Opened 16 years ago
Closed 13 years ago
#1189 closed defect (invalid)
[Crash] for .ogg file,valgrind reports InvalidRead size4- vorbis_decode_init (bitstream.h:652)
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | demuxer |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
For this .ogg file, Valgrind 3.3.1 reports InvalidRead size 4 in the latest subversion of Mplayer,SVN-r27288-4.1.2. and the mplayer crashed.
System Info:
OS: Debian Etch Linux, Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
uname -a: Linux debian 2.6.18-4-486 #1 Mon Mar 26 16:39:10 UTC 2007 i686 GNU/Linux
###########################################################
to reproduce ::
wget http://www.metafuzz.com/testcases/15718-21-515047680-result256.tgz
tar xzf 15718-21-515047680-result256.tgz
valgrind mplayer 21-Gol.ogg
Valgrind Result :::::::
libavformat file format detected.
==11659== Invalid read of size 4 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
==11659== Stack hash: 3392410986
==11659== at 0x84FFBCB: vorbis_decode_init (bitstream.h:652)
==11659== by 0x82ED79D: avcodec_open (utils.c:831)
==11659== by 0x82640E8: av_find_stream_info (utils.c:1812)
==11659== by 0x81A30E5: demux_open_lavf (demux_lavf.c:466)
==11659== by 0x811E2EA: demux_open_stream (demuxer.c:864)
==11659== by 0x811E5B1: demux_open (demuxer.c:991)
==11659== by 0x8077A5E: main (mplayer.c:3238)
==11659== Address 0x4329199 is 3,993 bytes inside a block of size 3,995 alloc'd==11659== Stack hash: 383469900
==11659== at 0x401D96E: realloc (vg_replace_malloc.c:429)
==11659== by 0x82A69AF: vorbis_header (oggparsevorbis.c:149)
==11659== by 0x82A548F: ogg_packet (oggdec.c:369)
==11659== by 0x82A55F1: ogg_read_header (oggdec.c:408)
==11659== by 0x8261A4E: av_open_input_stream (utils.c:416)
==11659== by 0x81A30C4: demux_open_lavf (demux_lavf.c:459)
==11659== by 0x811E2EA: demux_open_stream (demuxer.c:864)
==11659== by 0x811E5B1: demux_open (demuxer.c:991)
==11659== by 0x8077A5E: main (mplayer.c:3238)
[ogg @ 0x43158e0]Could not find codec parameters (Audio: vorbis, 112 kb/s)
MPlayer interrupted by signal 8 in module: demux_open
- MPlayer crashed by bad usage of CPU/FPU/RAM.<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.
==11659==
==11659== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==11659== malloc/free: in use at exit: 440,585 bytes in 3,256 blocks.
==11659== malloc/free: 4,156 allocs, 900 frees, 105,293,574 bytes allocated.
==11659== For counts of detected errors, rerun with: -v
==11659== searching for pointers to 3,256 not-freed blocks.
==11659== checked 3,249,204 bytes.
==11659==
==11659== LEAK SUMMARY:
==11659== definitely lost: 0 bytes in 0 blocks.
==11659== possibly lost: 0 bytes in 0 blocks.
==11659== still reachable: 440,585 bytes in 3,256 blocks.
==11659== suppressed: 0 bytes in 0 blocks.
_
_
gdb Backtrace
(gdb) run -v 21-Gol.ogg
Starting program: /usr/local/bin/mplayer -v 21-Gol.ogg
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1210341152 (LWP 12526)]
MPlayer dev-SVN-r27288-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '21-Gol.ogg'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('21-Gol.ogg.conf') -> '/home/user/.mplayer/21-Gol.ogg.conf'
Playing 21-Gol.ogg.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 86619 bytes
STREAM: [file] 21-Gol.ogg
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: Ogg
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename 21-Gol.ogg ext: .ogg
Trying demuxer 18 based on filename extension
demuxer: continue fuzzy content-based format guessing...
Checking for Nullsoft Streaming Video
Checking for MOV
Checking for VIVO
header block 1 size: 103
AVS: avs_check_file - attempting to open file 21-Gol.ogg
AVS: File is too big, aborting...
Checking for PVA
Checking for MPEG-TS...
TRIED UP TO POSITION 68657, FOUND 47, packet_size= 0, SEEMS A TS? 0
Checking for LMLM4 Stream Format
Invalid packet in LMLM4 stream: ch=20327 size=131064
LMLM4 Stream Format not found
MPEG Stream reached EOF
ds_fill_buffer: EOF reached (stream: video)
MPEG packet stats: p100: 2 p101: 0 p1B6: 0 p12x: 0 sli: 0 a: 0 b: 0 c: 0 idr: 0 sps: 0 pps: 0 PES: 0 MP3: 15, synced: 0
Not MPEG System Stream format... (maybe Transport Stream?)
stream_seek: WARNING! Can't seek to 0x0 !
MPEG Stream reached EOF
ds_fill_buffer: EOF reached (stream: video)
MPEG packet stats: p100: 1 p101: 0 p1B6: 0 p12x: 0 sli: 0 a: 0 b: 0 c: 0 idr: 0 sps: 0 pps: 0 PES: 0 MP3: 15, synced: 0
Not MPEG System Stream format... (maybe Transport Stream?)
stream_seek: WARNING! Can't seek to 0x0 !
stream_seek: WARNING! Can't seek to 0x0 !
ds_fill_buffer: EOF reached (stream: video)
LAVF_check: Ogg
libavformat file format detected.
[ogg @ 0x89ba420]Could not find codec parameters (Audio: vorbis, 112 kb/s)
Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1210341152 (LWP 12526)]
0x08550307 in divdi3 ()
(gdb) bt
#0 0x08550307 in divdi3 ()
#1 0x085484c9 in av_rescale_rnd
This bug was found using the zzuf fuzzer, as part of the SUPERB-TRUST 2008 / metafuzz project;
See : http://metafuzz.com/ http://www.truststc.org/superb/
Change History (2)
comment:1 by , 13 years ago
| Owner: | changed from to |
|---|
comment:2 by , 13 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
FFmpeg bug, one possible fix sent to ffmpeg-devel.