Opened 16 years ago
Last modified 13 years ago
#1185 new defect
Error in Audio Decoding: Mplayer Crashed: Invalid Read
Reported by: | Owned by: | reimar | |
---|---|---|---|
Priority: | normal | Component: | ad |
Version: | HEAD | Severity: | normal |
Keywords: | Cc: | catchconv-bugreports@… | |
Blocked By: | Blocking: | ||
Reproduced by developer: | no | Analyzed by developer: | no |
Description
The following report is for the SUPERB-TRUST 2008, the cyber security project.
#Error found at test case .mp3 file for mplayer version (dev-SVN-r27270-4.1.2)
valgrind report the Invalid Read.
#The test case is "5-memories.mp3" can be found at the URL
*http://www.eecs.berkeley.edu/~sckhan/5-memories.mp3
#Reproducible with the following command
*valgrind mplayer
Can also be run as:
*valgrind --log-file=log18 mplayer 5-memories.mp3
#OS: Debian Etch Linux
#Valgrind output:
==31685== Memcheck, a memory error detector.
==31685== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==31685== Using LibVEX rev 1854, a library for dynamic binary translation.
==31685== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==31685== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==31685== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==31685== For more details, rerun with: -v
==31685==
==31685== My PID = 31685, parent PID = 1823. Prog and args are:
==31685== mplayer
==31685== 5-memories.mp3
==31685==
==31685== Invalid read of size 4
==31685== Stack hash: 4102688190
==31685== at 0x81E30AB: dct36 (dct36.c:169)
==31685== by 0x81E760D: do_layer3 (layer3.c:1212)
==31685== by 0x81E8CF5: MP3_DecodeFrame (sr1.c:539)
==31685== by 0x80DA964: decode_audio (dec_audio.c:383)
==31685== by 0x80784E9: main (mplayer.c:2044)
==31685== Address 0x989337c is not stack'd, malloc'd or (recently) free'd
==31685==
==31685== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==31685== malloc/free: in use at exit: 232,099 bytes in 2,190 blocks.
==31685== malloc/free: 4,945 allocs, 2,755 frees, 2,526,552 bytes allocated.
==31685== For counts of detected errors, rerun with: -v
==31685== searching for pointers to 2,190 not-freed blocks.
==31685== checked 3,104,880 bytes.
==31685==
==31685== LEAK SUMMARY:
==31685== definitely lost: 0 bytes in 0 blocks.
==31685== possibly lost: 0 bytes in 0 blocks.
==31685== still reachable: 232,099 bytes in 2,190 blocks.
==31685== suppressed: 0 bytes in 0 blocks.
==31685== Rerun with --leak-check=full to see details of leaked memory.
*This report to inform the error found in Mplayer where it crashes in running
test case: 5-memories.mp3.
*Mplayer Crashed Info*
The debugged info of crash can be seen at URL:
<http://www.eecs.berkeley.edu/~sckhan/crash4>
#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.
*URL at: metafuzz.com