From: <bug...@bu...> - 2008-07-16 20:18:47
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1204 Summary: Demuxer: Invalid Write Product: MPlayer Version: HEAD Platform: PC (x86) URL: http://www.eecs.berkeley.edu/~sckhan/4- mp3audioproblem.mp4 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: sc...@ee... CC: cat...@li... The following report is for the SUPERB-TRUST 2008, the cyber security project. #Error found at test case .mp4 file for mplayer version (dev-SVN-r27270-4.1.2) valgrind report the Invalid Read. #The test case is "4-mp3audioproblem.mp4" can be found at the URL *http://www.eecs.berkeley.edu/~sckhan/4-mp3audioproblem.mp4 #Reproducible with the following command *valgrind mplayer Can also be run as: *valgrind --log-file=log25 mplayer 4-mp3audioproblem.mp4 #OS: Debian Etch Linux #Valgrind output: ==11265== Memcheck, a memory error detector. ==11265== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==11265== Using LibVEX rev 1854, a library for dynamic binary translation. ==11265== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==11265== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==11265== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==11265== For more details, rerun with: -v ==11265== ==11265== My PID = 11265, parent PID = 3044. Prog and args are: ==11265== mplayer ==11265== 4-mp3audioproblem.mp4 ==11265== ==11265== Invalid write of size 4 ==11265== Stack hash: 4106567837 ==11265== at 0x813DE59: lschunks_intrak (demux_mov.c:1800) ==11265== by 0x813A290: lschunks (demux_mov.c:1286) ==11265== by 0x813C762: lschunks_intrak (demux_mov.c:1867) ==11265== by 0x813A290: lschunks (demux_mov.c:1286) ==11265== by 0x813C762: lschunks_intrak (demux_mov.c:1867) ==11265== by 0x813A290: lschunks (demux_mov.c:1286) ==11265== by 0x813C762: lschunks_intrak (demux_mov.c:1867) ==11265== by 0x813A290: lschunks (demux_mov.c:1286) ==11265== by 0x813A90E: lschunks (demux_mov.c:1314) ==11265== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==11265== by 0x811E23E: demux_open_stream (demuxer.c:864) ==11265== by 0x811E511: demux_open (demuxer.c:991) ==11265== Address 0x4 is not stack'd, malloc'd or (recently) free'd ==11265== ==11265== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1) ==11265== malloc/free: in use at exit: 310,105 bytes in 2,188 blocks. ==11265== malloc/free: 2,326 allocs, 138 frees, 1,468,375 bytes allocated. ==11265== For counts of detected errors, rerun with: -v ==11265== searching for pointers to 2,188 not-freed blocks. ==11265== checked 3,175,992 bytes. ==11265== ==11265== LEAK SUMMARY: ==11265== definitely lost: 2,244 bytes in 5 blocks. ==11265== possibly lost: 0 bytes in 0 blocks. ==11265== still reachable: 307,861 bytes in 2,183 blocks. ==11265== suppressed: 0 bytes in 0 blocks. ==11265== Rerun with --leak-check=full to see details of leaked memory. *This report to inform the error found in Mplayer where it crashes in running test case: 4-mp3audioproblem.mp4 with Stack hash: 4106567837 and back-trace at: lschunks_intrak (demux_mov.c:1800). ***Mplayer Crashed Info*** MPlayer interrupted by signal 11 in module: demux_open - MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash. - MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug. The debugged info of crash can be seen at URL: <http://www.eecs.berkeley.edu/~sckhan/crash5> #The bug is found in making comparison of the fuzzing tools and is a part of the metafuzz project. *URL at: metafuzz.com -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |