Opened 11 years ago

Closed 11 years ago

#1179 closed defect (duplicate)

Mplayer Crashed: Invalid Read

Reported by: sckhan@… Owned by: r_togni@…
Priority: normal Component: demuxer
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:


The following report is for the SUPERB-TRUST 2008, the cyber security project.

#Error found at test case .mp4 file for mplayer version (dev-SVN-r27249-4.1.2)
valgrind report the Invalid Read.

#The test case is "70-salma.mp4" can be found at the URL


#Reproducible with the following command

*valgrind mplayer 70-salma.mp4

Can also be run as:

*valgrind --log-file=log12 mplayer 70-salma.mp4

#OS: Debian Etch Linux

#Valgrind output:

==11929== Memcheck, a memory error detector.
==11929== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==11929== Using LibVEX rev 1854, a library for dynamic binary translation.
==11929== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks? LLP.
==11929== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==11929== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==11929== For more details, rerun with: -v
==11929== My PID = 11929, parent PID = 1823. Prog and args are:
==11929== mplayer
==11929== 70-salma.mp4
==11929== Invalid read of size 1
==11929== Stack hash: 2372702564
==11929== at 0x81379A6: gen_sh_video (demux_mov.c:1120)
==11929== by 0x813B934: lschunks (demux_mov.c:1323)
==11929== by 0x813C345: mov_read_header (demux_mov.c:1931)
==11929== by 0x811E32E: demux_open_stream (demuxer.c:864)
==11929== by 0x811E601: demux_open (demuxer.c:991)
==11929== by 0x807799E: main (mplayer.c:3238)
==11929== Address 0x4c is not stack'd, malloc'd or (recently) free'd
==11929== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==11929== malloc/free: in use at exit: 16,876,514 bytes in 2,186 blocks.
==11929== malloc/free: 2,330 allocs, 144 frees, 18,160,375 bytes allocated.
==11929== For counts of detected errors, rerun with: -v
==11929== searching for pointers to 2,186 not-freed blocks.
==11929== checked 3,033,056 bytes.
==11929== LEAK SUMMARY:
==11929== definitely lost: 968 bytes in 3 blocks.
==11929== possibly lost: 0 bytes in 0 blocks.
==11929== still reachable: 16,875,546 bytes in 2,183 blocks.
==11929== suppressed: 0 bytes in 0 blocks.
==11929== Rerun with --leak-check=full to see details of leaked memory.

*Mplayer Crashed Info*

MPlayer interrupted by signal 11 in module: demux_open

  • MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
  • MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.

*This report to inform the error found in Mplayer where it crashes in running
test case: 70-salma.mp4. Stack hash: 2372702564 and error back trace at: gen_sh_video (demux_mov.c:1120).

#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.

*URL at:

Change History (1)

comment:1 Changed 11 years ago by reimar

  • Resolution set to duplicate
  • Status changed from new to closed

* This bug has been marked as a duplicate of bug 1170 *

Note: See TracTickets for help on using tickets.