Opened 16 years ago
Last modified 14 years ago
#1161 new defect
[Crash]for .flac file, Valgrind reports several InvalidReads and Mplayer crashes
| Reported by: | Owned by: | reimar | |
|---|---|---|---|
| Priority: | normal | Component: | demuxer |
| Version: | HEAD | Severity: | normal |
| Keywords: | Cc: | catchconv-bugreports@… | |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | no | Analyzed by developer: | no |
Description
For this .flac file, Valgrind reports several invalidRead in the latest subversion of Mplayer , SVN-r27249-4.1.2 , and the Mplayer chrashes.
System Info:
OS: Debian Etch Linux, Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
uname -a: Linux debian 2.6.18-4-486 #1 Mon Mar 26 16:39:10 UTC 2007 i686 GNU/Linux
to reproduce:
wget http://www.metafuzz.com/testcases/895266-71-4125452098-InvalidRead.tgz
tar xzf 895266-71-4125452098-InvalidRead.tgz
valgrind mplayer 71-snippet3.flac
::::::::::::::::::::Valgring result:::::::::::::::::::::::::::::
Playing 71-snippet3.flac.
Audio file file format detected.
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
==13713== Invalid read of size 1<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>
==13713== Stack hash: 3608818708
==13713== at 0x84099A2: metadata_parse (bitstream.h:694)
==13713== by 0x8409BBB: flac_decode_frame (flac.c:635)
==13713== by 0x82ED45A: avcodec_decode_audio2 (utils.c:928)
==13713== by 0x81988B8: decode_audio (ad_ffmpeg.c:161)
==13713== by 0x8198C06: init (ad_ffmpeg.c:109)
==13713== by 0x80DB112: init_audio (dec_audio.c:95)
==13713== by 0x80DB508: init_best_audio_codec (dec_audio.c:270)
==13713== by 0x8076778: reinit_audio_chain (mplayer.c:1585)
==13713== by 0x8078121: main (mplayer.c:3583)
==13713== Address 0x43cb05a is not stack'd, malloc'd or (recently) free'd
==13713==
==13713== Invalid read of size 4<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==13713== Stack hash: 4185005806
==13713== at 0x84099BC: metadata_parse (bitstream.h:658)
==13713== by 0x8409BBB: flac_decode_frame (flac.c:635)
==13713== by 0x82ED45A: avcodec_decode_audio2 (utils.c:928)
==13713== by 0x81988B8: decode_audio (ad_ffmpeg.c:161)
==13713== by 0x8198C06: init (ad_ffmpeg.c:109)
==13713== by 0x80DB112: init_audio (dec_audio.c:95)
==13713== by 0x80DB508: init_best_audio_codec (dec_audio.c:270)
==13713== by 0x8076778: reinit_audio_chain (mplayer.c:1585)
==13713== by 0x8078121: main (mplayer.c:3583)
==13713== Address 0x43cb05a is not stack'd, malloc'd or (recently) free'd
==13713==
==13713== Invalid read of size 4
==13713== Stack hash: 190229347
==13713== at 0x84099D1: metadata_parse (bitstream.h:658)
==13713== by 0x8409BBB: flac_decode_frame (flac.c:635)
==13713== by 0x82ED45A: avcodec_decode_audio2 (utils.c:928)
==13713== by 0x81988B8: decode_audio (ad_ffmpeg.c:161)
==13713== by 0x8198C06: init (ad_ffmpeg.c:109)
==13713== by 0x80DB112: init_audio (dec_audio.c:95)
==13713== by 0x80DB508: init_best_audio_codec (dec_audio.c:270)
==13713== by 0x8076778: reinit_audio_chain (mplayer.c:1585)
==13713== by 0x8078121: main (mplayer.c:3583)
==13713== Address 0x43cb05b is not stack'd, malloc'd or (recently) free'd
==13713==
==13713== Invalid read of size 4<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>
==13713== Stack hash: 490420184
==13713== at 0x84099E6: metadata_parse (bitstream.h:658)
==13713== by 0x8409BBB: flac_decode_frame (flac.c:635)
==13713== by 0x82ED45A: avcodec_decode_audio2 (utils.c:928)
==13713== by 0x81988B8: decode_audio (ad_ffmpeg.c:161)
==13713== by 0x8198C06: init (ad_ffmpeg.c:109)
==13713== by 0x80DB112: init_audio (dec_audio.c:95)
==13713== by 0x80DB508: init_best_audio_codec (dec_audio.c:270)
==13713== by 0x8076778: reinit_audio_chain (mplayer.c:1585)
==13713== by 0x8078121: main (mplayer.c:3583)
==13713== Address 0x43cb05d is not stack'd, malloc'd or (recently) free'd
==13713==
==13713== Invalid read of size 4<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>
==13713== Stack hash: 1987875803
==13713== at 0x84097C1: ff_flac_parse_streaminfo (bitstream.h:658)
==13713== by 0x8409A64: metadata_parse (flac.c:199)
==13713== by 0x8409BBB: flac_decode_frame (flac.c:635)
==13713== by 0x82ED45A: avcodec_decode_audio2 (utils.c:928)
==13713== by 0x81988B8: decode_audio (ad_ffmpeg.c:161)
==13713== by 0x8198C06: init (ad_ffmpeg.c:109)
==13713== by 0x80DB112: init_audio (dec_audio.c:95)
==13713== by 0x80DB508: init_best_audio_codec (dec_audio.c:270)
==13713== by 0x8076778: reinit_audio_chain (mplayer.c:1585)
==13713== by 0x8078121: main (mplayer.c:3583)
==13713== Address 0x45aeffa is not stack'd, malloc'd or (recently) free'd
==13713==
==13713== Invalid read of size 4<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
==13713== Stack hash: 612377224
==13713== at 0x84097CA: ff_flac_parse_streaminfo (bitstream.h:658)
==13713== by 0x8409A64: metadata_parse (flac.c:199)
==13713== by 0x8409BBB: flac_decode_frame (flac.c:635)
==13713== by 0x82ED45A: avcodec_decode_audio2 (utils.c:928)
==13713== by 0x81988B8: decode_audio (ad_ffmpeg.c:161)
==13713== by 0x8198C06: init (ad_ffmpeg.c:109)
==13713== by 0x80DB112: init_audio (dec_audio.c:95)
==13713== by 0x80DB508: init_best_audio_codec (dec_audio.c:270)
==13713== by 0x8076778: reinit_audio_chain (mplayer.c:1585)
==13713== by 0x8078121: main (mplayer.c:3583)
==13713== Address 0x45aeffc is not stack'd, malloc'd or (recently) free'd
MPlayer interrupted by signal 11 in module: init_audio_codec
- MPlayer crashed by bad usage of CPU/FPU/RAM.<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>> Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug.
==13713==
==13713== ERROR SUMMARY: 1982371 errors from 6 contexts (suppressed: 19 from 1)
==13713== malloc/free: in use at exit: 489,516 bytes in 2,187 blocks.
==13713== malloc/free: 2,318 allocs, 131 frees, 1,836,180 bytes allocated.
==13713== For counts of detected errors, rerun with: -v
==13713== searching for pointers to 2,187 not-freed blocks.
==13713== checked 3,316,080 bytes.
==13713==
==13713== LEAK SUMMARY:
==13713== definitely lost: 0 bytes in 0 blocks.
==13713== possibly lost: 0 bytes in 0 blocks.
==13713== still reachable: 489,516 bytes in 2,187 blocks.
==13713== suppressed: 0 bytes in 0 blocks.
===========================================================
Backtrace using (gdb)
=================================================================
GNU gdb 6.4.90-debian
(gdb) run -v 71-snippet3.flac
Starting program: /usr/local/bin/mplayer -v 71-snippet3.flac
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1210709792 (LWP 13074)]
MPlayer dev-SVN-r27249-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '71-snippet3.flac'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('71-snippet3.flac.conf') -> '/home/user/.mplayer/71-snippet3.flac.conf'
Playing 71-snippet3.flac.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 199844 bytes
STREAM: [file] 71-snippet3.flac
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: raw FLAC
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename 71-snippet3.flac ext: .flac
Trying demuxer 17 based on filename extension
==> Found audio stream: 0
demux_audio: seeking from 0x1A to start pos 0x0
demux_audio: audio data 0x0 - 0x30CA4
Audio file file format detected.
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
dec_audio: Allocating 192000 + 65536 = 257536 bytes for output buffer.
FFmpeg's libavcodec audio codec
INFO: libavcodec init OK!
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210709792 (LWP 13074)]
0x084099a2 in metadata_parse (s=0x89a7ff0) at bitstream.h:694
694 result<<= (index&0x07);
(gdb)
(gdb) bt
#0 0x084099a2 in metadata_parse (s=0x89a7ff0) at bitstream.h:694
#1 0x08409bbc in flac_decode_frame (avctx=0x89a7c80, data=0xb7bf9020,
data_size=0xbfc3b970, buf=0x89b80c0 "fLaC", buf_size=65536) at flac.c:635
#2 0x082ed45b in avcodec_decode_audio2 (avctx=0x89a7c80, samples=0xb7bf9020,
frame_size_ptr=0xbfc3b970,
buf=0x89a80b0 "õßúÖ\nE\035\v\202\210¯×Ç\235Hs_z\231\224$\204cd\"§\202\204ûéSZµÏ\207Ø%\177\210S\212׊\217\bNo¬UÝ\025+ÖûwBg«\236|Fß'ñ\f{B|m\027Ïíf¿\237*I`;Ö\226®Ôâ)\f€¥q\232öÊ\207\b\r\226ÇllH|\217\003U\230'V<Þ°Ï,é\030R¡\025Æ4\033\t\233e|Í\021«<\225ÆŒ
Âè\205œ¿ôùIÃÎç¡]gq=¡å.÷Ç6ß³wú6\223hŠ\036pFá\205Î7/\n€±\212\030»\211Ñ\017!\017Z8GºÒ\006\212ä\004\005»Ë\224*ñ"..., buf_size=65535) at utils.c:928
#3 0x081988b9 in decode_audio (sh_audio=0x89a7b80, buf=0xb7bf9020 "", minlen=1,
maxlen=257536) at libmpcodecs/ad_ffmpeg.c:161
#4 0x08198c07 in init (sh_audio=0x89a7b80) at libmpcodecs/ad_ffmpeg.c:109
#5 0x080db113 in init_audio (sh_audio=0x89a7b80, codecname=0x0, afm=0x0, status=1,
selected=0xbfc3ba58) at libmpcodecs/dec_audio.c:95
#6 0x080db509 in init_best_audio_codec (sh_audio=0x89a7b80, audio_codec_list=0xbfc3ba50,
audio_fm_list=0x0) at libmpcodecs/dec_audio.c:270
#7 0x08076779 in reinit_audio_chain () at mplayer.c:1585
#8 0x08078122 in main (argc=3, argv=0xbfc3cd14) at mplayer.c:3583
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8409982 to 0x84099c2:
0x08409982 <metadata_parse+162>: add %al,(%eax)
0x08409984 <metadata_parse+164>: lea 0x0(%esi),%esi
0x0840998a <metadata_parse+170>: lea 0x0(%edi),%edi
0x08409990 <metadata_parse+176>: mov 0xffffffec(%ebp),%edx
0x08409993 <metadata_parse+179>: mov 0x8(%edx),%ebx
0x08409996 <metadata_parse+182>: mov (%edx),%esi
0x08409998 <metadata_parse+184>: mov %ebx,%eax
0x0840999a <metadata_parse+186>: mov %ebx,%ecx
0x0840999c <metadata_parse+188>: sar $0x3,%eax
0x0840999f <metadata_parse+191>: and $0x7,%ecx
0x084099a2 <metadata_parse+194>: movzbl (%esi,%eax,1),%eax
0x084099a6 <metadata_parse+198>: shl %cl,%al
0x084099a8 <metadata_parse+200>: shr $0x7,%al
0x084099ab <metadata_parse+203>: lea 0x1(%ebx),%ecx
0x084099ae <metadata_parse+206>: mov %al,0xfffffff3(%ebp)
0x084099b1 <metadata_parse+209>: mov %ecx,%eax
0x084099b3 <metadata_parse+211>: mov %ecx,0x8(%edx)
0x084099b6 <metadata_parse+214>: sar $0x3,%eax
0x084099b9 <metadata_parse+217>: and $0x7,%ecx
0x084099bc <metadata_parse+220>: mov (%esi,%eax,1),%edi
0x084099bf <metadata_parse+223>: bswap %edi
0x084099c1 <metadata_parse+225>: shl %cl,%edi
End of assembler dump.
(gdb) info all-registers
eax 0x8002a 524330
ecx 0x0 0
edx 0x89a800c 144343052
ebx 0x400150 4194640
esp 0xbfc3b7f0 0xbfc3b7f0
ebp 0xbfc3b838 0xbfc3b838
esi 0x89b80c0 144408768
edi 0x89b80c0 144408768
eip 0x84099a2 0x84099a2 <metadata_parse+194>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 0.54824946668339813449222219787770882 (raw 0x3ffe8c5a13b974631000)
st7 0.54824946668339813449222219787770882 (raw 0x3ffe8c5a13b974631000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
---Type <return> to continue, or q <return> to quit---
fiseg 0x73 115
fioff 0x819887d 135891069
foseg 0x7b 123
fooff 0x89a7c2c 144342060
fop 0x59f 1439
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {
0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0},
uint128 = 0x00000000000000000000000000000000}
mxcsr 0x1f80 [ IM DM ZM OM UM PM ]
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0},
v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {
0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
mm6 {uint64 = 0x8c5a13b974631000, v2_int32 = {0x74631000, 0x8c5a13b9},
v4_int16 = {0x1000, 0x7463, 0x13b9, 0x8c5a}, v8_int8 = {0x0, 0x10, 0x63, 0x74, 0xb9,
0x13, 0x5a, 0x8c}}
mm7 {uint64 = 0x8c5a13b974631000, v2_int32 = {0x74631000, 0x8c5a13b9},
---Type <return> to continue, or q <return> to quit---
v4_int16 = {0x1000, 0x7463, 0x13b9, 0x8c5a}, v8_int8 = {0x0, 0x10, 0x63, 0x74, 0xb9,
0x13, 0x5a, 0x8c}}
========================================================================
========================================================================
========================================================================
This bug was found as part of the SUPERB-TRUST 2008 / metafuzz project;
See : http://metafuzz.com/ http://www.truststc.org/superb/
Similar to this file, another .flac file produced an invalid read and crashed the Mplayer, version r27305-4.1.2. I decided to report here, since it might be duplicate of bug 1161. I thought it would help finding a patch .
thank you
##########################################
to produce ::::::
wget http://www.metafuzz.com/testcases/187491-106-6143737600-result32512.tgz
tar xzf 187491-106-6143737600-result32512.tgz
valgrind mplayer 106-Baba.flac
Valgrind Output :::::::::::::::::
==12346== Invalid read of size 1 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
==12346== Stack hash: 3954036436
==12346== at 0x8409892: metadata_parse (bitstream.h:655)
==12346== by 0x8409AAB: flac_decode_frame (flac.c:635)
==12346== by 0x82ECB5A: avcodec_decode_audio2 (utils.c:928)
==12346== by 0x81986F8: decode_audio (ad_ffmpeg.c:161)
==12346== by 0x8198A46: init (ad_ffmpeg.c:109)
==12346== by 0x80DB032: init_audio (dec_audio.c:95)
==12346== by 0x80DB428: init_best_audio_codec (dec_audio.c:270)
==12346== by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==12346== by 0x8078131: main (mplayer.c:3583)
==12346== Address 0x480f1a6 is not stack'd, malloc'd or (recently) free'd
MPlayer interrupted by signal 11 in module: init_audio_codec
===========================================================
Backtrace using (gdb)
=================================================================
(gdb) run -v 106-Baba.flac
Starting program: /usr/local/bin/mplayer -v 106-Baba.flac
Failed to read a valid object file image from memory.
[Thread debugging using libthread_db enabled]
[New Thread -1210697504 (LWP 12780)]
MPlayer dev-SVN-r27305-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
get_path('codecs.conf') -> '/home/user/.mplayer/codecs.conf'
Reading /home/user/.mplayer/codecs.conf: Can't open '/home/user/.mplayer/codecs.conf': No such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '106-Baba.flac'
get_path('font/font.desc') -> '/home/user/.mplayer/font/font.desc'
font: can't open file: /home/user/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/home/user/.mplayer/input.conf'
Can't open input config file /home/user/.mplayer/input.conf: No such file or directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory
Falling back on default (hardcoded) input config
get_path('106-Baba.flac.conf') -> '/home/user/.mplayer/106-Baba.flac.conf'
Playing 106-Baba.flac.
get_path('sub/') -> '/home/user/.mplayer/sub/'
[file] File size is 1600030 bytes
STREAM: [file] 106-Baba.flac
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: raw FLAC
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename 106-Baba.flac ext: .flac
Trying demuxer 17 based on filename extension
==> Found audio stream: 0
demux_audio: seeking from 0x1A to start pos 0x0
demux_audio: audio data 0x0 - 0x186A1E
Audio file file format detected.
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
dec_audio: Allocating 192000 + 65536 = 257536 bytes for output buffer.
FFmpeg's libavcodec audio codec
INFO: libavcodec init OK!
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210697504 (LWP 12780)]
0x08409892 in metadata_parse (s=0x89b3010) at bitstream.h:655
655 result<<= (index&0x07);
(gdb) bt
#0 0x08409892 in metadata_parse (s=0x89b3010) at bitstream.h:655
#1 0x08409aac in flac_decode_frame (avctx=0x89b2c80, data=0xb7bfc020,
#2 0x082ecb5b in avcodec_decode_audio2 (avctx=0x89b2c80, samples=0xb7bfc020,
#3 0x081986f9 in decode_audio (sh_audio=0x89b2b80, buf=0xb7bfc020 "",
#4 0x08198a47 in init (sh_audio=0x89b2b80) at libmpcodecs/ad_ffmpeg.c:109
#5 0x080db033 in init_audio (sh_audio=0x89b2b80, codecname=0x0, afm=0x0,
#6 0x080db429 in init_best_audio_codec (sh_audio=0x89b2b80,
#7 0x08076789 in reinit_audio_chain () at mplayer.c:1585
#8 0x08078132 in main (argc=3, argv=0xbfb0d3e4) at mplayer.c:3583
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x8409872 to 0x84098b2:
0x08409872 <metadata_parse+162>: add %al,(%eax)
0x08409874 <metadata_parse+164>: lea 0x0(%esi),%esi
0x0840987a <metadata_parse+170>: lea 0x0(%edi),%edi
0x08409880 <metadata_parse+176>: mov 0xffffffec(%ebp),%edx
0x08409883 <metadata_parse+179>: mov 0x8(%edx),%ebx
0x08409886 <metadata_parse+182>: mov (%edx),%esi
0x08409888 <metadata_parse+184>: mov %ebx,%eax
0x0840988a <metadata_parse+186>: mov %ebx,%ecx
0x0840988c <metadata_parse+188>: sar $0x3,%eax
0x0840988f <metadata_parse+191>: and $0x7,%ecx
0x08409892 <metadata_parse+194>: movzbl (%esi,%eax,1),%eax
0x08409896 <metadata_parse+198>: shl %cl,%al
0x08409898 <metadata_parse+200>: shr $0x7,%al
0x0840989b <metadata_parse+203>: lea 0x1(%ebx),%ecx
0x0840989e <metadata_parse+206>: mov %al,0xfffffff3(%ebp)
0x084098a1 <metadata_parse+209>: mov %ecx,%eax
0x084098a3 <metadata_parse+211>: mov %ecx,0x8(%edx)
0x084098a6 <metadata_parse+214>: sar $0x3,%eax
0x084098a9 <metadata_parse+217>: and $0x7,%ecx
0x084098ac <metadata_parse+220>: mov (%esi,%eax,1),%edi
0x084098af <metadata_parse+223>: bswap %edi
0x084098b1 <metadata_parse+225>: shl %cl,%edi
---Type <return> to continue, or q <return> to quit---
End of assembler dump.
(gdb) info all-registers
eax 0x4c4186 4997510
ecx 0x0 0
edx 0x89b302c 144388140
ebx 0x2620c30 39980080
esp 0xbfb0bec0 0xbfb0bec0
ebp 0xbfb0bf08 0xbfb0bf08
esi 0x89c30f8 144453880
edi 0x46 70
eip 0x8409892 0x8409892 <metadata_parse+194>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 1 (raw 0x3fff8000000000000000)
st6 1.4703506764488118996325738407904282 (raw 0x3fffbc3473727fe35---Type <return> to continue, or q <return> to quit---
000)
st7 1.4703506764488118996325738407904282 (raw 0x3fffbc3473727fe35000)
fctrl 0x37f 895
fstat 0x20 32
ftag 0xffff 65535
fiseg 0x73 115
fioff 0x81986bd 135890621
foseg 0x7b 123
fooff 0x89b2c2c 144387116
fop 0x59f 1439
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
---Type <return> to continue, or q <return> to quit---
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},