Opened 11 years ago

Closed 11 years ago

#1139 closed defect (fixed)

InvalidRead

Reported by: nicholenae@… Owned by: reimar
Priority: normal Component: ao
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

I worked in the lab as part of the SUPERB-TRUST 2008 for the security project
and found these bugs in the file 17-3.wav. The errors is Crash and one Invalid
Read. You can download the file with the following links and can run the
command below:

wget http://www.metafuzz.com/testcases/226982-17-1254831199-InvalidRead.tgz
tar xzfv 226982-17-1254831199-InvalidRead?.tgz
valgrind mplayer 17-3.wav

I have this version :

MPlayer dev-SVN-r27185-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15,
Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2

MPlayer interrupted by signal 11 in module: decode_audio

  • MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
  • MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.

user@debian:~$ cat log17 ==6036== Memcheck, a memory error detector.
==6036== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==6036== Using LibVEX rev 1854, a library for dynamic binary translation.
==6036== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks? LLP.
==6036== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==6036== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==6036== For more details, rerun with: -v
==6036==

==6036== mplayer
==6036== 17-3.wav
==6036==
==6036== Invalid read of size 1
==6036== Stack hash: 1121225063
==6036== at 0x80D9E4A: decode_audio (ad_msadpcm.c:116)
==6036== by 0x80DA9D4: decode_audio (dec_audio.c:383)
==6036== by 0x8078409: main (mplayer.c:2044)
==6036== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6036==
==6036== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==6036== malloc/free: in use at exit: 161,488 bytes in 2,187 blocks.
==6036== malloc/free: 2,317 allocs, 130 frees, 1,311,320 bytes allocated.
==6036== For counts of detected errors, rerun with: -v
==6036== searching for pointers to 2,187 not-freed blocks.
==6036== checked 2,877,272 bytes.
==6036==
==6036== LEAK SUMMARY:
==6036== definitely lost: 0 bytes in 0 blocks.
==6036== possibly lost: 0 bytes in 0 blocks.
==6036== still reachable: 161,488 bytes in 2,187 blocks.
==6036== suppressed: 0 bytes in 0 blocks.
==6036== Rerun with --leak-check=full to see details of leaked memory.

Change History (3)

comment:1 Changed 11 years ago by nicholenae@…

user@debian:~$ gdb mplayer

GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run -v 17-3.wav
Starting program: /usr/local/bin/mplayer -v 17-3.wav
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1210386208 (LWP 12980)]
MPlayer dev-SVN-r27249-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine?: '-v' '17-3.wav'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay?
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('17-3.wav.conf') -> '/home/user/.mplayer/17-3.wav.conf'

Playing 17-3.wav.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 37210 bytes
STREAM: [file] 17-3.wav
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: WAV format
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo?
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename 17-3.wav ext: .wav
Trying demuxer 17 based on filename extension
==> Found audio stream: 0
[demux_audio] truncated extradata (32 < 500)
======= WAVE Format =======
Format Tag: 2 (0x2)
Channels: 1
Samplerate: 11025
avg byte/sec: 5644
Block align: 0
bits/sample: 0
cbSize: 32
Unknown extra header dump: [7] [0] [0] [1] [0] [0] [0] [2] [0] [ff] [0] [0] [0] [0] [c0] [0] [40] [0] [f0] [0] [0] [0] [cc] [1] [30] [ff] [88] [1] [18] [ff] [66] [61]
==========================================================================
stream_seek: WARNING! Can't seek to 0x197F0050 !
stream_seek: WARNING! Can't seek to 0x197F0000 !
demux_audio: audio data 0x197F0000 - 0x32FE0000
Audio file file format detected.
==========================================================================
Opening audio decoder: [msadpcm] MS ADPCM audio decoder
dec_audio: Allocating 0 + 65536 = 65536 bytes for output buffer.
AUDIO: 11025 Hz, 1 ch, s16le, 0.0 kbit/0.00% (ratio: 0->22050)
Selected audio codec: [msadpcm] afm: msadpcm (MS ADPCM)
==========================================================================
Building audio filter chain for 11025Hz/1ch/s16le -> 0Hz/0ch/??...
[libaf] Adding filter dummy
[dummy] Was reinitialized: 11025Hz/1ch/s16le
[dummy] Was reinitialized: 11025Hz/1ch/s16le
Trying every known audio driver...
ao2: 11025 Hz 1 chans s16le
audio_setup: using '/dev/dsp' dsp device
audio_setup: using '/dev/mixer' mixer device
audio_setup: using 'pcm' mixer device
audio_setup: sample format: s16le (requested: s16le)
audio_setup: using 1 channels (requested: 1)
audio_setup: using 11025 Hz samplerate (requested: 11025)
audio_setup: frags: 16/16 (4096 bytes/frag) free: 65536
AO: [oss] 11025Hz 1ch s16le (2 bytes per sample)
AO: Description: OSS/ioctl audio output
AO: Author: A'rpi
Building audio filter chain for 11025Hz/1ch/s16le -> 11025Hz/1ch/s16le...
[dummy] Was reinitialized: 11025Hz/1ch/s16le
[dummy] Was reinitialized: 11025Hz/1ch/s16le
Video: no video
Freeing 0 unused video chunks.
Starting playback...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210386208 (LWP 12980)]
decode_audio (sh_audio=0x89a7b60, buf=0x89a7c80 "", minlen=65536,

maxlen=65536) at libmpcodecs/ad_msadpcm.c:116

116 if (input[stream_ptr] > 6)
(gdb) bt
#0 decode_audio (sh_audio=0x89a7b60, buf=0x89a7c80 "", minlen=65536,

maxlen=65536) at libmpcodecs/ad_msadpcm.c:116

#1 0x080daa75 in decode_audio (sh_audio=0x89a7b60, minlen=65536)

at libmpcodecs/dec_audio.c:383

#2 0x080784ea in main (argc=3, argv=0xbfc57534) at mplayer.c:2044
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x80d9eca to 0x80d9f0a:
0x080d9eca <decode_audio+58>: pop %ebx
0x080d9ecb <decode_audio+59>: pop %esi
0x080d9ecc <decode_audio+60>: pop %edi
0x080d9ecd <decode_audio+61>: pop %ebp
0x080d9ece <decode_audio+62>: ret
0x080d9ecf <decode_audio+63>: nop
0x080d9ed0 <decode_audio+64>: mov 0x9c(%ebx),%eax
0x080d9ed6 <decode_audio+70>: mov 0x34(%ebx),%ebx
0x080d9ed9 <decode_audio+73>: movzwl 0xc(%eax),%edx
0x080d9edd <decode_audio+77>: movzwl 0x2(%eax),%eax
0x080d9ee1 <decode_audio+81>: mov %ebx,0xffffffbc(%ebp)
0x080d9ee4 <decode_audio+84>: mov %edx,0xffffffb4(%ebp)
0x080d9ee7 <decode_audio+87>: mov %eax,0xffffffb8(%ebp)
0x080d9eea <decode_audio+90>: movzbl (%ebx),%eax
0x080d9eed <decode_audio+93>: cmp $0x6,%al
0x080d9eef <decode_audio+95>: ja 0x80da11b <decode_audio+651>
0x080d9ef5 <decode_audio+101>: mov 0xffffffbc(%ebp),%ecx
0x080d9ef8 <decode_audio+104>: cmpw $0x2,0xffffffb8(%ebp)
0x080d9efd <decode_audio+109>: movzbl (%ecx),%eax
0x080d9f00 <decode_audio+112>: mov 0x85e2b80(,%eax,4),%edx
0x080d9f07 <decode_audio+119>: mov 0x85e2b9c(,%eax,4),%eax
End of assembler dump.
(gdb) e: '-v' '17-3.wav'
Ambiguous command "e: '-v' '17-3.wav'": .
(gdb) q
The program is running. Exit anyway? (y or n) y
user@debian:~$ clen
bash: clen: command not found
user@debian:~$ clean
bash: clean: command not found
user@debian:~$ clan
bash: clan: command not found
user@debian:~$ clean
bash: clean: command not found
user@debian:~$ clear

user@debian:~$ gdb mplayer
GNU gdb 6.4.90-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".

(gdb) run -v 17-3.wav
Starting program: /usr/local/bin/mplayer -v 17-3.wav
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1210111776 (LWP 13112)]
MPlayer dev-SVN-r27249-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine?: '-v' '17-3.wav'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay?
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('17-3.wav.conf') -> '/home/user/.mplayer/17-3.wav.conf'

Playing 17-3.wav.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 37210 bytes
STREAM: [file] 17-3.wav
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: WAV format
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo?
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename 17-3.wav ext: .wav
Trying demuxer 17 based on filename extension
==> Found audio stream: 0
[demux_audio] truncated extradata (32 < 500)
======= WAVE Format =======
Format Tag: 2 (0x2)
Channels: 1
Samplerate: 11025
avg byte/sec: 5644
Block align: 0
bits/sample: 0
cbSize: 32
Unknown extra header dump: [7] [0] [0] [1] [0] [0] [0] [2] [0] [ff] [0] [0] [0] [0] [c0] [0] [40] [0] [f0] [0] [0] [0] [cc] [1] [30] [ff] [88] [1] [18] [ff] [66] [61]
==========================================================================
stream_seek: WARNING! Can't seek to 0x197F0050 !
stream_seek: WARNING! Can't seek to 0x197F0000 !
demux_audio: audio data 0x197F0000 - 0x32FE0000
Audio file file format detected.
==========================================================================
Opening audio decoder: [msadpcm] MS ADPCM audio decoder
dec_audio: Allocating 0 + 65536 = 65536 bytes for output buffer.
AUDIO: 11025 Hz, 1 ch, s16le, 0.0 kbit/0.00% (ratio: 0->22050)
Selected audio codec: [msadpcm] afm: msadpcm (MS ADPCM)
==========================================================================
Building audio filter chain for 11025Hz/1ch/s16le -> 0Hz/0ch/??...
[libaf] Adding filter dummy
[dummy] Was reinitialized: 11025Hz/1ch/s16le
[dummy] Was reinitialized: 11025Hz/1ch/s16le
Trying every known audio driver...
ao2: 11025 Hz 1 chans s16le
audio_setup: using '/dev/dsp' dsp device
audio_setup: using '/dev/mixer' mixer device
audio_setup: using 'pcm' mixer device
audio_setup: sample format: s16le (requested: s16le)
audio_setup: using 1 channels (requested: 1)
audio_setup: using 11025 Hz samplerate (requested: 11025)
audio_setup: frags: 16/16 (4096 bytes/frag) free: 65536
AO: [oss] 11025Hz 1ch s16le (2 bytes per sample)
AO: Description: OSS/ioctl audio output
AO: Author: A'rpi
Building audio filter chain for 11025Hz/1ch/s16le -> 11025Hz/1ch/s16le...
[dummy] Was reinitialized: 11025Hz/1ch/s16le
[dummy] Was reinitialized: 11025Hz/1ch/s16le
Video: no video
Freeing 0 unused video chunks.
Starting playback...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210111776 (LWP 13112)]
decode_audio (sh_audio=0x89a7b60, buf=0x89a7c80 "", minlen=65536,

maxlen=65536) at libmpcodecs/ad_msadpcm.c:116

116 if (input[stream_ptr] > 6)
(gdb) bt
#0 decode_audio (sh_audio=0x89a7b60, buf=0x89a7c80 "", minlen=65536,

maxlen=65536) at libmpcodecs/ad_msadpcm.c:116

#1 0x080daa75 in decode_audio (sh_audio=0x89a7b60, minlen=65536)

at libmpcodecs/dec_audio.c:383

#2 0x080784ea in main (argc=3, argv=0xbfc74544) at mplayer.c:2044
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x80d9eca to 0x80d9f0a:
0x080d9eca <decode_audio+58>: pop %ebx
0x080d9ecb <decode_audio+59>: pop %esi
0x080d9ecc <decode_audio+60>: pop %edi
0x080d9ecd <decode_audio+61>: pop %ebp
0x080d9ece <decode_audio+62>: ret
0x080d9ecf <decode_audio+63>: nop
0x080d9ed0 <decode_audio+64>: mov 0x9c(%ebx),%eax
0x080d9ed6 <decode_audio+70>: mov 0x34(%ebx),%ebx
0x080d9ed9 <decode_audio+73>: movzwl 0xc(%eax),%edx
0x080d9edd <decode_audio+77>: movzwl 0x2(%eax),%eax
0x080d9ee1 <decode_audio+81>: mov %ebx,0xffffffbc(%ebp)
0x080d9ee4 <decode_audio+84>: mov %edx,0xffffffb4(%ebp)
0x080d9ee7 <decode_audio+87>: mov %eax,0xffffffb8(%ebp)
0x080d9eea <decode_audio+90>: movzbl (%ebx),%eax
0x080d9eed <decode_audio+93>: cmp $0x6,%al
0x080d9eef <decode_audio+95>: ja 0x80da11b <decode_audio+651>
0x080d9ef5 <decode_audio+101>: mov 0xffffffbc(%ebp),%ecx
0x080d9ef8 <decode_audio+104>: cmpw $0x2,0xffffffb8(%ebp)
0x080d9efd <decode_audio+109>: movzbl (%ecx),%eax
0x080d9f00 <decode_audio+112>: mov 0x85e2b80(,%eax,4),%edx
0x080d9f07 <decode_audio+119>: mov 0x85e2b9c(,%eax,4),%eax
End of assembler dump.
(gdb) info all-registers
eax 0x1 1
ecx 0xffffffff -1
edx 0x0 0
ebx 0x0 0
esp 0xbfc731c0 0xbfc731c0
ebp 0xbfc73238 0xbfc73238
esi 0x89a7c80 144342144
edi 0x10000 65536
eip 0x80d9eea 0x80d9eea <decode_audio+90>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 64 (raw 0x40058000000000000000)
---Type <return> to continue, or q <return> to quit---
st7 65600 (raw 0x400f8020000000000000)
fctrl 0x37f 895
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x80da9d5 135113173
foseg 0x7b 123
fooff 0xbfc73268 -1077464472
fop 0x55d 1373
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,

---Type <return> to continue, or q <return> to quit---

0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,

0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},

v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}

mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,

0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}

mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
---Type <return> to continue, or q <return> to quit---

0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}

mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,

0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}

mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,

0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}

mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,

0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}

mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,

0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}

mm6 {uint64 = 0x8000000000000000, v2_int32 = {0x0,

0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}

mm7 {uint64 = 0x8020000000000000, v2_int32 = {0x0,

0x80200000}, v4_int16 = {0x0, 0x0, 0x0, 0x8020}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x80}}

(gdb)

comment:2 Changed 11 years ago by nicholenae@…

I tried same input file with version MPlayer dev-SVN-r27249-4.1.2 still
crashes. Here is Gdb outputs

comment:3 Changed 11 years ago by reimar

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in SVN r27260

Note: See TracTickets for help on using tickets.