Opened 16 years ago
Closed 14 years ago
#1167 closed defect (fixed)
Valgrind reports conditional jump or move depends on uninitialised value(s) in demux_avi_select_stream() (demux_avi.c:74)
Reported by: | Owned by: | reimar | |
---|---|---|---|
Priority: | normal | Component: | demuxer |
Version: | HEAD | Severity: | normal |
Keywords: | Cc: | catchconv-bugreports@… | |
Blocked By: | Blocking: | ||
Reproduced by developer: | no | Analyzed by developer: | no |
Description
In the tgz archive which can be downloaded from the URL
http://www.metafuzz.com/testcases/139106-2-2302462433-UninitCondition.tgz, there
is an avi file (2-dog.avi) where Valgrind reports conditional jump or move depends on uninitialised value(s) in demux_avi_select_stream().
I confirmed that this bug is reproducible in the latest subversion of MPlayer,
r27255-4.1.2 .
My System Information:
OS: Linux Debian x32
kernel: Linux debian 2.6.18-6-486 #1 Fri Jun 6 21:47:01 UTC 2008 i686 GNU/Linux
libc version: libc-2.3.6.so
gcc version 4.1.2 20061115
ld version 2.17
My Hardware Information:
32-bit Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Multimedia audio controller: Ensoniq ES1371 [AudioPCI-97] (rev 02)
To reproduce:
wget http://www.metafuzz.com/testcases/139106-2-2302462433-UninitCondition.tgz
tar xzvf 139106-2-2302462433-UninitCondition.tgz
valgrind mplayer 2-dog.avi
The following is the output from Valgrind:
==9503== Memcheck, a memory error detector.
==9503== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9503== Using LibVEX rev 1854, a library for dynamic binary translation.
==9503== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9503== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==9503== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9503== For more details, rerun with: -v
==9503==
MPlayer dev-SVN-r27255-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6)
CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2
Playing 139106-2-2302462433-UninitCondition.tgz_FILES/2-dog.avi.
AVI file format detected.
==9503== Conditional jump or move depends on uninitialised value(s)
==9503== Stack hash: 2346575672
==9503== at 0x812604B: demux_avi_select_stream (demux_avi.c:74)
==9503== by 0x8126E7F: demux_open_hack_avi (demux_avi.c:453)
==9503== by 0x811E20F: demux_open_stream (demuxer.c:811)
==9503== by 0x811E601: demux_open (demuxer.c:991)
==9503== by 0x807799E: main (mplayer.c:3238)
==9503==
==9503== Conditional jump or move depends on uninitialised value(s)
==9503== Stack hash: 1739347508
==9503== at 0x8125F07: demux_avi_select_stream (demuxer.h:368)
==9503== by 0x8126E7F: demux_open_hack_avi (demux_avi.c:453)
==9503== by 0x811E20F: demux_open_stream (demuxer.c:811)
==9503== by 0x811E601: demux_open (demuxer.c:991)
==9503== by 0x807799E: main (mplayer.c:3238)
AVI_NI: No video stream found.
libavformat file format detected.
[avi @ 0x863dc50]unknown stream type 73647161
LAVF_header: av_open_input_stream() failed
Exiting... (End of file)
==9503==
==9503== ERROR SUMMARY: 65495 errors from 2 contexts (suppressed: 19 from 1)
==9503== malloc/free: in use at exit: 33,736 bytes in 12 blocks.
==9503== malloc/free: 2,438 allocs, 2,426 frees, 1,874,099 bytes allocated.
==9503== For counts of detected errors, rerun with: -v
==9503== searching for pointers to 12 not-freed blocks.
==9503== checked 2,862,288 bytes.
==9503==
==9503== LEAK SUMMARY:
==9503== definitely lost: 836 bytes in 1 blocks.
==9503== possibly lost: 0 bytes in 0 blocks.
==9503== still reachable: 32,900 bytes in 11 blocks.
==9503== suppressed: 0 bytes in 0 blocks.
==9503== Rerun with --leak-check=full to see details of leaked memory.
This bug was found using the zzuf fuzzer.
This bug was found as part of the SUPERB-TRUST 2008 project; see
http://www.truststc.org/superb/
Please let me know if you need more information.
Change History (2)
comment:1 by , 14 years ago
Owner: | changed from | to
---|
comment:2 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed by SVN r32707.