Opened 16 years ago
Closed 16 years ago
#1146 closed defect (duplicate)
Bugs in mov_build_index and vfprintf, mplayer crashed
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | important | Component: | vd |
| Version: | HEAD | Severity: | critical |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The fussed file 6-tennis_kid.mp4 (in the archive at the URL above) caused Mplayer to crash by bad usage of CPU/FPU/RAM. Valgrind reports conditional jump or move at multiple places.
This is reproducible on Linux Debian Etch, with the latest Subversion head mplayer (r27245). The machine used is VMWare Player.
Reproduce as follows:
wget http://www.eecs.berkeley.edu/~zhl210/443098-6-4265251481-UninitCondition.tgz
tar xzf 443098-6-4265251481-UninitCondition.tgz
Valgrind mplayer 6-tennis_kid.mp4
Here is the report by Valgrind:
==13419== Memcheck, a memory error detector.
==13419== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==13419== Using LibVEX rev 1854, a library for dynamic binary translation.
==13419== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==13419== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==13419== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==13419== For more details, rerun with: -v
==13419==
MPlayer dev-SVN-r27245-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
Playing 6-tennis_kid.mp4.
libavformat file format detected.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863db30]stream 0, missing mandatory atoms, broken header
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863db30]Could not find codec parameters (Video: mpeg4, 4416x33008)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863db30]Could not find codec parameters (Data: 0x0000)
LAVF_header: av_find_stream_info() failed
ISO: Unknown File Type Major Brand: MSNV
Quicktime/MOV file format detected.
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 3377454020
==13419== at 0x81393FC: mov_build_index (demux_mov.c:200)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
==13419==
==13419== Use of uninitialised value of size 4
==13419== Stack hash: 2862961589
==13419== at 0x40B64B9: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 1163077597
==13419== at 0x40B64C1: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 3088939421
==13419== at 0x40B80B1: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==13419== by 0x40D8F80: vsnprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==13419== by 0x807C52D: mp_msg (mp_msg.c:177)
==13419== by 0x8139423: mov_build_index (demux_mov.c:201)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 313808409
==13419== at 0x40BA8AD: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==13419== by 0x40D8F80: vsnprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==13419== by 0x807C52D: mp_msg (mp_msg.c:177)
==13419== by 0x8139423: mov_build_index (demux_mov.c:201)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 1195498821
==13419== at 0x40B8159: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==13419== by 0x40D8F80: vsnprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==13419== by 0x807C52D: mp_msg (mp_msg.c:177)
==13419== by 0x8139423: mov_build_index (demux_mov.c:201)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
MOV: durmap and chunkmap sample count differ (0 vs 1302)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 66376236
==13419== at 0x81394C4: mov_build_index (demux_mov.c:223)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 4235729732
==13419== at 0x813957C: mov_build_index (demux_mov.c:247)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 3702768266
==13419== at 0x81396AA: mov_build_index (demux_mov.c:275)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 2055945450
==13419== at 0x813978A: mov_build_index (demux_mov.c:283)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
==13419==
==13419== Conditional jump or move depends on uninitialised value(s)
==13419== Stack hash: 4136264160
==13419== at 0x81397A8: mov_build_index (demux_mov.c:283)
==13419== by 0x813AAB6: lschunks (demux_mov.c:1312)
==13419== by 0x813C375: mov_read_header (demux_mov.c:1931)
==13419== by 0x811E32E: demux_open_stream (demuxer.c:864)
==13419== by 0x811E601: demux_open (demuxer.c:991)
==13419== by 0x807799E: main (mplayer.c:3238)
[mov] Video stream found, -vid 0
* depth = 0x1018
Warning! pts=-1220111383 length=1457152
MOV: durmap and chunkmap sample count differ (889876932 vs 0)
* constant samplesize & variable duration not yet supported! *
Contact the author if you have such sample file!
[mov] Audio stream found, -aid 1
MOV: unable to determine audio channels, assuming 2 (got 6)
VIDEO: [mp4v] 4416x33008 24bpp 0.000 fps 0.0 kbps ( 0.0 kbyte/s)
FPS not specified in the header or invalid, use the -fps option.
No stream found.
FPS not specified in the header or invalid, use the -fps option.
No stream found.
Exiting... (End of file)
==13419==
==13419== ERROR SUMMARY: 2340 errors from 11 contexts (suppressed: 21 from 1)
==13419== malloc/free: in use at exit: 55,376 bytes in 15 blocks.
==13419== malloc/free: 2,366 allocs, 2,351 frees, 35,032,582 bytes allocated.
==13419== For counts of detected errors, rerun with: -v
==13419== searching for pointers to 15 not-freed blocks.
==13419== checked 2,862,348 bytes.
==13419==
==13419== LEAK SUMMARY:
==13419== definitely lost: 22,476 bytes in 4 blocks.
==13419== possibly lost: 0 bytes in 0 blocks.
==13419== still reachable: 32,900 bytes in 11 blocks.
==13419== suppressed: 0 bytes in 0 blocks.
==13419== Rerun with --leak-check=full to see details of leaked memory.
Here is the backtrace using gdb:
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1209677152 (LWP 15403)]
MPlayer dev-SVN-r27245-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '6-tennis_kid.mp4'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('6-tennis_kid.mp4.conf') -> '/home/user/.mplayer/6-tennis_kid.mp4.conf'
Playing 6-tennis_kid.mp4.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 4847495 bytes
STREAM: [file] 6-tennis_kid.mp4
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: QuickTime/MPEG-4/Motion JPEG 2000 format
libavformat file format detected.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863db30]stream 0, missing mandatory atoms, broken header
stream_seek: WARNING! Can't seek to 0x49F78B !
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863db30]Could not find codec parameters (Video: mpeg4, 4416x33008)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863db30]Could not find codec parameters (Data: 0x0000)
LAVF_header: av_find_stream_info() failed
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Checking for Nullsoft Streaming Video
Checking for MOV
ISO: Unknown File Type Major Brand: MSNV
ISO: File Type Minor Version: 512
ISO: File Type Compatible Brand #0: MSNv
MOV: unknown chunk: uuid 148
MOV: Movie DATA found!
MOV: Movie header found!
Quicktime/MOV file format detected.
MOV: Movie header (100 bytes): tscale=90000 dur=5464064
MOV: Track #0:
MOV: Track header!
tkhd len=84 ver=0 flags=0x0 id=1 dur=5447442 lay=0 vol=0
MOV: Edit atom!
MOV: Edit list table (1 entries) (ver:0,flags:0)
MOV: entry#0: duration: 5447442 start time: 0 speed: 1.0x
MOV: Media stream!
MOV: unknown chunk: mdh$ 24
MOV: Handler header: /vidE () VideoHandler
MOV: unknown handler class: 0x0 ()
MOV: Media info!
MOV: Video header!
MOV: unknown chunk: dinf 28
MOV: Sample info!
MOV: Description list! (cnt:1)
MOV: desc #0: mp4v (149 bytes)
MOV: unknown chunk: st�s 16
MOV: Syncing samples (keyframes) table! (174 entries) (ver:0,flags:0)
MOV: Sample->Chunk mapping table! (1 blocks) (ver:0,flags:0)
MOV: Sample size table! (entries=1814 ss=0) (ver:0,flags:0)
MOV: Chunk offset table! (1814 chunks)
MOV: unknown chunk: uuid 44
MOV track #0: 1814 chunks, 1814 samples
pts=0 scale=0 time= nan
MOV: durmap and chunkmap sample count differ (0 vs 1371209848)
MOV: durmap or chunkmap bigger than sample count (1371209848 vs 1814)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209677152 (LWP 15403)]
mov_build_index (trak=0x89a8408, timescale=90000) at libmpdemux/demux_mov.c:251
251 mp_msg(MSGT_DEMUX, MSGL_DBG3, "Sample %5d: pts=%8d off=0x%08X size=%d\n",s,
(gdb) bt
#0 mov_build_index (trak=0x89a8408, timescale=90000) at libmpdemux/demux_mov.c:251
#1 0x0813aab7 in lschunks (demuxer=0x89a7158, level=0, endpos=4847495, trak=0x0)
at libmpdemux/demux_mov.c:1312
#2 0x0813c376 in mov_read_header (demuxer=0x89a7158) at libmpdemux/demux_mov.c:1931
#3 0x0811e32f in demux_open_stream (stream=0x89a67c0, file_format=<value optimized out>,
force=0, audio_id=-1, video_id=-1, dvdsub_id=-2,
filename=0x899d470 "6-tennis_kid.mp4") at libmpdemux/demuxer.c:864
#4 0x0811e602 in demux_open (vs=0x89a67c0, file_format=0, audio_id=-1, video_id=-1,
dvdsub_id=-2, filename=0x899d470 "6-tennis_kid.mp4") at libmpdemux/demuxer.c:991
#5 0x0807799f in main (argc=3, argv=0xbffff744) at mplayer.c:3238
(gdb) info all-registers
eax 0x0 0
ecx 0x89a8408 144344072
edx 0x0 0
ebx 0xb0 176
esp 0xbfffe180 0xbfffe180
ebp 0xbfffe228 0xbfffe228
esi 0x0 0
edi 0x0 0
eip 0x81395b8 0x81395b8 <mov_build_index+792>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 -nan(0xc000000000000000) (raw 0xffffc000000000000000)
fctrl 0x37f 895
fstat 0x21 33
ftag 0xffff 65535
---Type <return> to continue, or q <return> to quit---
fiseg 0x73 115
fioff 0xb7e9ce60 -1209414048
foseg 0x7b 123
fooff 0xbfffc0a8 -1073758040
fop 0x51c 1308
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {
0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7 {uint64 = 0xc000000000000000, v2_int32 = {0x0, 0xc0000000}, v4_int16 = {
0x0, 0x0, 0x0, 0xc000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0}}
#0 mov_build_index (trak=0x89a8408, timescale=90000) at libmpdemux/demux_mov.c:251
#1 0x0813aab7 in lschunks (demuxer=0x89a7158, level=0, endpos=4847495, trak=0x0)
at libmpdemux/demux_mov.c:1312
#2 0x0813c376 in mov_read_header (demuxer=0x89a7158) at libmpdemux/demux_mov.c:1931
#3 0x0811e32f in demux_open_stream (stream=0x89a67c0, file_format=<value optimized out>,
force=0, audio_id=-1, video_id=-1, dvdsub_id=-2,
filename=0x899d470 "6-tennis_kid.mp4") at libmpdemux/demuxer.c:864
#4 0x0811e602 in demux_open (vs=0x89a67c0, file_format=0, audio_id=-1, video_id=-1,
dvdsub_id=-2, filename=0x899d470 "6-tennis_kid.mp4") at libmpdemux/demuxer.c:991
#5 0x0807799f in main (argc=3, argv=0xbffff744) at mplayer.c:3238
Dump of assembler code from 0x8139598 to 0x81395d8:
0x08139598 <mov_build_index+760>: add %al,(%eax)
0x0813959a <mov_build_index+762>: jmp 0x81395ae <mov_build_index+782>
0x0813959c <mov_build_index+764>: lea 0x0(%esi),%esi
0x081395a0 <mov_build_index+768>: mov 0x8(%ebp),%eax
0x081395a3 <mov_build_index+771>: add $0x10,%edi
0x081395a6 <mov_build_index+774>: mov 0xffffffdc(%ebp),%edx
0x081395a9 <mov_build_index+777>: cmp %edx,0x54(%eax)
0x081395ac <mov_build_index+780>: jle 0x813961f <mov_build_index+895>
0x081395ae <mov_build_index+782>: mov 0x8(%ebp),%ecx
0x081395b1 <mov_build_index+785>: mov %edi,%edx
0x081395b3 <mov_build_index+787>: mov 0x58(%ecx),%eax
0x081395b6 <mov_build_index+790>: add %eax,%edx
0x081395b8 <mov_build_index+792>: mov 0x4(%edx),%eax
0x081395bb <mov_build_index+795>: mov %ebx,0x8(%edx)
0x081395be <mov_build_index+798>: mov %esi,0xc(%edx)
0x081395c1 <mov_build_index+801>: mov %ebx,0x14(%esp)
0x081395c5 <mov_build_index+805>: mov %eax,0x18(%esp)
0x081395c9 <mov_build_index+809>: mov (%edx),%eax
0x081395cb <mov_build_index+811>: mov %eax,0x10(%esp)
0x081395cf <mov_build_index+815>: mov 0xffffffdc(%ebp),%eax
0x081395d2 <mov_build_index+818>: movl $0x7,(%esp)
End of assembler dump.
eax 0x0 0
ecx 0x89a8408 144344072
edx 0x0 0
ebx 0xb0 176
esp 0xbfffe180 0xbfffe180
ebp 0xbfffe228 0xbfffe228
esi 0x0 0
edi 0x0 0
eip 0x81395b8 0x81395b8 <mov_build_index+792>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 -nan(0xc000000000000000) (raw 0xffffc000000000000000)
fctrl 0x37f 895
fstat 0x21 33
ftag 0xffff 65535
This bug was found as part of the SUPERB-TRUST 2008 project.
Different place but same basic issue as bug 1113
* This bug has been marked as a duplicate of bug 1113 *