Opened 16 years ago
Last modified 13 years ago
#1184 new defect
Error in Audio Decoding: Mplayer Crashed: Invalid Read
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | ad |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The following report is for the SUPERB-TRUST 2008, the cyber security project.
#Error found at test case .mqv file for mplayer version (dev-SVN-r27270-4.1.2)
valgrind report the Invalid Read.
#The test case is "23-nosound_lavf_works.mqv" can be found at the URL
*http://www.eecs.berkeley.edu/~sckhan/23-nosound_lavf_works.mqv
#Reproducible with the following command
*valgrind mplayer
Can also be run as:
*valgrind --log-file=log18 mplayer 23-nosound_lavf_works.mqv
#OS: Debian Etch Linux
#Valgrind output:
==29906== Memcheck, a memory error detector.
==29906== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==29906== Using LibVEX rev 1854, a library for dynamic binary translation.
==29906== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==29906== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==29906== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==29906== For more details, rerun with: -v
==29906==
==29906== My PID = 29906, parent PID = 1823. Prog and args are:
==29906== mplayer
==29906== 23-nosound_lavf_works.mqv
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 3823288595
==29906== at 0x81AFEEE: ic_prediction (ic_predict.c:104)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 4115657711
==29906== at 0x81AFEEE: ic_prediction (ic_predict.c:104)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 2795472428
==29906== at 0x81AFCDF: ic_prediction (ic_predict.c:135)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1499481721
==29906== at 0x81AFD20: ic_prediction (ic_predict.c:48)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 4246656625
==29906== at 0x81AFEF8: ic_prediction (ic_predict.c:107)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 3049865676
==29906== at 0x81AFEFF: ic_prediction (ic_predict.c:107)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 2926471342
==29906== at 0x81AFCE9: ic_prediction (ic_predict.c:138)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 1729680393
==29906== at 0x81AFCF0: ic_prediction (ic_predict.c:138)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 3954287509
==29906== at 0x81AFEF8: ic_prediction (ic_predict.c:107)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 2757496560
==29906== at 0x81AFEFF: ic_prediction (ic_predict.c:107)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1207112605
==29906== at 0x81AFD20: ic_prediction (ic_predict.c:48)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 2503103312
==29906== at 0x81AFCDF: ic_prediction (ic_predict.c:135)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 2634102226
==29906== at 0x81AFCE9: ic_prediction (ic_predict.c:138)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 1437311277
==29906== at 0x81AFCF0: ic_prediction (ic_predict.c:138)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1930572599
==29906== at 0x81B187B: output_to_PCM (output.c:142)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1767520592
==29906== at 0x81B1824: output_to_PCM (output.c:142)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Syscall param write(buf) points to uninitialised byte(s)
==29906== Stack hash: 2550802113
==29906== at 0x4000792: (within /lib/ld-2.3.6.so)
==29906== Address 0x515ab9c is 4 bytes inside a block of size 36,864 alloc'd
==29906== Stack hash: 2167152355
==29906== at 0x401D898: malloc (vg_replace_malloc.c:207)
==29906== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==29906== by 0x80DAA4E: decode_audio (dec_audio.c:401)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 2339749413
==29906== at 0x81B2249: output_to_PCM (output.c:114)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 2229173914
==29906== at 0x81B220E: output_to_PCM (output.c:114)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 4093964109
==29906== at 0x81B25F1: output_to_PCM (output.c:127)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 3945905390
==29906== at 0x81B25A2: output_to_PCM (output.c:128)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 3953402034
==29906== at 0x81B25A6: output_to_PCM (output.c:128)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 4101460753
==29906== at 0x81B25F5: output_to_PCM (output.c:127)
==29906== by 0x81AB911: aac_frame_decode (decoder.c:1049)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1163598179
==29906== at 0x81B44CC: ps_decode (ps_dec.c:1124)
==29906== by 0x81BA959: sbrDecodeSingleFramePS (sbr_dec.c:584)
==29906== by 0x81C4439: reconstruct_single_channel (specrec.c:985)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1560567320
==29906== at 0x81B4521: ps_decode (ps_dec.c:1138)
==29906== by 0x81BA959: sbrDecodeSingleFramePS (sbr_dec.c:584)
==29906== by 0x81C4439: reconstruct_single_channel (specrec.c:985)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CAC94: raw_data_block (syntax.c:446)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 3085012545
==29906== at 0x81AFEEE: ic_prediction (ic_predict.c:104)
==29906== by 0x81C3CB8: reconstruct_channel_pair (specrec.c:1100)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 3216011459
==29906== at 0x81AFEF8: ic_prediction (ic_predict.c:107)
==29906== by 0x81C3CB8: reconstruct_channel_pair (specrec.c:1100)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 2019220510
==29906== at 0x81AFEFF: ic_prediction (ic_predict.c:107)
==29906== by 0x81C3CB8: reconstruct_channel_pair (specrec.c:1100)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 2466044272
==29906== at 0x81AFEEE: ic_prediction (ic_predict.c:104)
==29906== by 0x81C3CEF: reconstruct_channel_pair (specrec.c:1102)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1764827262
==29906== at 0x81AFCDF: ic_prediction (ic_predict.c:135)
==29906== by 0x81C3CB8: reconstruct_channel_pair (specrec.c:1100)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 468836555
==29906== at 0x81AFD20: ic_prediction (ic_predict.c:48)
==29906== by 0x81C3CB8: reconstruct_channel_pair (specrec.c:1100)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 2597043186
==29906== at 0x81AFEF8: ic_prediction (ic_predict.c:107)
==29906== by 0x81C3CEF: reconstruct_channel_pair (specrec.c:1102)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 1400252237
==29906== at 0x81AFEFF: ic_prediction (ic_predict.c:107)
==29906== by 0x81C3CEF: reconstruct_channel_pair (specrec.c:1102)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 1145858989
==29906== at 0x81AFCDF: ic_prediction (ic_predict.c:135)
==29906== by 0x81C3CEF: reconstruct_channel_pair (specrec.c:1102)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 1276857903
==29906== at 0x81AFCE9: ic_prediction (ic_predict.c:138)
==29906== by 0x81C3CEF: reconstruct_channel_pair (specrec.c:1102)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Use of uninitialised value of size 4
==29906== Stack hash: 80066954
==29906== at 0x81AFCF0: ic_prediction (ic_predict.c:138)
==29906== by 0x81C3CEF: reconstruct_channel_pair (specrec.c:1102)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 4144835578
==29906== at 0x81AFD20: ic_prediction (ic_predict.c:48)
==29906== by 0x81C3CEF: reconstruct_channel_pair (specrec.c:1102)
==29906== by 0x81CA796: decode_cpe (syntax.c:720)
==29906== by 0x81CAC61: raw_data_block (syntax.c:440)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 352867401
==29906== at 0x81BD358: hf_adjustment (sbr_hfadj.c:1293)
==29906== by 0x81BA727: sbr_process_channel (sbr_dec.c:296)
==29906== by 0x81BA8E4: sbrDecodeSingleFramePS (sbr_dec.c:564)
==29906== by 0x81C4439: reconstruct_single_channel (specrec.c:985)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 2965234024
==29906== at 0x81BD7AB: hf_adjustment (sbr_hfadj.c:1317)
==29906== by 0x81BA727: sbr_process_channel (sbr_dec.c:296)
==29906== by 0x81BA8E4: sbrDecodeSingleFramePS (sbr_dec.c:564)
==29906== by 0x81C4439: reconstruct_single_channel (specrec.c:985)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 616579206
==29906== at 0x81BD7B1: hf_adjustment (sbr_hfadj.c:1317)
==29906== by 0x81BA727: sbr_process_channel (sbr_dec.c:296)
==29906== by 0x81BA8E4: sbrDecodeSingleFramePS (sbr_dec.c:564)
==29906== by 0x81C4439: reconstruct_single_channel (specrec.c:985)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 3342460954
==29906== at 0x81BD735: hf_adjustment (sbr_hfadj.c:1324)
==29906== by 0x81BA727: sbr_process_channel (sbr_dec.c:296)
==29906== by 0x81BA8E4: sbrDecodeSingleFramePS (sbr_dec.c:564)
==29906== by 0x81C4439: reconstruct_single_channel (specrec.c:985)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Conditional jump or move depends on uninitialised value(s)
==29906== Stack hash: 3991231780
==29906== at 0x81BD737: hf_adjustment (sbr_hfadj.c:1324)
==29906== by 0x81BA727: sbr_process_channel (sbr_dec.c:296)
==29906== by 0x81BA8E4: sbrDecodeSingleFramePS (sbr_dec.c:564)
==29906== by 0x81C4439: reconstruct_single_channel (specrec.c:985)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906==
==29906== Invalid read of size 2
==29906== Stack hash: 3086894990
==29906== at 0x81AFE95: ic_prediction (ic_predict.c:92)
==29906== by 0x81C44C8: reconstruct_single_channel (specrec.c:879)
==29906== by 0x81CA3C5: decode_sce_lfe (syntax.c:597)
==29906== by 0x81CABF8: raw_data_block (syntax.c:434)
==29906== by 0x81AB659: aac_frame_decode (decoder.c:872)
==29906== by 0x818B332: decode_audio (ad_faad.c:235)
==29906== by 0x80DA964: decode_audio (dec_audio.c:383)
==29906== by 0x80784E9: main (mplayer.c:2044)
==29906== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==29906==
==29906== ERROR SUMMARY: 1433696 errors from 43 contexts (suppressed: 19 from 1)
==29906== malloc/free: in use at exit: 5,235,450 bytes in 3,131 blocks.
==29906== malloc/free: 7,284 allocs, 4,153 frees, 32,225,069 bytes allocated.
==29906== For counts of detected errors, rerun with: -v
==29906== searching for pointers to 3,131 not-freed blocks.
==29906== checked 7,534,604 bytes.
==29906==
==29906== LEAK SUMMARY:
==29906== definitely lost: 0 bytes in 0 blocks.
==29906== possibly lost: 0 bytes in 0 blocks.
==29906== still reachable: 5,235,450 bytes in 3,131 blocks.
==29906== suppressed: 0 bytes in 0 blocks.
==29906== Rerun with --leak-check=full to see details of leaked memory.
*This report to inform the error found in Mplayer where it crashes in running
test case: 23-nosound_lavf_works.mqv with Stack hash: 3991231780 and back-trace at: hf_adjustment (sbr_hfadj.c:1324) as well as confirming the crash with Stack hash: 3086894990 and error back trace at: ic_prediction (ic_predict.c:92) which has already been reported in Report#1134 with test case type .wav, test case name: 8-3.wav.
*Mplayer Crashed Info*
The debugged info of crash can be seen at URL:
<http://www.eecs.berkeley.edu/~sckhan/crash3>
#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.
*URL at: metafuzz.com
