Opened 16 years ago
Last modified 13 years ago
#1210 new defect
Demuxer: Conditional jump or move depends on uninitialised value(s)
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | demuxer |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
The following report is for the SUPERB-TRUST 2008, the cyber security project.
#Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2)
valgrind report the Invalid Read.
#The test case is "36-p6.mp4" can be found at the URL
*http://www.eecs.berkeley.edu/~sckhan/36-p6.mp4
#Reproducible with the following command
*valgrind mplayer
Can also be run as:
*valgrind --log-file=log33 mplayer 36-p6.mp4
#OS: Debian Etch Linux
#Valgrind output:
==25952== Memcheck, a memory error detector.
==25952== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==25952== Using LibVEX rev 1854, a library for dynamic binary translation.
==25952== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==25952== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==25952== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==25952== For more details, rerun with: -v
==25952==
==25952== My PID = 25952, parent PID = 3261. Prog and args are:
==25952== mplayer
==25952== 36-p6.mp4
==25952==
==25952== Warning: set address range perms: large range 268436356 (undefined)
==25952== Warning: set address range perms: large range 268436364 (undefined)
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 4138916608
==25952== at 0x81376E2: gen_sh_video (demux_mov.c:1011)
==25952== by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952== by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952== by 0x811E511: demux_open (demuxer.c:991)
==25952== by 0x80779AE: main (mplayer.c:3238)
==25952==
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 1577548237
==25952== at 0x81376FB: gen_sh_video (demux_mov.c:1013)
==25952== by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952== by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952== by 0x811E511: demux_open (demuxer.c:991)
==25952== by 0x80779AE: main (mplayer.c:3238)
==25952==
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 1993611979
==25952== at 0x8137701: gen_sh_video (demux_mov.c:1013)
==25952== by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952== by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952== by 0x811E511: demux_open (demuxer.c:991)
==25952== by 0x80779AE: main (mplayer.c:3238)
==25952==
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 1841849951
==25952== at 0x8137645: gen_sh_video (demux_mov.c:1013)
==25952== by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952== by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952== by 0x811E511: demux_open (demuxer.c:991)
==25952== by 0x80779AE: main (mplayer.c:3238)
==25952==
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 2604633478
==25952== at 0x8137650: gen_sh_video (demux_mov.c:1013)
==25952== by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952== by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952== by 0x811E511: demux_open (demuxer.c:991)
==25952== by 0x80779AE: main (mplayer.c:3238)
==25952==
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 3159385134
==25952== at 0x8137658: gen_sh_video (demux_mov.c:1013)
==25952== by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952== by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952== by 0x811E511: demux_open (demuxer.c:991)
==25952== by 0x80779AE: main (mplayer.c:3238)
==25952==
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 879750629
==25952== at 0x81376B3: gen_sh_video (demux_mov.c:1106)
==25952== by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952== by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952== by 0x811E511: demux_open (demuxer.c:991)
==25952== by 0x80779AE: main (mplayer.c:3238)
==25952== Warning: set address range perms: large range 268436388 (noaccess)
==25952== Warning: set address range perms: large range 268436396 (noaccess)
==25952==
==25952== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 19 from 1)
==25952== malloc/free: in use at exit: 81,597 bytes in 19 blocks.
==25952== malloc/free: 2,343 allocs, 2,324 frees, 538,294,607 bytes allocated.
==25952== For counts of detected errors, rerun with: -v
==25952== searching for pointers to 19 not-freed blocks.
==25952== checked 2,898,776 bytes.
==25952==
==25952== LEAK SUMMARY:
==25952== definitely lost: 48,697 bytes in 8 blocks.
==25952== possibly lost: 0 bytes in 0 blocks.
==25952== still reachable: 32,900 bytes in 11 blocks.
==25952== suppressed: 0 bytes in 0 blocks.
==25952== Rerun with --leak-check=full to see details of leaked memory.
*This report to inform the error found in Mplayer using the test case: 36-p6.mp4 with Stack hash: 879750629 and back-trace at: gen_sh_video (demux_mov.c:1106).
#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.
*URL at: metafuzz.com
