Opened 11 years ago

Closed 9 years ago

#1162 closed defect (duplicate)

Error in Decoding:Invalid Read and Conditional jump or move depends on uninitialised value(s)

Reported by: sckhan@… Owned by: reimar
Priority: normal Component: vd
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

The following report is for the SUPERB-TRUST 2008, the cyber security project.

#Error found at test case .mqv file for mplayer version (dev-SVN-r27249-4.1.2)
valgrind report the Invalid Read.

#The test case is "44-nosound_lavf_works.mqv" can be found at the URL

*http://www.eecs.berkeley.edu/~sckhan/44-nosound_lavf_works.mqv

#Reproducible with the following command

*valgrind mplayer 44-nosound_lavf_works.mqv

Can also be run as:

*valgrind --log-file=log5 mplayer 44-nosound_lavf_works.mqv

#OS: Debian Etch Linux

#Valgrind output:

==32753== Memcheck, a memory error detector.
==32753== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==32753== Using LibVEX rev 1854, a library for dynamic binary translation.
==32753== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks? LLP.
==32753== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==32753== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==32753== For more details, rerun with: -v
==32753==
==32753== My PID = 32753, parent PID = 26719. Prog and args are:
==32753== mplayer
==32753== 44-nosound_lavf_works.mqv
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 4251520308
==32753== at 0x81393CC: mov_build_index (demux_mov.c:200)
==32753== by 0x813AA86: lschunks (demux_mov.c:1312)
==32753== by 0x813C345: mov_read_header (demux_mov.c:1931)
==32753== by 0x811E32E: demux_open_stream (demuxer.c:864)
==32753== by 0x811E601: demux_open (demuxer.c:991)
==32753== by 0x807799E: main (mplayer.c:3238)
==32753==
==32753== Use of uninitialised value of size 4
==32753== Stack hash: 3737027877
==32753== at 0x40B64B9: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2037143885
==32753== at 0x40B64C1: (within /lib/tls/i686/cmov/libc-2.3.6.so)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 3963005709
==32753== at 0x40B80B1: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==32753== by 0x40D8F80: vsnprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==32753== by 0x807C52D: mp_msg (mp_msg.c:177)
==32753== by 0x81393F3: mov_build_index (demux_mov.c:201)
==32753== by 0x813AA86: lschunks (demux_mov.c:1312)
==32753== by 0x813C345: mov_read_header (demux_mov.c:1931)
==32753== by 0x811E32E: demux_open_stream (demuxer.c:864)
==32753== by 0x811E601: demux_open (demuxer.c:991)
==32753== by 0x807799E: main (mplayer.c:3238)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1187874697
==32753== at 0x40BA8AD: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==32753== by 0x40D8F80: vsnprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==32753== by 0x807C52D: mp_msg (mp_msg.c:177)
==32753== by 0x81393F3: mov_build_index (demux_mov.c:201)
==32753== by 0x813AA86: lschunks (demux_mov.c:1312)
==32753== by 0x813C345: mov_read_header (demux_mov.c:1931)
==32753== by 0x811E32E: demux_open_stream (demuxer.c:864)
==32753== by 0x811E601: demux_open (demuxer.c:991)
==32753== by 0x807799E: main (mplayer.c:3238)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2069565109
==32753== at 0x40B8159: vfprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==32753== by 0x40D8F80: vsnprintf (in /lib/tls/i686/cmov/libc-2.3.6.so)
==32753== by 0x807C52D: mp_msg (mp_msg.c:177)
==32753== by 0x81393F3: mov_build_index (demux_mov.c:201)
==32753== by 0x813AA86: lschunks (demux_mov.c:1312)
==32753== by 0x813C345: mov_read_header (demux_mov.c:1931)
==32753== by 0x811E32E: demux_open_stream (demuxer.c:864)
==32753== by 0x811E601: demux_open (demuxer.c:991)
==32753== by 0x807799E: main (mplayer.c:3238)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 940442524
==32753== at 0x8139494: mov_build_index (demux_mov.c:223)
==32753== by 0x813AA86: lschunks (demux_mov.c:1312)
==32753== by 0x813C345: mov_read_header (demux_mov.c:1931)
==32753== by 0x811E32E: demux_open_stream (demuxer.c:864)
==32753== by 0x811E601: demux_open (demuxer.c:991)
==32753== by 0x807799E: main (mplayer.c:3238)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 814828724
==32753== at 0x813954C: mov_build_index (demux_mov.c:247)
==32753== by 0x813AA86: lschunks (demux_mov.c:1312)
==32753== by 0x813C345: mov_read_header (demux_mov.c:1931)
==32753== by 0x811E32E: demux_open_stream (demuxer.c:864)
==32753== by 0x811E601: demux_open (demuxer.c:991)
==32753== by 0x807799E: main (mplayer.c:3238)
==32753== Warning: silly arg (-264) to malloc()
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1456509752
==32753== at 0x8139B49: demux_mov_fill_buffer (stream.h:261)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1467754718
==32753== at 0x8139B4F: demux_mov_fill_buffer (stream.h:261)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2331742939
==32753== at 0x8139D1C: demux_mov_fill_buffer (stream.h:261)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1520231226
==32753== at 0x8139B6B: demux_mov_fill_buffer (stream.h:263)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 614289914
==32753== at 0x8172BEB: stream_seek_long (stream.c:310)
==32753== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Syscall param llseek(offset_high) contains uninitialised byte(s)
==32753== Stack hash: 4162721764
==32753== at 0x4000792: (within /lib/ld-2.3.6.so)
==32753==
==32753== Syscall param llseek(offset_low) contains uninitialised byte(s)
==32753== Stack hash: 4162721764
==32753== at 0x4000792: (within /lib/ld-2.3.6.so)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2768310619
==32753== at 0x8172C48: stream_seek_long (stream.c:357)
==32753== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 4016501845
==32753== at 0x8172C5A: stream_seek_long (stream.c:358)
==32753== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 4155189759
==32753== at 0x8172C5C: stream_seek_long (stream.c:358)
==32753== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 206942248
==32753== at 0x8172C61: stream_seek_long (stream.c:358)
==32753== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2976454323
==32753== at 0x8139E74: demux_mov_fill_buffer (stream.h:212)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2864004663
==32753== at 0x8139E38: demux_mov_fill_buffer (stream.h:216)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1666164803
==32753== at 0x401FA3C: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2290260416
==32753== at 0x401FA45: memcpy (mc_replace_strmem.c:77)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 3746483513
==32753== at 0x401FA5A: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 3958873422
==32753== at 0x401FA9B: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1050785266
==32753== at 0x401FAAF: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Use of uninitialised value of size 4
==32753== Stack hash: 2229632535
==32753== at 0x401FAC0: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Use of uninitialised value of size 4
==32753== Stack hash: 2645696277
==32753== at 0x401FAC6: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 569735605
==32753== at 0x401FAE6: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 847111433
==32753== at 0x401FAEA: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2996774100
==32753== at 0x401FB09: memcpy (mc_replace_strmem.c:402)
==32753== by 0x8139E58: demux_mov_fill_buffer (stream.h:218)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2946467747
==32753== at 0x8139E64: demux_mov_fill_buffer (stream.h:209)
==32753== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1775657551
==32753== at 0x8139B49: demux_mov_fill_buffer (stream.h:261)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1775961469
==32753== at 0x8139B4F: demux_mov_fill_buffer (stream.h:261)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1799312502
==32753== at 0x8139D1C: demux_mov_fill_buffer (stream.h:261)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1777379753
==32753== at 0x8139B6B: demux_mov_fill_buffer (stream.h:263)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 4258091279
==32753== at 0x811CCD0: ds_read_packet (stream.h:212)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 4156886585
==32753== at 0x811CC9A: ds_read_packet (stream.h:216)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2964669208
==32753== at 0x401FA3C: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 3588764821
==32753== at 0x401FA45: memcpy (mc_replace_strmem.c:77)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 750020622
==32753== at 0x401FA5A: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 962410531
==32753== at 0x401FA9B: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2349289671
==32753== at 0x401FAAF: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Use of uninitialised value of size 4
==32753== Stack hash: 3528136940
==32753== at 0x401FAC0: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Use of uninitialised value of size 4
==32753== Stack hash: 3944200682
==32753== at 0x401FAC6: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1868240010
==32753== at 0x401FAE6: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2145615838
==32753== at 0x401FAEA: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 4233727186
==32753== at 0x811CCC3: ds_read_packet (stream.h:209)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 311209
==32753== at 0x401FB09: memcpy (mc_replace_strmem.c:402)
==32753== by 0x811CCBD: ds_read_packet (stream.h:218)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753== Warning: set address range perms: large range 268436377 (undefined)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 137420956
==32753== at 0x811CD2D: ds_read_packet (demuxer.h:255)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 767694224
==32753== at 0x401D931: realloc (vg_replace_malloc.c:429)
==32753== by 0x811CD4C: ds_read_packet (demuxer.h:257)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753== Warning: set address range perms: large range 268052792 (noaccess)
==32753==
==32753== Use of uninitialised value of size 4
==32753== Stack hash: 240499811
==32753== at 0x811CD64: ds_read_packet (demuxer.h:266)
==32753== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 861214556
==32753== at 0x816DA02: video_read_frame (video.c:554)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1516888517
==32753== at 0x811C7A7: ds_get_next_pts (demuxer.c:661)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2565456233
==32753== at 0x8172BEB: stream_seek_long (stream.c:310)
==32753== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==32753== by 0x811C7B4: ds_get_next_pts (demuxer.c:668)
==32753== by 0x816DAD4: video_read_frame (video.c:579)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 134714647
==32753== at 0x8079517: main (mplayer.c:2273)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2193331484
==32753== at 0x8199102: decode (vd_ffmpeg.c:740)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2643798629
==32753== at 0x82ED5A2: avcodec_decode_video (utils.c:896)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 4158669741
==32753== at 0x8411ABF: ff_h263_decode_frame (h263dec.c:343)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 3501448946
==32753== at 0x8412254: ff_h263_decode_frame (bitstream.h:762)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 3516442234
==32753== at 0x841225C: ff_h263_decode_frame (bitstream.h:762)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1821440393
==32753== at 0x841D462: ff_mpeg4_decode_picture_header (h263.c:6014)
==32753== by 0x8411C31: ff_h263_decode_frame (h263dec.c:404)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 447635367
==32753== at 0x841D508: ff_mpeg4_decode_picture_header (h263.c:6014)
==32753== by 0x8411C31: ff_h263_decode_frame (h263dec.c:404)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 97772475
==32753== at 0x841814A: ff_mpeg4_decode_mb (h263.c:3145)
==32753== by 0x84114C7: decode_slice (h263dec.c:209)
==32753== by 0x8412630: ff_h263_decode_frame (h263dec.c:636)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 392008010
==32753== at 0x84198BE: ff_h263_resync (h263.c:3321)
==32753== by 0x84126B6: ff_h263_decode_frame (h263dec.c:642)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1367181446
==32753== at 0x841990A: ff_h263_resync (h263.c:3321)
==32753== by 0x84126B6: ff_h263_decode_frame (h263dec.c:642)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1825666626
==32753== at 0x84193CC: mpeg4_decode_video_packet_header (h263.c:3182)
==32753== by 0x841995A: ff_h263_resync (h263.c:3326)
==32753== by 0x84126B6: ff_h263_decode_frame (h263dec.c:642)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2657794110
==32753== at 0x84193CC: mpeg4_decode_video_packet_header (h263.c:3182)
==32753== by 0x8419966: ff_h263_resync (h263.c:3310)
==32753== by 0x84126B6: ff_h263_decode_frame (h263dec.c:642)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 272069448
==32753== at 0x841814A: ff_mpeg4_decode_mb (h263.c:3145)
==32753== by 0x84114C7: decode_slice (h263dec.c:209)
==32753== by 0x841268D: ff_h263_decode_frame (h263dec.c:649)
==32753== by 0x82ED5EF: avcodec_decode_video (utils.c:897)
==32753== by 0x8199209: decode (vd_ffmpeg.c:781)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 2193707959
==32753== at 0x8199215: decode (vd_ffmpeg.c:785)
==32753== by 0x80DB7AA: decode_video (dec_video.c:369)
==32753== by 0x80795D8: main (mplayer.c:2292)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 1531490530
==32753== at 0x811F157: ds_get_packet (demuxer.c:601)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753== Warning: set address range perms: large range 268435838 (undefined)
==32753== Warning: set address range perms: large range 268435870 (noaccess)
==32753== Warning: set address range perms: large range 268436081 (undefined)
==32753== Warning: set address range perms: large range 268436113 (noaccess)
==32753==
==32753== Conditional jump or move depends on uninitialised value(s)
==32753== Stack hash: 471787474
==32753== at 0x811EA63: ds_fill_buffer (demuxer.c:491)
==32753== by 0x811F178: ds_get_packet (demuxer.c:602)
==32753== by 0x816D9FD: video_read_frame (video.c:553)
==32753== by 0x8079512: main (mplayer.c:2262)
==32753==
==32753== ERROR SUMMARY: 490190 errors from 72 contexts (suppressed: 19 from 1)
==32753== malloc/free: in use at exit: 37,202 bytes in 24 blocks.
==32753== malloc/free: 3,593 allocs, 3,567 frees, 935,173,140 bytes allocated.
==32753== For counts of detected errors, rerun with: -v
==32753== searching for pointers to 24 not-freed blocks.
==32753== checked 2,862,008 bytes.
==32753==
==32753== LEAK SUMMARY:
==32753== definitely lost: 4,276 bytes in 10 blocks.
==32753== possibly lost: 0 bytes in 0 blocks.
==32753== still reachable: 32,926 bytes in 14 blocks.
==32753== suppressed: 0 bytes in 0 blocks.
==32753== Rerun with --leak-check=full to see details of leaked memory.

#The above valgrind output is saved as a log file(log5) and can be found at
URL:

*http://www.eecs.berkeley.edu/~sckhan/log5

#This report is for the error found in the test case 44-nosound_lavf_works.mqv where the error seems to be in decoding video at Stack hash: 1531490530.

#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.

*URL at: metafuzz.com

Change History (2)

comment:1 Changed 9 years ago by compn

  • Owner changed from r_togni@… to reimar

comment:2 Changed 9 years ago by reimar

  • Resolution set to duplicate
  • Status changed from new to closed

Last remaining issue fixed with SVN r32706, however the original report/issue was a duplicate.
Sample is available at http://www.metafuzz.com/testcases/336478-44-3235547050-UninitCondition.tgz

Note: See TracTickets for help on using tickets.