For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition,

[xuecongli@…]

This bug was found as part of the SUPERB-TRUST 2008 project, see ​http://www.truststc.org/superb/

For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition,

System Info:

MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 199-song0004.mp3.

##############################################################

to reproduce:
wget ​http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz
tar xzf 664852-199-311034112-result256.tgz
valgrind mplayer 199-song0004.mp3

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==6930== Memcheck, a memory error detector.
==6930== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==6930== Using LibVEX rev 1715, a library for dynamic binary translation.
==6930== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==6930== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==6930== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==6930== For more details, rerun with: -v
==6930==
==6930== My PID = 6930, parent PID = 6929. Prog and args are:
==6930== mplayer
==6930== 199-song0004.mp3
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 4126823808
==6930== at 0x400A65C: (within /lib/ld-2.7.so)
==6930== by 0x4003125: (within /lib/ld-2.7.so)
==6930== by 0x40138EC: (within /lib/ld-2.7.so)
==6930== by 0x4000C3D: (within /lib/ld-2.7.so)
==6930== by 0x4000816: (within /lib/ld-2.7.so)
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 4228028502
==6930== at 0x400A692: (within /lib/ld-2.7.so)
==6930== by 0x4003125: (within /lib/ld-2.7.so)
==6930== by 0x40138EC: (within /lib/ld-2.7.so)
==6930== by 0x4000C3D: (within /lib/ld-2.7.so)
==6930== by 0x4000816: (within /lib/ld-2.7.so)
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 936347057
==6930== at 0x400B19D: (within /lib/ld-2.7.so)
==6930== by 0x4003125: (within /lib/ld-2.7.so)
==6930== by 0x40138EC: (within /lib/ld-2.7.so)
==6930== by 0x4000C3D: (within /lib/ld-2.7.so)
==6930== by 0x4000816: (within /lib/ld-2.7.so)
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 3629006124
==6930== at 0x400A542: (within /lib/ld-2.7.so)
==6930== by 0x4003383: (within /lib/ld-2.7.so)
==6930== by 0x40138EC: (within /lib/ld-2.7.so)
==6930== by 0x4000C3D: (within /lib/ld-2.7.so)
==6930== by 0x4000816: (within /lib/ld-2.7.so)
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 3643999412
==6930== at 0x400A54A: (within /lib/ld-2.7.so)
==6930== by 0x4003383: (within /lib/ld-2.7.so)
==6930== by 0x40138EC: (within /lib/ld-2.7.so)
==6930== by 0x4000C3D: (within /lib/ld-2.7.so)
==6930== by 0x4000816: (within /lib/ld-2.7.so)
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 4258724220
==6930== at 0x400A692: (within /lib/ld-2.7.so)
==6930== by 0x4003383: (within /lib/ld-2.7.so)
==6930== by 0x40138EC: (within /lib/ld-2.7.so)
==6930== by 0x4000C3D: (within /lib/ld-2.7.so)
==6930== by 0x4000816: (within /lib/ld-2.7.so)
==6930==
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 1861723244
==6930== at 0x84691C6: huffman_decode (mpegaudiodec.c:1558)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 3015908747
==6930== at 0x8469219: huffman_decode (mpegaudiodec.c:1568)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 4046632117
==6930== at 0x84695BB: huffman_decode (mpegaudiodec.c:231)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 2022362712
==6930== at 0x84695C2: huffman_decode (mpegaudiodec.c:232)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 3566332850
==6930== at 0x84695D4: huffman_decode (mpegaudiodec.c:235)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 3541217440
==6930== at 0x846956A: huffman_decode (mpegaudiodec.c:231)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 1516948035
==6930== at 0x8469571: huffman_decode (mpegaudiodec.c:232)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 1438991108
==6930== at 0x846957E: huffman_decode (mpegaudiodec.c:235)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 674590240
==6930== at 0x84694EA: huffman_decode (mpegaudiodec.c:1581)
==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930== by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930== by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930== by 0x811CB04: demux_open (demuxer.c:998)
==6930== by 0x8078D8C: main (mplayer.c:3237)
==6930==
==6930== Invalid read of size 4
==6930== Stack hash: 1364543850
==6930== at 0x417FBC4: (within /lib/libc-2.7.so)
==6930== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==6930==
==6930== Process terminating with default action of signal 11 (SIGSEGV)
==6930== Access not within mapped region at address 0x10
==6930== Stack hash: 1364543850
==6930== at 0x417FBC4: (within /lib/libc-2.7.so)
==6930==
==6930== ERROR SUMMARY: 442 errors from 16 contexts (suppressed: 0 from 0)
==6930== malloc/free: in use at exit: 33,644 bytes in 21 blocks.
==6930== malloc/free: 6,297 allocs, 6,276 frees, 4,225,284 bytes allocated.
==6930== For counts of detected errors, rerun with: -v
==6930== searching for pointers to 21 not-freed blocks.
==6930== checked 2,952,272 bytes.
==6930==
==6930== LEAK SUMMARY:
==6930== definitely lost: 0 bytes in 0 blocks.
==6930== possibly lost: 0 bytes in 0 blocks.
==6930== still reachable: 33,644 bytes in 21 blocks.
==6930== suppressed: 0 bytes in 0 blocks.
==6930== Reachable blocks (those to which a pointer was found) are not shown.
==6930== To see them, rerun with: --leak-check=full --show-reachable=yes

[reimar]

Behaviour with latest SVN seems identical to 1281.