Opened 16 years ago
Closed 16 years ago
#1177 closed defect (duplicate)
Mplayer Crashed: Error in Audio Decoding: Invalid Wirte, Invalid Read, Uninitialised Values and SyscallParam
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Component: | ad |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The following report is for the SUPERB-TRUST 2008, the cyber security project.
#Error found at test case .mp4 file for mplayer version (dev-SVN-r27249-4.1.2)
valgrind report the Invalid Read.
#The test case is "60-mummy.mp4" can be found at the URL
*http://www.eecs.berkeley.edu/~sckhan/60-mummy.mp4
#Reproducible with the following command
*valgrind mplayer 60-mummy.mp4
Can also be run as:
*valgrind --log-file=log11 mplayer 60-mummy.mp4
#OS: Debian Etch Linux
#Valgrind output:
==11239== Memcheck, a memory error detector.
==11239== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==11239== Using LibVEX rev 1854, a library for dynamic binary translation.
==11239== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==11239== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==11239== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==11239== For more details, rerun with: -v
==11239==
==11239== My PID = 11239, parent PID = 1823. Prog and args are:
==11239== mplayer
==11239== 60-mummy.mp4
==11239==
==11239== Invalid read of size 1
==11239== Stack hash: 2261008032
==11239== at 0x401FAD6: memcpy (mc_replace_strmem.c:402)
==11239== by 0x81729E2: new_memory_stream (stream.c:404)
==11239== by 0x816C7CA: mp4_parse_esds (parse_mp4.c:41)
==11239== by 0x8138AC6: gen_sh_audio (demux_mov.c:780)
==11239== by 0x813B3C6: lschunks (demux_mov.c:1317)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239== by 0x811E32E: demux_open_stream (demuxer.c:864)
==11239== by 0x811E601: demux_open (demuxer.c:991)
==11239== by 0x807799E: main (mplayer.c:3238)
==11239== Address 0x431ef6f is 1 bytes before a block of size 69,376 alloc'd
==11239== Stack hash: 3240869057
==11239== at 0x401D898: malloc (vg_replace_malloc.c:207)
==11239== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==11239== by 0x813E264: lschunks_intrak (demuxer.h:305)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813AA6E: lschunks (demux_mov.c:1311)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239==
==11239== Invalid read of size 1
==11239== Stack hash: 2764611402
==11239== at 0x401FAC0: memcpy (mc_replace_strmem.c:402)
==11239== by 0x81729E2: new_memory_stream (stream.c:404)
==11239== by 0x816C7CA: mp4_parse_esds (parse_mp4.c:41)
==11239== by 0x8138AC6: gen_sh_audio (demux_mov.c:780)
==11239== by 0x813B3C6: lschunks (demux_mov.c:1317)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239== by 0x811E32E: demux_open_stream (demuxer.c:864)
==11239== by 0x811E601: demux_open (demuxer.c:991)
==11239== by 0x807799E: main (mplayer.c:3238)
==11239== Address 0x431ef6e is 2 bytes before a block of size 69,376 alloc'd
==11239== Stack hash: 3240869057
==11239== at 0x401D898: malloc (vg_replace_malloc.c:207)
==11239== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==11239== by 0x813E264: lschunks_intrak (demuxer.h:305)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813AA6E: lschunks (demux_mov.c:1311)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239==
==11239== Invalid read of size 1
==11239== Stack hash: 629225042
==11239== at 0x401FAC8: memcpy (mc_replace_strmem.c:402)
==11239== by 0x81729E2: new_memory_stream (stream.c:404)
==11239== by 0x816C7CA: mp4_parse_esds (parse_mp4.c:41)
==11239== by 0x8138AC6: gen_sh_audio (demux_mov.c:780)
==11239== by 0x813B3C6: lschunks (demux_mov.c:1317)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239== by 0x811E32E: demux_open_stream (demuxer.c:864)
==11239== by 0x811E601: demux_open (demuxer.c:991)
==11239== by 0x807799E: main (mplayer.c:3238)
==11239== Address 0x431ef6d is 3 bytes before a block of size 69,376 alloc'd
==11239== Stack hash: 3240869057
==11239== at 0x401D898: malloc (vg_replace_malloc.c:207)
==11239== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==11239== by 0x813E264: lschunks_intrak (demuxer.h:305)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813AA6E: lschunks (demux_mov.c:1311)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239==
==11239== Invalid read of size 1
==11239== Stack hash: 3592600185
==11239== at 0x401FACF: memcpy (mc_replace_strmem.c:402)
==11239== by 0x81729E2: new_memory_stream (stream.c:404)
==11239== by 0x816C7CA: mp4_parse_esds (parse_mp4.c:41)
==11239== by 0x8138AC6: gen_sh_audio (demux_mov.c:780)
==11239== by 0x813B3C6: lschunks (demux_mov.c:1317)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239== by 0x811E32E: demux_open_stream (demuxer.c:864)
==11239== by 0x811E601: demux_open (demuxer.c:991)
==11239== by 0x807799E: main (mplayer.c:3238)
==11239== Address 0x431ef6c is 4 bytes before a block of size 69,376 alloc'd
==11239== Stack hash: 3240869057
==11239== at 0x401D898: malloc (vg_replace_malloc.c:207)
==11239== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==11239== by 0x813E264: lschunks_intrak (demuxer.h:305)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813C8D2: lschunks_intrak (demux_mov.c:1874)
==11239== by 0x813A3F0: lschunks (demux_mov.c:1283)
==11239== by 0x813AA6E: lschunks (demux_mov.c:1311)
==11239== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2662187488
==11239== at 0x8139B49: demux_mov_fill_buffer (stream.h:261)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3078251230
==11239== at 0x8139B4F: demux_mov_fill_buffer (stream.h:261)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 686077039
==11239== at 0x8139D1C: demux_mov_fill_buffer (stream.h:261)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 724914730
==11239== at 0x8139B6B: demux_mov_fill_buffer (stream.h:263)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 1564824554
==11239== at 0x8172BEB: stream_seek_long (stream.c:310)
==11239== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Syscall param llseek(offset_high) contains uninitialised byte(s)
==11239== Stack hash: 4007784124
==11239== at 0x4000792: (within /lib/ld-2.3.6.so)
==11239==
==11239== Syscall param llseek(offset_low) contains uninitialised byte(s)
==11239== Stack hash: 4007784124
==11239== at 0x4000792: (within /lib/ld-2.3.6.so)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3954179311
==11239== at 0x8172C48: stream_seek_long (stream.c:357)
==11239== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2892614417
==11239== at 0x8172C5A: stream_seek_long (stream.c:358)
==11239== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3729099939
==11239== at 0x8172C5C: stream_seek_long (stream.c:358)
==11239== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3672830096
==11239== at 0x8172C61: stream_seek_long (stream.c:358)
==11239== by 0x8139D34: demux_mov_fill_buffer (stream.h:270)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3794829984
==11239== at 0x811CCD0: ds_read_packet (stream.h:212)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2684557370
==11239== at 0x811CC9A: ds_read_packet (stream.h:216)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2626540737
==11239== at 0x401FA3C: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2314943030
==11239== at 0x401FA45: memcpy (mc_replace_strmem.c:77)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3019537479
==11239== at 0x401FA5A: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 1723546772
==11239== at 0x401FA9B: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 1985544600
==11239== at 0x401FAAF: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Use of uninitialised value of size 4
==11239== Stack hash: 919752565
==11239== at 0x401FAC0: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Use of uninitialised value of size 4
==11239== Stack hash: 3575332291
==11239== at 0x401FAC6: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 558554979
==11239== at 0x401FAE6: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2328941463
==11239== at 0x401FAEA: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3164534826
==11239== at 0x401FB09: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 505157739
==11239== at 0x811CCC3: ds_read_packet (stream.h:209)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 1276892818
==11239== at 0x811EBD3: ds_fill_buffer (demuxer.c:467)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 1280641140
==11239== at 0x811EBD5: ds_fill_buffer (demuxer.c:467)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2116035592
==11239== at 0x818B4D3: decode_audio (ad_faad.c:265)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 2116043806
==11239== at 0x818B4D9: decode_audio (ad_faad.c:265)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 328356307
==11239== at 0x401FB16: memcpy (mc_replace_strmem.c:80)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3245933861
==11239== at 0x401FB30: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Conditional jump or move depends on uninitialised value(s)
==11239== Stack hash: 3376932775
==11239== at 0x401FB3A: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Use of uninitialised value of size 4
==11239== Stack hash: 1737545205
==11239== at 0x401FB40: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239==
==11239== Invalid write of size 1
==11239== Stack hash: 1868544119
==11239== at 0x401FB4A: memcpy (mc_replace_strmem.c:402)
==11239== by 0x811CCBD: ds_read_packet (stream.h:218)
==11239== by 0x8139EF9: demux_mov_fill_buffer (demux_mov.c:2173)
==11239== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==11239== by 0x811F117: ds_get_packet_pts (demuxer.c:619)
==11239== by 0x818B4BF: decode_audio (ad_faad.c:263)
==11239== by 0x80DAA74: decode_audio (dec_audio.c:383)
==11239== by 0x80784E9: main (mplayer.c:2044)
==11239== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==11239==
==11239== ERROR SUMMARY: 1017 errors from 37 contexts (suppressed: 19 from 1)
==11239== malloc/free: in use at exit: 311,617 bytes in 2,214 blocks.
==11239== malloc/free: 2,399 allocs, 184 frees, 1,650,909 bytes allocated.
==11239== For counts of detected errors, rerun with: -v
==11239== searching for pointers to 2,214 not-freed blocks.
==11239== checked 3,087,596 bytes.
==11239==
==11239== LEAK SUMMARY:
==11239== definitely lost: 0 bytes in 0 blocks.
==11239== possibly lost: 0 bytes in 0 blocks.
==11239== still reachable: 311,617 bytes in 2,214 blocks.
==11239== suppressed: 0 bytes in 0 blocks.
==11239== Rerun with --leak-check=full to see details of leaked memory.
*Mplayer crashed Info*
MPlayer interrupted by signal 11 in module: decode_audio
- MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.
*This report to inform the error found in Mplayer where it crashes in running test case: 60-mummy.mp4. Stack hash: 1868544119 and error back trace at: memcpy (mc_replace_strmem.c:402).
#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.
*URL at: metafuzz.com
Change History (2)
comment:1 by , 16 years ago
| Summary: | Error in Audio Decoding: Invalid Wirte, Invalid Read, Uninitialised Values and SyscallParam → Mplayer Crashed: Error in Audio Decoding: Invalid Wirte, Invalid Read, Uninitialised Values and SyscallParam |
|---|
comment:2 by , 16 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Bug #1168 is fixed, but this sample still crashes with SVN, but there is already a for that problem, too, so do _not_ report that one again.
* This bug has been marked as a duplicate of bug 1168 *