0) 33.1%
Exiting... (End of file)
==7131==
==7131== ERROR SUMMARY: 216 errors from 4 contexts (suppressed: 21 from 1)
==7131== malloc/free: in use at exit: 32,908 bytes in 12 blocks.
==7131== malloc/free: 2,598 allocs, 2,586 frees, 1,546,450 bytes allocated.
==7131== For counts of detected errors, rerun with: -v
==7131== searching for pointers to 12 not-freed blocks.
==7131== checked 2,764,128 bytes.
==7131==
==7131== LEAK SUMMARY:
==7131== definitely lost: 0 bytes in 0 blocks.
==7131== possibly lost: 0 bytes in 0 blocks.
==7131== still reachable: 32,908 bytes in 12 blocks.
==7131== suppressed: 0 bytes in 0 blocks.
==7131== Rerun with --leak-check=full to see details of leaked memory.
This bug was found as part of the SUPERB-TRUST 2008 project; see
http://www.truststc.org/superb/
Please let me know if you need more information.
Change History (3)
comment:1 by , 16 years ago
| Cc: | added |
|---|
comment:2 by , 16 years ago
| Priority: | normal → if idle |
|---|
comment:3 by , 13 years ago
| Owner: | changed from to |
|---|
Problem in mp3lib