Opened 16 years ago
Last modified 13 years ago
#1174 new defect
Error in Audio Decoding: Invalid Read and Conditional jump or move depends on uninitialised value(s)
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | ad |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The following report is for the SUPERB-TRUST 2008, the cyber security project.
#Error found at test case .mp3 file for mplayer version (dev-SVN-r27249-4.1.2)
valgrind report the Invalid Read.
#The test case is "48-memories.mp3" can be found at the URL
*http://www.eecs.berkeley.edu/~sckhan/48-memories.mp3
#Reproducible with the following command
*valgrind mplayer 48-memories.mp3
Can also be run as:
*valgrind --log-file=log10 mplayer 48-memories.mp3
#OS: Debian Etch Linux
#Valgrind output:
==9826== Memcheck, a memory error detector.
==9826== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9826== Using LibVEX rev 1854, a library for dynamic binary translation.
==9826== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9826== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==9826== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9826== For more details, rerun with: -v
==9826==
==9826== My PID = 9826, parent PID = 26719. Prog and args are:
==9826== mplayer
==9826== 48-memories.mp3
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 284591249
==9826== at 0x8476DEB: huffman_decode (mpegaudiodec.c:219)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 2555289140
==9826== at 0x8476DF2: huffman_decode (mpegaudiodec.c:220)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Conditional jump or move depends on uninitialised value(s)
==9826== Stack hash: 3126103039
==9826== at 0x8476E01: huffman_decode (mpegaudiodec.c:223)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 1154675151
==9826== at 0x8476D91: huffman_decode (mpegaudiodec.c:219)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 3425373042
==9826== at 0x8476D98: huffman_decode (mpegaudiodec.c:220)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Conditional jump or move depends on uninitialised value(s)
==9826== Stack hash: 674375884
==9826== at 0x8476DAA: huffman_decode (mpegaudiodec.c:223)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 3322300705
==9826== at 0x8476D3B: huffman_decode (mpegaudiodec.c:219)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 1298031300
==9826== at 0x8476D42: huffman_decode (mpegaudiodec.c:220)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Conditional jump or move depends on uninitialised value(s)
==9826== Stack hash: 1544459786
==9826== at 0x8476D50: huffman_decode (mpegaudiodec.c:223)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 563967236
==9826== at 0x8476A82: huffman_decode (mpegaudiodec.c:1537)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 2082821964
==9826== at 0x8476A2A: huffman_decode (mpegaudiodec.c:1527)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 131288092
==9826== at 0x8476CBA: huffman_decode (mpegaudiodec.c:1550)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Use of uninitialised value of size 4
==9826== Stack hash: 1878792207
==9826== at 0x8476ED1: huffman_decode (mpegaudiodec.c:1600)
==9826== by 0x847774E: mp_decode_layer3 (mpegaudiodec.c:2249)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== Conditional jump or move depends on uninitialised value(s)
==9826== Stack hash: 2089069421
==9826== at 0x84778A1: mp_decode_layer3 (mpegaudiodec.c:1887)
==9826== by 0x8479169: mp_decode_frame (mpegaudiodec.c:2305)
==9826== by 0x847B00D: decode_frame (mpegaudiodec.c:2401)
==9826== by 0x82ED47A: avcodec_decode_audio2 (utils.c:928)
==9826== by 0x8263F19: av_find_stream_info (utils.c:1776)
==9826== by 0x81A318E: demux_open_lavf (demux_lavf.c:466)
==9826== by 0x811E32E: demux_open_stream (demuxer.c:864)
==9826== by 0x811E601: demux_open (demuxer.c:991)
==9826== by 0x807799E: main (mplayer.c:3238)
==9826==
==9826== ERROR SUMMARY: 480 errors from 14 contexts (suppressed: 19 from 1)
==9826== malloc/free: in use at exit: 52,428 bytes in 29 blocks.
==9826== malloc/free: 39,603 allocs, 39,574 frees, 21,597,314 bytes allocated.
==9826== For counts of detected errors, rerun with: -v
==9826== searching for pointers to 29 not-freed blocks.
==9826== checked 2,877,428 bytes.
==9826==
==9826== LEAK SUMMARY:
==9826== definitely lost: 0 bytes in 0 blocks.
==9826== possibly lost: 0 bytes in 0 blocks.
==9826== still reachable: 52,428 bytes in 29 blocks.
==9826== suppressed: 0 bytes in 0 blocks.
==9826== Rerun with --leak-check=full to see details of leaked memory.
#The above valgrind output is saved as a log file(log10) and can be found at
URL:
*http://www.eecs.berkeley.edu/~sckhan/log10
#This report is for the bug found in test case 48-memories.mp3 where Stack hash: 284591249 and error at: huffman_decode (mpegaudiodec.c:219).
#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.
*URL at: metafuzz.com
