Opened 16 years ago
Last modified 16 years ago
#1141 new defect
Invalidwrite
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | ao |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | nstockma@…, catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
I worked in the lab as part of the SUPERB-TRUST 2008 for the security project
and found these bugs in the file 75-3.wav. The errors is Crash and 2 Invalid Write in reset_pred_state (ic_predict.c:186).This bugs is reproduced in the new version. You can download the file with the following links and can run the command below:
www.Metafuzz.com
wget http://www.metafuzz.com/testcases/854652-75-989315095-SyscallParam.tgz
tar xzfv 854652-75-989315095-SyscallParam.tgz
valgrind mplayer 75-3.wav
I have this version:
MPlayer dev-SVN-r27243-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
Unknown option on the command line: --version
MPlayer interrupted by signal 11 in module: decode_audio
- MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.
user@debian:~$ cat log75
==19207== Memcheck, a memory error detector.
==19207== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==19207== Using LibVEX rev 1854, a library for dynamic binary translation.
==19207== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==19207== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==19207== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==19207== For more details, rerun with: -v
==19207== My PID = 19207, parent PID = 9153. Prog and args are:
==19207== mplayer
==19207== 75-3.wav
==19207==
==19207== Invalid write of size 2
==19207== Stack hash: 4024740811
==19207== at 0x81AFB34: reset_pred_state (ic_predict.c:186)
==19207== by 0x81B0002: ic_prediction (ic_predict.c:239)
==19207== by 0x81C4538: reconstruct_single_channel (specrec.c:879)
==19207== by 0x81CA435: decode_sce_lfe (syntax.c:597)
==19207== by 0x81CAC68: raw_data_block (syntax.c:434)
==19207== by 0x81AB6C9: aac_frame_decode (decoder.c:872)
==19207== by 0x818B3C2: decode_audio (ad_faad.c:235)
==19207== by 0x80DAA04: decode_audio (dec_audio.c:383)
==19207== by 0x8078479: main (mplayer.c:2044)
==19207== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==19207==
==19207== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==19207== malloc/free: in use at exit: 243,263 bytes in 2,206 blocks.
==19207== malloc/free: 2,465 allocs, 259 frees, 1,512,726 bytes allocated.
==19207== For counts of detected errors, rerun with: -v
==19207== searching for pointers to 2,206 not-freed blocks.
==19207== checked 2,996,040 bytes.
Change History (3)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
--Type <return> to continue, or q <return> to quit---
st7 0 (raw 0x00000000000000000000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x81c3403 136066051
foseg 0x7b 123
fooff 0x0 0
fop 0x5d8 1496
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
---Type <return> to continue, or q <return> to quit---
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
---Type <return> to continue, or q <return> to quit---
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
mm6 {uint64 = 0x8000000000000000, v2_int32 = {0x0,
0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0}}
(gdb)
I tried same input file with version MPlayer dev-SVN-r27249-4.1.2 still
crashes. Here is Gdb outputs:
AUDIO PAYLOAD: c ec 9d ed
AUDIO PAYLOAD: ec 9d ed d0
AUDIO PAYLOAD: 9d ed d0 0
AUDIO PAYLOAD: ed d0 0 16
AUDIO PAYLOAD: d0 0 16 24
AUDIO PAYLOAD: 0 16 24 53
AUDIO PAYLOAD: 16 24 53 33
AUDIO PAYLOAD: 24 53 33 22
AUDIO PAYLOAD: 53 33 22 10
AUDIO PAYLOAD: 33 22 10 0
AUDIO PAYLOAD: 22 10 0 10
AUDIO PAYLOAD: 10 0 10 f0
AUDIO PAYLOAD: 0 10 f0 10
AUDIO PAYLOAD: 10 f0 10 5
AUDIO PAYLOAD: f0 10 5 18
AUDIO PAYLOAD: 10 5 18 0
AUDIO PAYLOAD: 5 18 0 5d
AUDIO PAYLOAD: 18 0 5d e
AUDIO PAYLOAD: 0 5d e d7
AUDIO PAYLOAD: 5d e d7 d
AUDIO PAYLOAD: e d7 d 8
AUDIO PAYLOAD: d7 d 8 e5
AUDIO PAYLOAD: d 8 e5 e
AUDIO PAYLOAD: 8 e5 e ff
AUDIO PAYLOAD: e5 e ff f0
AUDIO PAYLOAD: e ff f0 eb
AAC_PROBE: ret 117
AAC SYNC AFTER 117 bytes
FAAD: error: Invalid number of channels, trying to resync!
AAC_PROBE: 4608 bytes
AUDIO PAYLOAD: f0 eb f be
AUDIO PAYLOAD: eb f be fd
AUDIO PAYLOAD: f be fd bf
AUDIO PAYLOAD: be fd bf ed
AUDIO PAYLOAD: fd bf ed ee
AUDIO PAYLOAD: bf ed ee f1
AUDIO PAYLOAD: ed ee f1 21
AUDIO PAYLOAD: ee f1 21 0
AUDIO PAYLOAD: f1 21 0 2
AUDIO PAYLOAD: 21 0 2 e9
AUDIO PAYLOAD: 0 2 e9 2
AUDIO PAYLOAD: 2 e9 2 2
AUDIO PAYLOAD: e9 2 2 1f
AUDIO PAYLOAD: 2 2 1f ec
AUDIO PAYLOAD: 2 1f ec 14
AUDIO PAYLOAD: 1f ec 14 f
AUDIO PAYLOAD: ec 14 f 21
AUDIO PAYLOAD: 14 f 21 f3
AUDIO PAYLOAD: f 21 f3 f
AUDIO PAYLOAD: 21 f3 f f8
AUDIO PAYLOAD: f3 f f8 bf
AUDIO PAYLOAD: f f8 bf ed
AUDIO PAYLOAD: f8 bf ed bf
AUDIO PAYLOAD: bf ed bf b
AUDIO PAYLOAD: ed bf b ce
AUDIO PAYLOAD: bf b ce da
AUDIO PAYLOAD: b ce da ee
AUDIO PAYLOAD: ce da ee cc
AUDIO PAYLOAD: da ee cc dd
AUDIO PAYLOAD: ee cc dd dc
AUDIO PAYLOAD: cc dd dc dc
AUDIO PAYLOAD: dd dc dc dd
AUDIO PAYLOAD: dc dc dd cb
AUDIO PAYLOAD: dc dd cb ed
AUDIO PAYLOAD: dd cb ed ed
AUDIO PAYLOAD: cb ed ed dd
AUDIO PAYLOAD: ed ed dd bd
AUDIO PAYLOAD: ed dd bd ce
AUDIO PAYLOAD: dd bd ce dc
AUDIO PAYLOAD: bd ce dc e0
AUDIO PAYLOAD: ce dc e0 fe
AUDIO PAYLOAD: dc e0 fe ec
AUDIO PAYLOAD: e0 fe ec c0
AUDIO PAYLOAD: fe ec c0 0
AUDIO PAYLOAD: ec c0 0 10
AUDIO PAYLOAD: c0 0 10 ff
AUDIO PAYLOAD: 0 10 ff da
AUDIO PAYLOAD: 10 ff da 0
AUDIO PAYLOAD: ff da 0 0
AUDIO PAYLOAD: da 0 0 0
AUDIO PAYLOAD: 0 0 0 1
AUDIO PAYLOAD: 0 0 1 2
AUDIO PAYLOAD: 0 1 2 20
AUDIO PAYLOAD: 1 2 20 bf
AUDIO PAYLOAD: 2 20 bf 11
AUDIO PAYLOAD: 20 bf 11 27
AUDIO PAYLOAD: bf 11 27 1f
AUDIO PAYLOAD: 11 27 1f 33
AUDIO PAYLOAD: 27 1f 33 6
AUDIO PAYLOAD: 1f 33 6 51
AUDIO PAYLOAD: 33 6 51 0
AUDIO PAYLOAD: 6 51 0 25
AUDIO PAYLOAD: 51 0 25 0
AUDIO PAYLOAD: 0 25 0 1
AUDIO PAYLOAD: 25 0 1 34
AUDIO PAYLOAD: 0 1 34 e8
AUDIO PAYLOAD: 1 34 e8 0
AUDIO PAYLOAD: 34 e8 0 ff
AUDIO PAYLOAD: e8 0 ff fe
AUDIO PAYLOAD: 0 ff fe f
AUDIO PAYLOAD: ff fe f 3
AUDIO PAYLOAD: fe f 3 8
AUDIO PAYLOAD: f 3 8 de
AUDIO PAYLOAD: 3 8 de ec
AUDIO PAYLOAD: 8 de ec bf
AUDIO PAYLOAD: de ec bf ec
AUDIO PAYLOAD: ec bf ec f
AUDIO PAYLOAD: bf ec f 1
AUDIO PAYLOAD: ec f 1 d
AUDIO PAYLOAD: f 1 d 0
AUDIO PAYLOAD: 1 d 0 12
AUDIO PAYLOAD: d 0 12 e8
AUDIO PAYLOAD: 0 12 e8 3
AUDIO PAYLOAD: 12 e8 3 0
AUDIO PAYLOAD: e8 3 0 1e
AUDIO PAYLOAD: 3 0 1e c0
AUDIO PAYLOAD: 0 1e c0 fe
AUDIO PAYLOAD: 1e c0 fe f
AUDIO PAYLOAD: c0 fe f 7
AUDIO PAYLOAD: fe f 7 21
AUDIO PAYLOAD: f 7 21 0
AUDIO PAYLOAD: 7 21 0 23
AUDIO PAYLOAD: 21 0 23 14
AUDIO PAYLOAD: 0 23 14 52
AUDIO PAYLOAD: 23 14 52 0
AUDIO PAYLOAD: 14 52 0 d
AUDIO PAYLOAD: 52 0 d e0
AUDIO PAYLOAD: 0 d e0 34
AUDIO PAYLOAD: d e0 34 60
AUDIO PAYLOAD: e0 34 60 ef
AUDIO PAYLOAD: 34 60 ef c
AUDIO PAYLOAD: 60 ef c df
AUDIO PAYLOAD: ef c df fc
AUDIO PAYLOAD: c df fc af
AUDIO PAYLOAD: df fc af 3
AUDIO PAYLOAD: fc af 3 3a
AUDIO PAYLOAD: af 3 3a 0
AUDIO PAYLOAD: 3 3a 0 1e
AUDIO PAYLOAD: 3a 0 1e ae
AUDIO PAYLOAD: 0 1e ae 9d
AUDIO PAYLOAD: 1e ae 9d ae
AUDIO PAYLOAD: ae 9d ae 80
AUDIO PAYLOAD: 9d ae 80 10
AUDIO PAYLOAD: ae 80 10 0
AUDIO PAYLOAD: 80 10 0 e
AUDIO PAYLOAD: 10 0 e 2
AUDIO PAYLOAD: 0 e 2 0
AUDIO PAYLOAD: e 2 0 1f
AUDIO PAYLOAD: 2 0 1f 9d
AUDIO PAYLOAD: 0 1f 9d 12
AUDIO PAYLOAD: 1f 9d 12 ee
AUDIO PAYLOAD: 9d 12 ee ef
AUDIO PAYLOAD: 12 ee ef 64
AUDIO PAYLOAD: ee ef 64 2
AUDIO PAYLOAD: ef 64 2 40
AUDIO PAYLOAD: 64 2 40 e2
AUDIO PAYLOAD: 2 40 e2 2f
AUDIO PAYLOAD: 40 e2 2f df
AUDIO PAYLOAD: e2 2f df e4
AUDIO PAYLOAD: 2f df e4 e
AUDIO PAYLOAD: df e4 e 10
AUDIO PAYLOAD: e4 e 10 3
AUDIO PAYLOAD: e 10 3 76
AUDIO PAYLOAD: 10 3 76 31
AUDIO PAYLOAD: 3 76 31 34
AUDIO PAYLOAD: 76 31 34 13
AUDIO PAYLOAD: 31 34 13 72
AUDIO PAYLOAD: 34 13 72 2
AUDIO PAYLOAD: 13 72 2 20
AUDIO PAYLOAD: 72 2 20 0
AUDIO PAYLOAD: 2 20 0 22
AUDIO PAYLOAD: 20 0 22 d1
AUDIO PAYLOAD: 0 22 d1 70
AUDIO PAYLOAD: 22 d1 70 14
AUDIO PAYLOAD: d1 70 14 23
AUDIO PAYLOAD: 70 14 23 51
AUDIO PAYLOAD: 14 23 51 3
AUDIO PAYLOAD: 23 51 3 32
AUDIO PAYLOAD: 51 3 32 7
AUDIO PAYLOAD: 3 32 7 2f
AUDIO PAYLOAD: 32 7 2f 10
AUDIO PAYLOAD: 7 2f 10 f1
AUDIO PAYLOAD: 2f 10 f1 60
AUDIO PAYLOAD: 10 f1 60 13
AUDIO PAYLOAD: f1 60 13 21
AUDIO PAYLOAD: 60 13 21 2
AUDIO PAYLOAD: 13 21 2 40
AUDIO PAYLOAD: 21 2 40 f1
AUDIO PAYLOAD: 2 40 f1 1e
AUDIO PAYLOAD: 40 f1 1e f
AUDIO PAYLOAD: f1 1e f 9e
AUDIO PAYLOAD: 1e f 9e ee
AUDIO PAYLOAD: f 9e ee 1
AUDIO PAYLOAD: 9e ee 1 31
AUDIO PAYLOAD: ee 1 31 12
AUDIO PAYLOAD: 1 31 12 60
AUDIO PAYLOAD: 31 12 60 3
AUDIO PAYLOAD: 12 60 3 12
AUDIO PAYLOAD: 60 3 12 51
AUDIO PAYLOAD: 3 12 51 1
AUDIO PAYLOAD: 12 51 1 3f
AUDIO PAYLOAD: 51 1 3f e6
AUDIO PAYLOAD: 1 3f e6 0
AUDIO PAYLOAD: 3f e6 0 32
AUDIO PAYLOAD: e6 0 32 e0
AUDIO PAYLOAD: 0 32 e0 c
AUDIO PAYLOAD: 32 e0 c 9f
AUDIO PAYLOAD: e0 c 9f ee
AUDIO PAYLOAD: c 9f ee ff
AUDIO PAYLOAD: 9f ee ff dc
AUDIO PAYLOAD: ee ff dc fc
AUDIO PAYLOAD: ff dc fc c0
AUDIO PAYLOAD: dc fc c0 e
AUDIO PAYLOAD: fc c0 e 2
AUDIO PAYLOAD: c0 e 2 ff
AUDIO PAYLOAD: e 2 ff c
AUDIO PAYLOAD: 2 ff c 80
AUDIO PAYLOAD: ff c 80 ed
AUDIO PAYLOAD: c 80 ed 1
AUDIO PAYLOAD: 80 ed 1 fd
AUDIO PAYLOAD: ed 1 fd e0
AUDIO PAYLOAD: 1 fd e0 f2
AUDIO PAYLOAD: fd e0 f2 63
AUDIO PAYLOAD: e0 f2 63 11
AUDIO PAYLOAD: f2 63 11 25
AUDIO PAYLOAD: 63 11 25 20
AUDIO PAYLOAD: 11 25 20 f2
AUDIO PAYLOAD: 25 20 f2 40
AUDIO PAYLOAD: 20 f2 40 f0
AUDIO PAYLOAD: f2 40 f0 27
AUDIO PAYLOAD: 40 f0 27 30
AUDIO PAYLOAD: f0 27 30 37
AUDIO PAYLOAD: 27 30 37 10
AUDIO PAYLOAD: 30 37 10 30
AUDIO PAYLOAD: 37 10 30 13
AUDIO PAYLOAD: 10 30 13 11
AUDIO PAYLOAD: 30 13 11 42
AUDIO PAYLOAD: 13 11 42 22
AUDIO PAYLOAD: 11 42 22 33
AUDIO PAYLOAD: 42 22 33 23
AUDIO PAYLOAD: 22 33 23 42
AUDIO PAYLOAD: 33 23 42 53
AUDIO PAYLOAD: 23 42 53 10
AUDIO PAYLOAD: 42 53 10 23
AUDIO PAYLOAD: 53 10 23 34
AUDIO PAYLOAD: 10 23 34 55
AUDIO PAYLOAD: 23 34 55 11
AUDIO PAYLOAD: 34 55 11 21
AUDIO PAYLOAD: 55 11 21 1
AUDIO PAYLOAD: 11 21 1 11
AUDIO PAYLOAD: 21 1 11 42
AUDIO PAYLOAD: 1 11 42 e
AUDIO PAYLOAD: 11 42 e 1
AUDIO PAYLOAD: 42 e 1 1
AUDIO PAYLOAD: e 1 1 42
AUDIO PAYLOAD: 1 1 42 51
AUDIO PAYLOAD: 1 42 51 1
AUDIO PAYLOAD: 42 51 1 53
AUDIO PAYLOAD: 51 1 53 0
AUDIO PAYLOAD: 1 53 0 21
AUDIO PAYLOAD: 53 0 21 25
AUDIO PAYLOAD: 0 21 25 51
AUDIO PAYLOAD: 21 25 51 fe
AUDIO PAYLOAD: 25 51 fe f0
AUDIO PAYLOAD: 51 fe f0 23
AUDIO PAYLOAD: fe f0 23 e
AUDIO PAYLOAD: f0 23 e 73
AUDIO PAYLOAD: 23 e 73 e1
AUDIO PAYLOAD: e 73 e1 61
AUDIO PAYLOAD: 73 e1 61 3
AUDIO PAYLOAD: e1 61 3 50
AUDIO PAYLOAD: 61 3 50 1
AUDIO PAYLOAD: 3 50 1 0
AUDIO PAYLOAD: 50 1 0 22
AUDIO PAYLOAD: 1 0 22 3
AUDIO PAYLOAD: 0 22 3 3c
AUDIO PAYLOAD: 22 3 3c c2
AUDIO PAYLOAD: 3 3c c2 10
AUDIO PAYLOAD: 3c c2 10 17
AUDIO PAYLOAD: c2 10 17 1f
AUDIO PAYLOAD: 10 17 1f 2
AUDIO PAYLOAD: 17 1f 2 fd
AUDIO PAYLOAD: 1f 2 fd 1e
AUDIO PAYLOAD: 2 fd 1e b3
AUDIO PAYLOAD: fd 1e b3 c
AUDIO PAYLOAD: 1e b3 c 2
AUDIO PAYLOAD: b3 c 2 1
AUDIO PAYLOAD: c 2 1 4e
AUDIO PAYLOAD: 2 1 4e d1
AUDIO PAYLOAD: 1 4e d1 9e
AUDIO PAYLOAD: 4e d1 9e ce
AUDIO PAYLOAD: d1 9e ce fe
AUDIO PAYLOAD: 9e ce fe 1
AUDIO PAYLOAD: ce fe 1 f
AUDIO PAYLOAD: fe 1 f 1e
AUDIO PAYLOAD: 1 f 1e e5
AUDIO PAYLOAD: f 1e e5 42
AUDIO PAYLOAD: 1e e5 42 17
AUDIO PAYLOAD: e5 42 17 30
AUDIO PAYLOAD: 42 17 30 20
AUDIO PAYLOAD: 17 30 20 ef
AUDIO PAYLOAD: 30 20 ef 0
AUDIO PAYLOAD: 20 ef 0 47
AUDIO PAYLOAD: ef 0 47 10
AUDIO PAYLOAD: 0 47 10 21
AUDIO PAYLOAD: 47 10 21 12
AUDIO PAYLOAD: 10 21 12 fa
AUDIO PAYLOAD: 21 12 fa 23
AUDIO PAYLOAD: 12 fa 23 3
AUDIO PAYLOAD: fa 23 3 3d
AUDIO PAYLOAD: 23 3 3d 7
AUDIO PAYLOAD: 3 3d 7 df
AUDIO PAYLOAD: 3d 7 df 30
AUDIO PAYLOAD: 7 df 30 d4
AUDIO PAYLOAD: df 30 d4 40
AUDIO PAYLOAD: 30 d4 40 25
AUDIO PAYLOAD: d4 40 25 0
AUDIO PAYLOAD: 40 25 0 42
AUDIO PAYLOAD: 25 0 42 f
AUDIO PAYLOAD: 0 42 f 20
AUDIO PAYLOAD: 42 f 20 f5
AUDIO PAYLOAD: f 20 f5 40
AUDIO PAYLOAD: 20 f5 40 13
AUDIO PAYLOAD: f5 40 13 df
AUDIO PAYLOAD: 40 13 df 30
AUDIO PAYLOAD: 13 df 30 f6
AUDIO PAYLOAD: df 30 f6 10
AUDIO PAYLOAD: 30 f6 10 3
AUDIO PAYLOAD: f6 10 3 1
AUDIO PAYLOAD: 10 3 1 32
AUDIO PAYLOAD: 3 1 32 5
AUDIO PAYLOAD: 1 32 5 24
AUDIO PAYLOAD: 32 5 24 52
AUDIO PAYLOAD: 5 24 52 13
AUDIO PAYLOAD: 24 52 13 e
AUDIO PAYLOAD: 52 13 e 44
AUDIO PAYLOAD: 13 e 44 fc
AUDIO PAYLOAD: e 44 fc 3
AUDIO PAYLOAD: 44 fc 3 43
AUDIO PAYLOAD: fc 3 43 1e
AUDIO PAYLOAD: 3 43 1e 1
AUDIO PAYLOAD: 43 1e 1 37
AUDIO PAYLOAD: 1e 1 37 60
AUDIO PAYLOAD: 1 37 60 0
AUDIO PAYLOAD: 37 60 0 c
AUDIO PAYLOAD: 60 0 c 0
AUDIO PAYLOAD: 0 c 0 fe
AUDIO PAYLOAD: c 0 fe fe
AUDIO PAYLOAD: 0 fe fe d8
AUDIO PAYLOAD: fe fe d8 dd
AUDIO PAYLOAD: fe d8 dd d
AUDIO PAYLOAD: d8 dd d ce
AUDIO PAYLOAD: dd d ce cc
AUDIO PAYLOAD: d ce cc f
AUDIO PAYLOAD: ce cc f ce
AUDIO PAYLOAD: cc f ce f0
AUDIO PAYLOAD: f ce f0 f0
AUDIO PAYLOAD: ce f0 f0 50
AUDIO PAYLOAD: f0 f0 50 14
AUDIO PAYLOAD: f0 50 14 10
AUDIO PAYLOAD: 50 14 10 18
AUDIO PAYLOAD: 14 10 18 8f
AUDIO PAYLOAD: 10 18 8f f0
AUDIO PAYLOAD: 18 8f f0 43
AUDIO PAYLOAD: 8f f0 43 24
AUDIO PAYLOAD: f0 43 24 ed
AUDIO PAYLOAD: 43 24 ed 1f
AUDIO PAYLOAD: 24 ed 1f 4
AUDIO PAYLOAD: ed 1f 4 51
AUDIO PAYLOAD: 1f 4 51 50
AUDIO PAYLOAD: 4 51 50 f
AUDIO PAYLOAD: 51 50 f b1
AUDIO PAYLOAD: 50 f b1 ff
AUDIO PAYLOAD: f b1 ff 20
AUDIO PAYLOAD: b1 ff 20 f0
AUDIO PAYLOAD: ff 20 f0 d
AUDIO PAYLOAD: 20 f0 d 0
AUDIO PAYLOAD: f0 d 0 0
AUDIO PAYLOAD: d 0 0 f
AUDIO PAYLOAD: 0 0 f 2e
AUDIO PAYLOAD: 0 f 2e b0
AUDIO PAYLOAD: f 2e b0 18
AUDIO PAYLOAD: 2e b0 18 1
AUDIO PAYLOAD: b0 18 1 f0
AUDIO PAYLOAD: 18 1 f0 10
AUDIO PAYLOAD: 1 f0 10 13
AUDIO PAYLOAD: f0 10 13 1
AUDIO PAYLOAD: 10 13 1 31
AUDIO PAYLOAD: 13 1 31 f2
AUDIO PAYLOAD: 1 31 f2 14
AUDIO PAYLOAD: 31 f2 14 1
AUDIO PAYLOAD: f2 14 1 9c
AUDIO PAYLOAD: 14 1 9c 0
AUDIO PAYLOAD: 1 9c 0 7
AUDIO PAYLOAD: 9c 0 7 16
AUDIO PAYLOAD: 0 7 16 12
AUDIO PAYLOAD: 7 16 12 14
AUDIO PAYLOAD: 16 12 14 c3
AUDIO PAYLOAD: 12 14 c3 c
AUDIO PAYLOAD: 14 c3 c 40
AUDIO PAYLOAD: c3 c 40 20
AUDIO PAYLOAD: c 40 20 e0
AUDIO PAYLOAD: 40 20 e0 d
AUDIO PAYLOAD: 20 e0 d 0
AUDIO PAYLOAD: e0 d 0 e2
AUDIO PAYLOAD: d 0 e2 6f
AUDIO PAYLOAD: 0 e2 6f d0
AUDIO PAYLOAD: e2 6f d0 ee
AUDIO PAYLOAD: 6f d0 ee 51
AUDIO PAYLOAD: d0 ee 51 ff
AUDIO PAYLOAD: ee 51 ff f0
AUDIO PAYLOAD: 51 ff f0 38
AAC_PROBE: ret 382
AAC SYNC AFTER 382 bytes
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210394400 (LWP 12765)]
reset_pred_state (state=0x0) at libfaad2/ic_predict.c:186
186 state->r[0] = 0;
(gdb) bt
#0 reset_pred_state (state=0x0) at libfaad2/ic_predict.c:186
#1 0x081b0063 in ic_prediction (ics=0xbfd70078, spec=0xbfd6f030,
#2 0x081c4599 in reconstruct_single_channel (hDecoder=0x89c4ec8,
#3 0x081ca496 in decode_sce_lfe (hDecoder=0x89c4ec8,
#4 0x081cacc9 in raw_data_block (hDecoder=0x89c4ec8,
#5 0x081ab72a in aac_frame_decode (hDecoder=0x89c4ec8,
#6 0x0818b423 in decode_audio (sh=0x89a7b80, buf=0x89a8eb0 "",
#7 0x080daa75 in decode_audio (sh_audio=0x89a7b80, minlen=65536)
#8 0x080784ea in main (argc=3, argv=0xbfd76e54) at mplayer.c:2044
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x81afb74 to 0x81afbb4:
0x081afb74 <quant_pred+4>: inc %ebp
0x081afb75 <quant_pred+5>: or %bl,0xffffffc1(%ebp)
0x081afb78 <quant_pred+8>: clc
0x081afb79 <quant_pred+9>: adc %al,%bl
0x081afb7b <quant_pred+11>: nop
0x081afb7c <quant_pred+12>: lea 0x0(%esi),%esi
0x081afb80 <inv_quant_pred+0>: push %ebp
0x081afb81 <inv_quant_pred+1>: mov %esp,%ebp
0x081afb83 <inv_quant_pred+3>: sub $0x10,%esp
0x081afb86 <inv_quant_pred+6>: flds 0xfffffffc(%ebp)
0x081afb89 <inv_quant_pred+9>: leave
0x081afb8a <inv_quant_pred+10>: ret
0x081afb8b <inv_quant_pred+11>: nop
0x081afb8c <inv_quant_pred+12>: lea 0x0(%esi),%esi
0x081afb90 <reset_pred_state+0>: push %ebp
0x081afb91 <reset_pred_state+1>: mov %esp,%ebp
0x081afb93 <reset_pred_state+3>: pop %ebp
0x081afb94 <reset_pred_state+4>: movw $0x0,(%eax)
0x081afb99 <reset_pred_state+9>: movw $0x0,0x2(%eax)
0x081afb9f <reset_pred_state+15>: movw $0x0,0x4(%eax)
0x081afba5 <reset_pred_state+21>: movw $0x0,0x6(%eax)
0x081afbab <reset_pred_state+27>: movw $0x3f80,0x8(%eax)
---Type <return> to continue, or q <return> to quit---
0x081afbb1 <reset_pred_state+33>: movw $0x3f80,0xa(%eax)
End of assembler dump.
(gdb)
(gdb) info all-registers
eax 0x0 0
ecx 0xbfd70072 -1076428686
edx 0x0 0
ebx 0x0 0
esp 0xbfd6ef28 0xbfd6ef28
ebp 0xbfd6ef38 0xbfd6ef38
esi 0x400 1024
edi 0x0 0
eip 0x81afb94 0x81afb94 <reset_pred_state+4>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 2.98023223876953125e-08 (raw 0x3fe68000000000000000)
---Type <return> to continue, or q <return> to quit---