Opened 16 years ago
Last modified 13 years ago
#1235 new defect
For this .mp3 file, valgrind reports InvalidRead, UninitCondition.
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | demuxer |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
This bug was found as part of the metafuzz project, see http://www.metafuzz.com
For this .mp3 file, valgrind reports InvalidRead, UninitCondition.
System Info:
MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
Playing 21.mp3.
##############################################################
to reproduce:
wget http://www.metafuzz.com/testcases/373907-0-4003270842-SyscallParam.tgz
tar xzf 373907-0-4003270842-SyscallParam.tgz
valgrind mplayer 21.mp3
::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::
==5323== Memcheck, a memory error detector.
==5323== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==5323== Using LibVEX rev 1715, a library for dynamic binary translation.
==5323== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==5323== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==5323== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==5323== For more details, rerun with: -v
==5323==
==5323== My PID = 5323, parent PID = 5322. Prog and args are:
==5323== mplayer
==5323== 21.mp3
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4126823808
==5323== at 0x400A65C: (within /lib/ld-2.7.so)
==5323== by 0x4003125: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4228028502
==5323== at 0x400A692: (within /lib/ld-2.7.so)
==5323== by 0x4003125: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 936347057
==5323== at 0x400B19D: (within /lib/ld-2.7.so)
==5323== by 0x4003125: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 3629006124
==5323== at 0x400A542: (within /lib/ld-2.7.so)
==5323== by 0x4003383: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 3643999412
==5323== at 0x400A54A: (within /lib/ld-2.7.so)
==5323== by 0x4003383: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4258724220
==5323== at 0x400A692: (within /lib/ld-2.7.so)
==5323== by 0x4003383: (within /lib/ld-2.7.so)
==5323== by 0x40138EC: (within /lib/ld-2.7.so)
==5323== by 0x4000C3D: (within /lib/ld-2.7.so)
==5323== by 0x4000816: (within /lib/ld-2.7.so)
==5323==
==5323== Invalid read of size 4
==5323== Stack hash: 1364543850
==5323== at 0x417FBC4: (within /lib/libc-2.7.so)
==5323== Address 0x10 is not stack'd, malloc'd or (recently) free'd
==5323==
==5323== Process terminating with default action of signal 11 (SIGSEGV)
==5323== Access not within mapped region at address 0x10
==5323== Stack hash: 1364543850
==5323== at 0x417FBC4: (within /lib/libc-2.7.so)
==5323==
==5323== ERROR SUMMARY: 20 errors from 7 contexts (suppressed: 0 from 0)
==5323== malloc/free: in use at exit: 33,644 bytes in 21 blocks.
==5323== malloc/free: 3,379 allocs, 3,358 frees, 1,598,202 bytes allocated.
==5323== For counts of detected errors, rerun with: -v
==5323== searching for pointers to 21 not-freed blocks.
==5323== checked 2,952,256 bytes.
==5323==
==5323== LEAK SUMMARY:
==5323== definitely lost: 0 bytes in 0 blocks.
==5323== possibly lost: 0 bytes in 0 blocks.
==5323== still reachable: 33,644 bytes in 21 blocks.
==5323== suppressed: 0 bytes in 0 blocks.
==5323== Reachable blocks (those to which a pointer was found) are not shown.
==5323== To see them, rerun with: --leak-check=full --show-reachable=yes
