Opened 11 years ago

#1211 new defect

Too many Use of uninitialised and Conditional jump bugs

Reported by: ethiodad@… Owned by: reimar
Priority: normal Component: core
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

Valgrind reported millions of uninitailized and conditional jump bugs while playing the followinf link.
http://www.cs.berkeley.edu/~ethiodad/zuf_enate22.wma

Even thought i have seen similar bug reports that are uninitialized and conditional jump, these bugs that i found playing .wma file seem serious bugs that need attention. these bugs are reproducable in mplayer version SVN-r27327-4.1.2.

Here is the report from Valgrind:

MPlayer dev-SVN-r27327-4.1.2 (C) 2000-2008 MPlayer Team

CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2

Playing zuf_enate22.wma.
ASF file format detected.
[asfheader] Audio stream found, -aid 1
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 2567684456
==11686== at 0x851A929: adpcm_decode_frame (adpcm.c:711)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x8198A96: init (ad_ffmpeg.c:109)
==11686== by 0x80DB022: init_audio (dec_audio.c:95)
==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686== by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 2075487956
==11686== at 0x851A945: adpcm_decode_frame (adpcm.c:720)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x8198A96: init (ad_ffmpeg.c:109)
==11686== by 0x80DB022: init_audio (dec_audio.c:95)
==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686== by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 1402692663
==11686== at 0x851A974: adpcm_decode_frame (common.h:224)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x8198A96: init (ad_ffmpeg.c:109)
==11686== by 0x80DB022: init_audio (dec_audio.c:95)
==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686== by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1094897246
==11686== at 0x851A877: adpcm_decode_frame (adpcm.c:711)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x8198A96: init (ad_ffmpeg.c:109)
==11686== by 0x80DB022: init_audio (dec_audio.c:95)
==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686== by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 602700746
==11686== at 0x851A893: adpcm_decode_frame (adpcm.c:720)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x8198A96: init (ad_ffmpeg.c:109)
==11686== by 0x80DB022: init_audio (dec_audio.c:95)
==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686== by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 372502074
==11686== at 0x851A8C3: adpcm_decode_frame (common.h:224)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x8198A96: init (ad_ffmpeg.c:109)
==11686== by 0x80DB022: init_audio (dec_audio.c:95)
==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686== by 0x8078131: main (mplayer.c:3583)
AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16002->176400)
Selected audio codec: [ffadpcmimadk4] afm: ffmpeg (FFmpeg DK4 IMA ADPCM audio)
==========================================================================
AO: [oss] 44100Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1757386080
==11686== at 0x851A929: adpcm_decode_frame (adpcm.c:711)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x80DA984: decode_audio (dec_audio.c:383)
==11686== by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1809862588
==11686== at 0x851A945: adpcm_decode_frame (adpcm.c:720)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x80DA984: decode_audio (dec_audio.c:383)
==11686== by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 1897948155
==11686== at 0x851A974: adpcm_decode_frame (common.h:224)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x80DA984: decode_audio (dec_audio.c:383)
==11686== by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1423785422
==11686== at 0x851A877: adpcm_decode_frame (adpcm.c:711)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x80DA984: decode_audio (dec_audio.c:383)
==11686== by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1476261930
==11686== at 0x851A893: adpcm_decode_frame (adpcm.c:720)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x80DA984: decode_audio (dec_audio.c:383)
==11686== by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 1566221658
==11686== at 0x851A8C3: adpcm_decode_frame (common.h:224)
==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686== by 0x80DA984: decode_audio (dec_audio.c:383)
==11686== by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Syscall param write(buf) points to uninitialised byte(s)
==11686== Stack hash: 2550802113
==11686== at 0x4000792: (within /lib/ld-2.3.6.so)
==11686== Address 0x433fb90 is 0 bytes inside a block of size 65,536 alloc'd
==11686== Stack hash: 2167153555
==11686== at 0x401D898: malloc (vg_replace_malloc.c:207)
==11686== by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==11686== by 0x80DAA6E: decode_audio (dec_audio.c:401)
==11686== by 0x80784F9: main (mplayer.c:2044)
A: 16.0 (16.0) of 331.0 (05:31.0) 33.7%

MPlayer interrupted by signal 2 in module: play_audio
A: 16.9 (16.9) of 331.0 (05:31.0) 34.5%
Exiting... (Quit)
==11686==
==11686== ERROR SUMMARY: 1282478 errors from 13 contexts (suppressed: 19 from 1)
==11686== malloc/free: in use at exit: 39,029 bytes in 17 blocks.
==11686== malloc/free: 2,480 allocs, 2,463 frees, 1,995,146 bytes allocated.
==11686== For counts of detected errors, rerun with: -v
==11686== searching for pointers to 17 not-freed blocks.
==11686== checked 2,898,920 bytes.
==11686==
==11686== LEAK SUMMARY:
==11686== definitely lost: 5,976 bytes in 1 blocks.
==11686== possibly lost: 0 bytes in 0 blocks.
==11686== still reachable: 33,053 bytes in 16 blocks.
==11686== suppressed: 0 bytes in 0 blocks.
==11686== Rerun with --leak-check=full to see details of leaked memo

The Bugs were found doing summer Research for SUBERB-TRUST 2008.

Change History (0)

Note: See TracTickets for help on using tickets.