Opened 16 years ago
Last modified 13 years ago
#1181 new defect
Demuxer: Conditional jump or move depends on uninitialised value(s)
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | demuxer |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The following report is for the SUPERB-TRUST 2008, the cyber security project.
#Error found at test case .mp4 file for mplayer version (dev-SVN-r27249-4.1.2)
valgrind report the Invalid Read.
#The test case is "1-guy-plays-soccer-pole.mp4" can be found at the URL
*http://www.eecs.berkeley.edu/~sckhan/1-guy-plays-soccer-pole.mp4
#Reproducible with the following command
*valgrind mplayer 1-guy-plays-soccer-pole.mp4
Can also be run as:
*valgrind --log-file=log13 mplayer 1-guy-plays-soccer-pole.mp4
#OS: Debian Etch Linux
#Valgrind output:
==13522== Memcheck, a memory error detector.
==13522== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==13522== Using LibVEX rev 1854, a library for dynamic binary translation.
==13522== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==13522== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==13522== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==13522== For more details, rerun with: -v
==13522==
==13522== My PID = 13522, parent PID = 26719. Prog and args are:
==13522== mplayer
==13522== 1-guy-plays-soccer-pole.mp4
==13522==
==13522== Conditional jump or move depends on uninitialised value(s)
==13522== Stack hash: 1456509752
==13522== at 0x8139B49: demux_mov_fill_buffer (stream.h:261)
==13522== by 0x811EA74: ds_fill_buffer (demuxer.c:498)
==13522== by 0x811F178: ds_get_packet (demuxer.c:602)
==13522== by 0x816D9FD: video_read_frame (video.c:553)
==13522== by 0x8079512: main (mplayer.c:2262)
.....
==13522== Conditional jump or move depends on uninitialised value(s)
==13522== Stack hash: 536874515
==13522== at 0x8074704: saddf (mplayer.c:1163)
==13522== by 0x8074A1A: print_status (mplayer.c:1263)
==13522== by 0x80793ED: main (mplayer.c:2004)
==13522==
==13522== Conditional jump or move depends on uninitialised value(s)
==13522== Stack hash: 2673275241
==13522== at 0x401EAF6: memset (mc_replace_strmem.c:493)
==13522== by 0x8074B3E: print_status (mplayer.c:1280)
==13522== by 0x80793ED: main (mplayer.c:2004)
==13522==
==13522== Use of uninitialised value of size 4
==13522== Stack hash: 2673293038
==13522== at 0x401EB03: memset (mc_replace_strmem.c:493)
==13522== by 0x8074B3E: print_status (mplayer.c:1280)
==13522== by 0x80793ED: main (mplayer.c:2004)
==13522==
==13522== Conditional jump or move depends on uninitialised value(s)
==13522== Stack hash: 2673316311
==13522== at 0x401EB14: memset (mc_replace_strmem.c:493)
==13522== by 0x8074B3E: print_status (mplayer.c:1280)
==13522== by 0x80793ED: main (mplayer.c:2004)
==13522==
==13522== Conditional jump or move depends on uninitialised value(s)
==13522== Stack hash: 2673321787
==13522== at 0x401EB18: memset (mc_replace_strmem.c:493)
==13522== by 0x8074B3E: print_status (mplayer.c:1280)
==13522== by 0x80793ED: main (mplayer.c:2004)
==13522==
==13522== Conditional jump or move depends on uninitialised value(s)
==13522== Stack hash: 2673366964
==13522== at 0x401EB39: memset (mc_replace_strmem.c:493)
==13522== by 0x8074B3E: print_status (mplayer.c:1280)
==13522== by 0x80793ED: main (mplayer.c:2004)
==13522== Warning: set address range perms: large range 268437693 (undefined)
==13522== Warning: set address range perms: large range 268437725 (noaccess)
==13522==
==13522== Conditional jump or move depends on uninitialised value(s)
==13522== Stack hash: 471787474
==13522== at 0x811EA63: ds_fill_buffer (demuxer.c:491)
==13522== by 0x811F178: ds_get_packet (demuxer.c:602)
==13522== by 0x816D9FD: video_read_frame (video.c:553)
==13522== by 0x8079512: main (mplayer.c:2262)
==13522==
==13522== ERROR SUMMARY: 4983945 errors from 206 contexts (suppressed: 19 from 1)
==13522== malloc/free: in use at exit: 32,926 bytes in 14 blocks.
==13522== malloc/free: 6,632 allocs, 6,611 frees, 7,039,884,877 bytes allocated.
==13522== For counts of detected errors, rerun with: -v
==13522== searching for pointers to 14 not-freed blocks.
==13522== checked 2,861,880 bytes.
==13522==
==13522== LEAK SUMMARY:
==13522== definitely lost: 0 bytes in 0 blocks.
==13522== possibly lost: 0 bytes in 0 blocks.
==13522== still reachable: 32,926 bytes in 14 blocks.
==13522== suppressed: 0 bytes in 0 blocks.
==13522== Rerun with --leak-check=full to see details of leaked memory.
###The rest of the output can be seen in a log file.
#The above valgrind output is saved as a log file(log13) and can be found at
URL:
*http://www.eecs.berkeley.edu/~sckhan/log13
*This report to inform the error found in Mplayer where errors are mainly for uninitialised values from running a test case: 1-guy-plays-soccer-pole.mp4. Stack hash: 471787474 and error back trace at: ds_fill_buffer (demuxer.c:491).
#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.
*URL at: metafuzz.com
