Opened 16 years ago
Last modified 13 years ago
#1165 new defect
Error in Audio Decoding: Mplayer Crashed: Invalid Read
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | if idle | Component: | ad |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The following report is for the SUPERB-TRUST 2008, the cyber security project.
#Error found at test case .wav file for mplayer version (dev-SVN-r27249-4.1.2)
valgrind report the Invalid Read.
#The test case is "175-dramatic.wav" can be found at the URL
*http://www.eecs.berkeley.edu/~sckhan/175-dramatic.wav
#Reproducible with the following command
*valgrind mplayer 175-dramatic.wav
Can also be run as:
*valgrind --log-file=log9 mplayer 175-dramatic.wav
#OS: Debian Etch Linux
#Valgrind output:
==6643== Memcheck, a memory error detector.
==6643== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==6643== Using LibVEX rev 1854, a library for dynamic binary translation.
==6643== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==6643== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==6643== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==6643== For more details, rerun with: -v
==6643==
==6643== My PID = 6643, parent PID = 26719. Prog and args are:
==6643== mplayer
==6643== 175-dramatic.wav
==6643==
==6643== Invalid read of size 4
==6643== Stack hash: 2606592226
==6643== at 0x81A820B: faad_rewindbits (bits.c:129)
==6643== by 0x81AB22D: NeAACDecInit (decoder.c:250)
==6643== by 0x818B933: init (ad_faad.c:126)
==6643== by 0x80DB112: init_audio (dec_audio.c:95)
==6643== by 0x80DB508: init_best_audio_codec (dec_audio.c:270)
==6643== by 0x8076778: reinit_audio_chain (mplayer.c:1585)
==6643== by 0x8078121: main (mplayer.c:3583)
==6643== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==6643==
==6643== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==6643== malloc/free: in use at exit: 217,657 bytes in 2,187 blocks.
==6643== malloc/free: 2,314 allocs, 127 frees, 1,367,643 bytes allocated.
==6643== For counts of detected errors, rerun with: -v
==6643== searching for pointers to 2,187 not-freed blocks.
==6643== checked 3,048,232 bytes.
==6643==
==6643== LEAK SUMMARY:
==6643== definitely lost: 0 bytes in 0 blocks.
==6643== possibly lost: 0 bytes in 0 blocks.
==6643== still reachable: 217,657 bytes in 2,187 blocks.
==6643== suppressed: 0 bytes in 0 blocks.
==6643== Rerun with --leak-check=full to see details of leaked memory.
#The above valgrind output is saved as a log file(log9) and can be found at
URL:
*http://www.eecs.berkeley.edu/~sckhan/log9
#This report is for the error found in the test case 175-dramatic.wav
where the error seems to be in decoding audio at Stack hash: 2606592226 where the error is: faad_rewindbits (bits.c:129).
#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.
*URL at: metafuzz.com
Change History (6)
comment:1 by , 16 years ago
| Priority: | normal → if idle |
|---|
comment:2 by , 16 years ago
| Summary: | Error in Audio Decoding: Invalid Read → Error in Audio Decoding: Mplayer Crashed: Invalid Read |
|---|
Summary has been edited...*Mplayer Crashed*
comment:3 by , 16 years ago
*Back-trace log file (crash1) has been added for the report*
File, crash1 can be found at URL:
<http://www.eecs.berkeley.edu/~sckhan/crash1>
comment:4 by , 16 years ago
-----------------------------------------------------------------
|This report has been submitted to Upstream (URL: Sourceforge.com)|
-----------------------------------------------------------------
comment:5 by , 16 years ago
|This report has been submitted to Upstream (Sourceforge.net)|
------------------------------------------------------------
URL:
<https://sourceforge.net/tracker/?func=detail&atid=100704&aid=2019777&group_id=704>
comment:6 by , 13 years ago
| Owner: | changed from to |
|---|
Problem is in libfaad2