Opened 11 years ago

Last modified 9 years ago

#1235 new defect

For this .mp3 file, valgrind reports InvalidRead, UninitCondition.

Reported by: xuecongli@… Owned by: reimar
Priority: normal Component: demuxer
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

This bug was found as part of the metafuzz project, see http://www.metafuzz.com

For this .mp3 file, valgrind reports InvalidRead?, UninitCondition?.

System Info:

MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 21.mp3.

##############################################################

to reproduce:
wget http://www.metafuzz.com/testcases/373907-0-4003270842-SyscallParam.tgz
tar xzf 373907-0-4003270842-SyscallParam?.tgz
valgrind mplayer 21.mp3

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==5323== Memcheck, a memory error detector.
==5323== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==5323== Using LibVEX rev 1715, a library for dynamic binary translation.
==5323== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks? LLP.
==5323== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==5323== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==5323== For more details, rerun with: -v
==5323==
==5323== My PID = 5323, parent PID = 5322. Prog and args are:
==5323== mplayer
==5323== 21.mp3
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4126823808
==5323== at 0x400A65C: (within /lib/ld-2.7.so)
==5323== by 0x4003125: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4228028502
==5323== at 0x400A692: (within /lib/ld-2.7.so)
==5323== by 0x4003125: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 936347057
==5323== at 0x400B19D: (within /lib/ld-2.7.so)
==5323== by 0x4003125: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 3629006124
==5323== at 0x400A542: (within /lib/ld-2.7.so)
==5323== by 0x4003383: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 3643999412
==5323== at 0x400A54A: (within /lib/ld-2.7.so)
==5323== by 0x4003383: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4258724220
==5323== at 0x400A692: (within /lib/ld-2.7.so)
==5323== by 0x4003383: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Invalid read of size 4
==5323== Stack hash: 1364543850
==5323== at 0x417FBC4: (within /lib/libc-2.7.so)
==5323== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==5323==
==5323== Process terminating with default action of signal 11 (SIGSEGV)
==5323== Access not within mapped region at address 0x10
==5323== Stack hash: 1364543850
==5323== at 0x417FBC4: (within /lib/libc-2.7.so)
==5323==
==5323== ERROR SUMMARY: 20 errors from 7 contexts (suppressed: 0 from 0)
==5323== malloc/free: in use at exit: 33,644 bytes in 21 blocks.
==5323== malloc/free: 3,379 allocs, 3,358 frees, 1,598,202 bytes allocated.
==5323== For counts of detected errors, rerun with: -v
==5323== searching for pointers to 21 not-freed blocks.
==5323== checked 2,952,256 bytes.
==5323==
==5323== LEAK SUMMARY:
==5323== definitely lost: 0 bytes in 0 blocks.
==5323== possibly lost: 0 bytes in 0 blocks.
==5323== still reachable: 33,644 bytes in 21 blocks.
==5323== suppressed: 0 bytes in 0 blocks.
==5323== Reachable blocks (those to which a pointer was found) are not shown.
==5323== To see them, rerun with: --leak-check=full --show-reachable=yes

Change History (1)

comment:1 Changed 9 years ago by compn

  • Owner changed from r_togni@… to reimar
Note: See TracTickets for help on using tickets.