Opened 11 years ago

Closed 8 years ago

Last modified 8 years ago

#1281 closed defect (invalid)

For this .mp3 file, valgrind reports SyscallParam, UninitValue, UninitCondition.

Reported by: xuecongli@… Owned by: reimar
Priority: normal Component: demuxer
Version: HEAD Severity: normal
Keywords: Cc: catchconv-bugreports@…
Blocked By: Blocking:
Reproduced by developer: Analyzed by developer:

Description

This bug was found as part of the metafuzz project, see http://www.metafuzz.com

For this .mp3 file, valgrind reports SyscallParam?, UninitValue?, UninitCondition?.

System Info:
MPlayer dev-SVN-r27614-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood; Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
Playing 199-song0004.mp3.
##############################################################
to reproduce:
wget http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz
tar xzf 664852-199-311034112-result256.tgz
valgrind mplayer 199-song0004.mp3
::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::
==18860== Memcheck, a memory error detector.
==18860== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==18860== Using LibVEX rev 1715, a library for dynamic binary translation.
==18860== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks? LLP.
==18860== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==18860== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==18860== For more details, rerun with: -v
==18860==
==18860== My PID = 18860, parent PID = 18859. Prog and args are:
==18860== mplayer
==18860== 199-song0004.mp3
==18860==
==18860== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s)
==18860== Stack hash: 2542116815
==18860== at 0x4000792: (within /lib/ld-2.3.6.so)
==18860== Address 0xBEA07878 is on thread 1's stack
==18860==
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 2849271825
==18860== at 0x8478A26: huffman_decode (mpegaudiodec.c:1518)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 4003457328
==18860== at 0x8478A79: huffman_decode (mpegaudiodec.c:1528)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 739213402
==18860== at 0x8478E1B: huffman_decode (mpegaudiodec.c:230)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 3009911293
==18860== at 0x8478E22: huffman_decode (mpegaudiodec.c:231)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Conditional jump or move depends on uninitialised value(s)
==18860== Stack hash: 258914135
==18860== at 0x8478E34: huffman_decode (mpegaudiodec.c:234)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 233798725
==18860== at 0x8478DCA: huffman_decode (mpegaudiodec.c:230)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 2504496616
==18860== at 0x8478DD1: huffman_decode (mpegaudiodec.c:231)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Conditional jump or move depends on uninitialised value(s)
==18860== Stack hash: 2426539689
==18860== at 0x8478DDE: huffman_decode (mpegaudiodec.c:234)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 1662138821
==18860== at 0x8478D4A: huffman_decode (mpegaudiodec.c:1541)
==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860== by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860== by 0x811E154: demux_open (demuxer.c:998)
==18860== by 0x8079B7C: main (mplayer.c:3237)
==18860==
==18860== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s)
==18860== Stack hash: 3997929021
==18860== at 0x4000792: (within /lib/ld-2.3.6.so)
==18860== Address 0xBEA07898 is on thread 1's stack
==18860==
==18860== ERROR SUMMARY: 424 errors from 11 contexts (suppressed: 21 from 1)
==18860== malloc/free: in use at exit: 41,286 bytes in 15 blocks.
==18860== malloc/free: 6,731 allocs, 6,716 frees, 4,267,463 bytes allocated.
==18860== For counts of detected errors, rerun with: -v
==18860== searching for pointers to 15 not-freed blocks.
==18860== checked 3,258,620 bytes.
==18860==
==18860== LEAK SUMMARY:
==18860== definitely lost: 0 bytes in 0 blocks.
==18860== possibly lost: 0 bytes in 0 blocks.
==18860== still reachable: 41,286 bytes in 15 blocks.
==18860== suppressed: 0 bytes in 0 blocks.
==18860== Reachable blocks (those to which a pointer was found) are not shown.
==18860== To see them, rerun with: --leak-check=full --show-reachable=yes

Change History (3)

comment:1 Changed 8 years ago by compn

  • Owner changed from r_togni@… to reimar

comment:2 Changed 8 years ago by reimar

  • Resolution set to invalid
  • Status changed from new to closed

This is a ffmpeg issue, not much we can do about it.
Reported here: http://roundup.ffmpeg.org/issue2416

comment:3 Changed 8 years ago by reimar

Note: See TracTickets for help on using tickets.