Opened 16 years ago
Closed 16 years ago
#1160 closed defect (duplicate)
Conditional jump at various places including stream.h, mc_replace_strmem.c
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Component: | ad |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The fuzzed file 60-the-mummy3-trailer.mp4 (in the archive at the URL above) caused Mplayer to crash in module decode_audio.
Valgrind reports conditional jump in the following locations: stream.h:261, stream.c:310, stream.c:357, stream.h:212, mc_replace_strmem.c:77, demux_mov.c:2173, mc_replace_strmem.c:80.
The bug is reproducible on Linux Debian Etch, with the latest Subversion head
mplayer (r27249). The machine used is VMWare Player.
Reproduce as follows:
wget http://www.eecs.berkeley.edu/~zhl210/7074-60-474710126-SyscallParam.tgz
tar xzf 7074-60-474710126-SyscallParam.tgz
Valgrind mplayer 60-the-mummy3-trailer.mp4
Here is the report by Valgrind:
==28021== Memcheck, a memory error detector.
==28021== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==28021== Using LibVEX rev 1854, a library for dynamic binary translation.
==28021== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==28021== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==28021== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==28021== For more details, rerun with: -v
==28021==
MPlayer dev-SVN-r27249-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
Playing 60-the-mummy3-trailer.mp4.
libavformat file format detected.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863daf0]Could not find codec parameters (Video: 0x0000)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863daf0]Could not find codec parameters (Audio: mp4a / 0x6134706D, 44100 Hz, stereo)
LAVF_header: av_find_stream_info() failed
Quicktime/MOV file format detected.
* constant samplesize & variable duration not yet supported! *
Contact the author if you have such sample file!
[mov] Audio stream found, -aid 1
==========================================================================
Opening audio decoder: [faad] AAC (MPEG2/4 Advanced Audio Coding)
AUDIO: 44100 Hz, 2 ch, s16le, 64.0 kbit/4.54% (ratio: 8000->176400)
Selected audio codec: [faad] afm: faad (FAAD AAC (MPEG-2/MPEG-4 Audio) decoder)
==========================================================================
AO: [oss] 44100Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 2662187488
==28021== at 0x8139B49: demux_mov_fill_buffer (stream.h:261)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3078251230
==28021== at 0x8139B4F: demux_mov_fill_buffer (stream.h:261)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 686077039
==28021== at 0x8139D1C: demux_mov_fill_buffer (stream.h:261)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 724914730
==28021== at 0x8139B6B: demux_mov_fill_buffer (stream.h:263)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 1564824554
==28021== at 0x8172BEB: stream_seek_long (stream.c:310)
==28021== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Syscall param llseek(offset_high) contains uninitialised byte(s)
==28021== Stack hash: 4007784124
==28021== at 0x4000792: (within /lib/ld-2.3.6.so)
==28021==
==28021== Syscall param llseek(offset_low) contains uninitialised byte(s)
==28021== Stack hash: 4007784124
==28021== at 0x4000792: (within /lib/ld-2.3.6.so)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3954179311
==28021== at 0x8172C48: stream_seek_long (stream.c:357)
==28021== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 2892614417
==28021== at 0x8172C5A: stream_seek_long (stream.c:358)
==28021== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3729099939
==28021== at 0x8172C5C: stream_seek_long (stream.c:358)
==28021== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3672830096
==28021== at 0x8172C61: stream_seek_long (stream.c:358)
==28021== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3794829984
==28021== at 0x811CCD0: ds_read_packet (stream.h:212)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 2684557370
==28021== at 0x811CC9A: ds_read_packet (stream.h:216)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 2626540737
==28021== at 0x401FA3C: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 2314943030
==28021== at 0x401FA45: memcpy (mc_replace_strmem.c:77)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3019537479
==28021== at 0x401FA5A: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 1723546772
==28021== at 0x401FA9B: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 1985544600
==28021== at 0x401FAAF: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Use of uninitialised value of size 4
==28021== Stack hash: 919752565
==28021== at 0x401FAC0: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Use of uninitialised value of size 4
==28021== Stack hash: 3575332291
==28021== at 0x401FAC6: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 558554979
==28021== at 0x401FAE6: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 2328941463
==28021== at 0x401FAEA: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3164534826
==28021== at 0x401FB09: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 505157739
==28021== at 0x811CCC3: ds_read_packet (stream.h:209)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 328356307
==28021== at 0x401FB16: memcpy (mc_replace_strmem.c:80)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3245933861
==28021== at 0x401FB30: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Conditional jump or move depends on uninitialised value(s)
==28021== Stack hash: 3376932775
==28021== at 0x401FB3A: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Use of uninitialised value of size 4
==28021== Stack hash: 1737545205
==28021== at 0x401FB40: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021==
==28021== Invalid write of size 1
==28021== Stack hash: 1868544119
==28021== at 0x401FB4A: memcpy (mc_replace_strmem.c:402)
==28021== by 0x811CCBD: ds_read_packet (stream.h:218)
==28021== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==28021== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==28021== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==28021== by 0x818B4BF: decode_audio (ad_faad.c:263)
==28021== by 0x80DAA74: decode_audio (dec_audio.c:383)
==28021== by 0x80784E9: main (mplayer.c:2044)
==28021== Address 0x0 is not stack'd, malloc'd or (recently) free'd
MPlayer interrupted by signal 11 in module: decode_audio
- MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.
==28021==
==28021== ERROR SUMMARY: 1017 errors from 37 contexts (suppressed: 21 from 1)
==28021== malloc/free: in use at exit: 311,656 bytes in 2,214 blocks.
==28021== malloc/free: 2,399 allocs, 184 frees, 1,651,247 bytes allocated.
==28021== For counts of detected errors, rerun with: -v
==28021== searching for pointers to 2,214 not-freed blocks.
==28021== checked 3,088,032 bytes.
==28021==
==28021== LEAK SUMMARY:
==28021== definitely lost: 0 bytes in 0 blocks.
==28021== possibly lost: 0 bytes in 0 blocks.
==28021== still reachable: 311,656 bytes in 2,214 blocks.
==28021== suppressed: 0 bytes in 0 blocks.
==28021== Rerun with --leak-check=full to see details of leaked memory.
Here is the backtrace using gdb:
MPlayer dev-SVN-r27249-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '60-the-mummy3-trailer.mp4'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('60-the-mummy3-trailer.mp4.conf') -> '/home/user/.mplayer/60-the-mummy3-trailer.mp4.conf'
Playing 60-the-mummy3-trailer.mp4.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 6472527 bytes
STREAM: [file] 60-the-mummy3-trailer.mp4
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: QuickTime/MPEG-4/Motion JPEG 2000 format
libavformat file format detected.
stream_seek: WARNING! Can't seek to 0x62C34F !
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863daf0]Could not find codec parameters (Video: 0x0000)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x863daf0]Could not find codec parameters (Audio: mp4a / 0x6134706D, 44100 Hz, stereo)
LAVF_header: av_find_stream_info() failed
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Checking for Nullsoft Streaming Video
Checking for MOV
ISO: File Type Major Brand: ISO Base Media
ISO: File Type Minor Version: 512
ISO: File Type Compatible Brand #0: }p41
MOV: Movie DATA found!
MOV: Movie header found!
Quicktime/MOV file format detected.
MOV: Movie header (100 bytes): tscale=90000 dur=9079200
MOV: Track #0:
MOV: Track header!
tkhd len=84 ver=0 flags=0x0 id=1 dur=9079200 lay=0 vol=0
MOV: Media stream!
MOV: Media header!
MOV: Handler header: /vide () VideoHandler
MOV: unknown handler class: 0x0 ()
MOV: unknown chunk: einf 134239156
MOV track #0: 0 chunks, 0 samples
pts=9079200 scale=90000 time=100.880
* constant samplesize & variable duration not yet supported! *
Contact the author if you have such sample file!
Unknown track type found (type: 0)
MOV: Track #1:
MOV: unknown chunk: tihd 84
MOV: Media stream!
MOV: Media header!
MOV: Handler header: /soun () SouldHandler
MOV: unknown handler class: 0x0 ()
MOV: Media info!
MOV: Sound header!
MOV: unknown chunk: dinf 28
MOV: Sample info!
MOV: Description list! (cnt:1)
MOV: desc #0: mp4a (59 bytes)
MOV: unknown chunk: stt� 16
MOV: Sample->Chunk mapping table! (1 blocks) (ver:0,flags:0)
MOV: Sample size table! (entries=4336 ss=0) (ver:0,flags:0)
MOV track #1: 0 chunks, 4336 samples
pts=4440064 scale=44100 time=100.682
==> Found audio stream: 1
[mov] Audio stream found, -aid 1
Audio bits: 16 chans: 2 rate: 44100
MOV: Found MPEG4 audio Elementary Stream Descriptor atom (33831)!
ESDS MPEG4 version: 0 flags: 0x000000
ESDS MPEG4 ES Descriptor (25Bytes):
-> ESId: 0
-> streamPriority: 0
ESDS MPEG4 Decoder Config Descriptor (17Bytes):
-> objectTypeId: 64
-> streamType: 0x55
-> bufferSizeDB: 0x001800
-> maxBitrate: 64.000kbit/s
-> avgBitrate: 64.000kbit/s
ESDS MPEG4 Decoder Specific Descriptor (2Bytes)
ESDS MPEG4 Sync Layer Config Descriptor (1Bytes)
-> predefined: 2
Fourcc: mp4a
Quicktime Clip Info:
Requirements: �/2�eM/�T�=��T�UM2B
MOV: longest streams: A: #1 (4336 samples) V: #-1 (0 samples)
==========================================================================
Opening audio decoder: [faad] AAC (MPEG2/4 Advanced Audio Coding)
dec_audio: Allocating 4608 bytes for input buffer.
dec_audio: Allocating 49152 + 65536 = 114688 bytes for output buffer.
FAAD: Decoder init done (0Bytes)!
FAAD: Negotiated samplerate: 44100Hz channels: 2
FAAD: got 64kbit/s bitrate from MP4 header!
AUDIO: 44100 Hz, 2 ch, s16le, 64.0 kbit/4.54% (ratio: 8000->176400)
Selected audio codec: [faad] afm: faad (FAAD AAC (MPEG-2/MPEG-4 Audio) decoder)
==========================================================================
Building audio filter chain for 44100Hz/2ch/s16le -> 0Hz/0ch/??...
[libaf] Adding filter dummy
[dummy] Was reinitialized: 44100Hz/2ch/s16le
[dummy] Was reinitialized: 44100Hz/2ch/s16le
Trying every known audio driver...
ao2: 44100 Hz 2 chans s16le
audio_setup: using '/dev/dsp' dsp device
audio_setup: using '/dev/mixer' mixer device
audio_setup: using 'pcm' mixer device
audio_setup: sample format: s16le (requested: s16le)
audio_setup: using 2 channels (requested: 2)
audio_setup: using 44100 Hz samplerate (requested: 44100)
audio_setup: frags: 8/8 (8192 bytes/frag) free: 65536
AO: [oss] 44100Hz 2ch s16le (2 bytes per sample)
AO: Description: OSS/ioctl audio output
AO: Author: A'rpi
Building audio filter chain for 44100Hz/2ch/s16le -> 44100Hz/2ch/s16le...
[dummy] Was reinitialized: 44100Hz/2ch/s16le
[dummy] Was reinitialized: 44100Hz/2ch/s16le
Video: no video
Freeing 0 unused video chunks.
Starting playback...
Seek failed
stream_read: WARNING! s->buf_pos>s->buf_len?,?%
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209677152 (LWP 27928)]
0xb7ec9b35 in memcpy () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7ec9b35 in memcpy () from /lib/tls/i686/cmov/libc.so.6
#1 0x0811ccbe in ds_read_packet (ds=0x89a70a0, stream=0x72d180a3,
len=<value optimized out>, pts=54692.78125, pos=-8840374601121028341,
flags=0) at ./stream/stream.h:218
#2 0x08139efa in demux_mov_fill_buffer (demuxer=0x89a67b0, ds=0x89a70a0)
at libmpdemux/demux_mov.c:2173
#3 0x0811ea75 in ds_fill_buffer (ds=0x89a70a0) at libmpdemux/demuxer.c:498
#4 0x0811f118 in ds_get_packet_pts (ds=0x89a70a0, start=0xbfffe3e4,
pts=0xbfffe3d8) at libmpdemux/demuxer.c:619
#5 0x0818b4c0 in decode_audio (sh=0x89b9558, buf=0x89c2400 "", minlen=65536,
maxlen=114688) at libmpcodecs/ad_faad.c:263
#6 0x080daa75 in decode_audio (sh_audio=0x89b9558, minlen=65536)
at libmpcodecs/dec_audio.c:383
#7 0x080784ea in main (argc=3, argv=0xbffff704) at mplayer.c:2044
(gdb)
#0 0xb7ec9b35 in memcpy () from /lib/tls/i686/cmov/libc.so.6
#1 0x0811ccbe in ds_read_packet (ds=0x89a70a0, stream=0x72d180a3,
len=<value optimized out>, pts=54692.78125, pos=-8840374601121028341,
flags=0) at ./stream/stream.h:218
#2 0x08139efa in demux_mov_fill_buffer (demuxer=0x89a67b0, ds=0x89a70a0)
at libmpdemux/demux_mov.c:2173
#3 0x0811ea75 in ds_fill_buffer (ds=0x89a70a0) at libmpdemux/demuxer.c:498
#4 0x0811f118 in ds_get_packet_pts (ds=0x89a70a0, start=0xbfffe3e4,
pts=0xbfffe3d8) at libmpdemux/demuxer.c:619
#5 0x0818b4c0 in decode_audio (sh=0x89b9558, buf=0x89c2400 "", minlen=65536,
maxlen=114688) at libmpcodecs/ad_faad.c:263
#6 0x080daa75 in decode_audio (sh_audio=0x89b9558, minlen=65536)
at libmpcodecs/dec_audio.c:383
#7 0x080784ea in main (argc=3, argv=0xbffff704) at mplayer.c:2044
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0xb7ec9b15 to 0xb7ec9b55:
0xb7ec9b15 <memcpy_chk+5>: inc %esp
0xb7ec9b16 <memcpy_chk+6>: and $0x10,%al
0xb7ec9b18 <memcpy_chk+8>: jb 0xb7f3cae0 <chk_fail>
0xb7ec9b1e <memcpy_chk+14>: mov %esi,%esi
0xb7ec9b20 <memcpy+0>: mov 0xc(%esp),%ecx
0xb7ec9b24 <memcpy+4>: mov %edi,%eax
0xb7ec9b26 <memcpy+6>: mov 0x4(%esp),%edi
0xb7ec9b2a <memcpy+10>: mov %esi,%edx
0xb7ec9b2c <memcpy+12>: mov 0x8(%esp),%esi
0xb7ec9b30 <memcpy+16>: cld
0xb7ec9b31 <memcpy+17>: shr %ecx
0xb7ec9b33 <memcpy+19>: jae 0xb7ec9b36 <memcpy+22>
0xb7ec9b35 <memcpy+21>: movsb %ds:(%esi),%es:(%edi)
0xb7ec9b36 <memcpy+22>: shr %ecx
0xb7ec9b38 <memcpy+24>: jae 0xb7ec9b3c <memcpy+28>
0xb7ec9b3a <memcpy+26>: movsw %ds:(%esi),%es:(%edi)
0xb7ec9b3c <memcpy+28>: rep movsl %ds:(%esi),%es:(%edi)
0xb7ec9b3e <memcpy+30>: mov %eax,%edi
0xb7ec9b40 <memcpy+32>: mov %edx,%esi
0xb7ec9b42 <memcpy+34>: mov 0x4(%esp),%eax
0xb7ec9b46 <memcpy+38>: ret
0xb7ec9b47 <memcpy+39>: nop
---Type <return> to continue, or q <return> to quit---
0xb7ec9b48 <memcpy+40>: nop
0xb7ec9b49 <memcpy+41>: nop
0xb7ec9b4a <memcpy+42>: nop
0xb7ec9b4b <memcpy+43>: nop
0xb7ec9b4c <memcpy+44>: nop
0xb7ec9b4d <memcpy+45>: nop
0xb7ec9b4e <memcpy+46>: nop
0xb7ec9b4f <memcpy+47>: nop
0xb7ec9b50 <memcpy+48>: push %ebp
0xb7ec9b51 <memcpy+49>: mov %esp,%ebp
0xb7ec9b53 <memcpy+51>: sub $0xc,%esp
End of assembler dump.
(gdb) info all-registers
eax 0x6a370f47 1781993287
ecx 0x4ae4787a 1256487034
edx 0x89a7138 144339256
ebx 0x95c8f0f5 -1781993227
esp 0xbfffe25c 0xbfffe25c
ebp 0xbfffe2b8 0xbfffe2b8
esi 0x72d180a3 1926332579
edi 0x89be880 144435328
eip 0xb7ec9b35 0xb7ec9b35 <memcpy+21>
eflags 0x210a13 [ CF AF IF OF RF ID ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 128 (raw 0x40068000000000000000)
This bug was found as part of the SUPERB-TRUST 2008 project.
* This bug has been marked as a duplicate of bug 1147 *