You can subscribe to this list here.
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(15) |
Jul
(196) |
Aug
(8) |
Sep
(2) |
Oct
(3) |
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
From: <bug...@bu...> - 2009-11-10 23:10:28
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1239 pat...@gm... changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #1 from pat...@gm... 2009-11-10 23:53 CEST ------- demux_mov is depreciated svn uses demux_lavf for mov now -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2009-09-23 01:09:50
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1204 pat...@gm... changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #2 from pat...@gm... 2009-09-23 02:53 CEST ------- demux_mov is no longer default mov demuxer. closing demux_mov bugs... file works with demuxer lavf (now default) sample url is 404 , can be found at http://samples.mplayerhq.hu/mov/mp4/mp3audioproblem.mp4 -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-10-01 17:08:25
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1147 pat...@gm... changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #4 from pat...@gm... 2008-10-01 19:07 CEST ------- . -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-10-01 17:08:01
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1147 ------- Comment #3 from pat...@gm... 2008-10-01 19:07 CEST ------- demuxer_mov is depreciated and no longer default please test with latest svn and generate new report. -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-10-01 16:45:07
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1153 pat...@gm... changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Comment #2 from pat...@gm... 2008-10-01 18:23 CEST ------- demux_mov is being depreciated, and is no longer the default mov demuxer please try with svn and make new report if so. -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-09-15 13:21:02
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1281 Summary: For this .mp3 file, valgrind reports SyscallParam, UninitValue, UninitCondition. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/664852-199-311034112- result256.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com For this .mp3 file, valgrind reports SyscallParam, UninitValue, UninitCondition. System Info: MPlayer dev-SVN-r27614-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood; Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 199-song0004.mp3. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz tar xzf 664852-199-311034112-result256.tgz valgrind mplayer 199-song0004.mp3 ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==18860== Memcheck, a memory error detector. ==18860== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==18860== Using LibVEX rev 1715, a library for dynamic binary translation. ==18860== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==18860== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==18860== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==18860== For more details, rerun with: -v ==18860== ==18860== My PID = 18860, parent PID = 18859. Prog and args are: ==18860== mplayer ==18860== 199-song0004.mp3 ==18860== ==18860== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s) ==18860== Stack hash: 2542116815 ==18860== at 0x4000792: (within /lib/ld-2.3.6.so) ==18860== Address 0xBEA07878 is on thread 1's stack ==18860== ==18860== Use of uninitialised value of size 4 ==18860== Stack hash: 2849271825 ==18860== at 0x8478A26: huffman_decode (mpegaudiodec.c:1518) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Use of uninitialised value of size 4 ==18860== Stack hash: 4003457328 ==18860== at 0x8478A79: huffman_decode (mpegaudiodec.c:1528) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Use of uninitialised value of size 4 ==18860== Stack hash: 739213402 ==18860== at 0x8478E1B: huffman_decode (mpegaudiodec.c:230) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Use of uninitialised value of size 4 ==18860== Stack hash: 3009911293 ==18860== at 0x8478E22: huffman_decode (mpegaudiodec.c:231) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Conditional jump or move depends on uninitialised value(s) ==18860== Stack hash: 258914135 ==18860== at 0x8478E34: huffman_decode (mpegaudiodec.c:234) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Use of uninitialised value of size 4 ==18860== Stack hash: 233798725 ==18860== at 0x8478DCA: huffman_decode (mpegaudiodec.c:230) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Use of uninitialised value of size 4 ==18860== Stack hash: 2504496616 ==18860== at 0x8478DD1: huffman_decode (mpegaudiodec.c:231) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Conditional jump or move depends on uninitialised value(s) ==18860== Stack hash: 2426539689 ==18860== at 0x8478DDE: huffman_decode (mpegaudiodec.c:234) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Use of uninitialised value of size 4 ==18860== Stack hash: 1662138821 ==18860== at 0x8478D4A: huffman_decode (mpegaudiodec.c:1541) ==18860== by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179) ==18860== by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223) ==18860== by 0x847D128: decode_frame (mpegaudiodec.c:2307) ==18860== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18860== by 0x82649E5: av_find_stream_info (utils.c:1892) ==18860== by 0x81C4B46: demux_open_lavf (demux_lavf.c:475) ==18860== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18860== by 0x811E154: demux_open (demuxer.c:998) ==18860== by 0x8079B7C: main (mplayer.c:3237) ==18860== ==18860== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s) ==18860== Stack hash: 3997929021 ==18860== at 0x4000792: (within /lib/ld-2.3.6.so) ==18860== Address 0xBEA07898 is on thread 1's stack ==18860== ==18860== ERROR SUMMARY: 424 errors from 11 contexts (suppressed: 21 from 1) ==18860== malloc/free: in use at exit: 41,286 bytes in 15 blocks. ==18860== malloc/free: 6,731 allocs, 6,716 frees, 4,267,463 bytes allocated. ==18860== For counts of detected errors, rerun with: -v ==18860== searching for pointers to 15 not-freed blocks. ==18860== checked 3,258,620 bytes. ==18860== ==18860== LEAK SUMMARY: ==18860== definitely lost: 0 bytes in 0 blocks. ==18860== possibly lost: 0 bytes in 0 blocks. ==18860== still reachable: 41,286 bytes in 15 blocks. ==18860== suppressed: 0 bytes in 0 blocks. ==18860== Reachable blocks (those to which a pointer was found) are not shown. ==18860== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-09-15 13:18:10
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1280 Summary: For this .mpg file, valgrind reports Overlap, Leak_DefinitelyLost, SyscallParam, Leak_PossiblyLost, InvalidRead, UninitCondition. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/422552-2608- 1493372757-UninitCondition.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com For this .mpg file, valgrind reports Overlap, Leak_DefinitelyLost, SyscallParam, Leak_PossiblyLost, InvalidRead, UninitCondition. System Info: MPlayer dev-SVN-r27614-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood; Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 2608-charmaineraymond.mpg. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/422552-2608-1493372757-UninitCondition.tgz tar xzf 422552-2608-1493372757-UninitCondition.tgz valgrind mplayer 2608-charmaineraymond.mpg ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==18756== Memcheck, a memory error detector. ==18756== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==18756== Using LibVEX rev 1715, a library for dynamic binary translation. ==18756== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==18756== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==18756== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==18756== For more details, rerun with: -v ==18756== ==18756== My PID = 18756, parent PID = 18755. Prog and args are: ==18756== mplayer ==18756== 2608-charmaineraymond.mpg ==18756== ==18756== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s) ==18756== Stack hash: 2542116815 ==18756== at 0x4000792: (within /lib/ld-2.3.6.so) ==18756== Address 0xBEC60868 is on thread 1's stack ==18756== ==18756== Source and destination overlap in memcpy(0xBEC606E7, 0xBEC606E7, 173) ==18756== Stack hash: 2085754019 ==18756== at 0x401EFF6: memcpy (mc_replace_strmem.c:116) ==18756== by 0x815F9D1: ts_parse (demux_ts.c:3074) ==18756== by 0x815FE38: demux_open_ts (demux_ts.c:664) ==18756== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18756== by 0x811E154: demux_open (demuxer.c:998) ==18756== by 0x8079B7C: main (mplayer.c:3237) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 3867733782 ==18756== at 0x8159D11: ts_add_stream (demux_ts.c:319) ==18756== by 0x816050D: demux_open_ts (demux_ts.c:1039) ==18756== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18756== by 0x811E154: demux_open (demuxer.c:998) ==18756== by 0x8079B7C: main (mplayer.c:3237) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 3882727070 ==18756== at 0x8159D19: ts_add_stream (demux_ts.c:319) ==18756== by 0x816050D: demux_open_ts (demux_ts.c:1039) ==18756== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18756== by 0x811E154: demux_open (demuxer.c:998) ==18756== by 0x8079B7C: main (mplayer.c:3237) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 3897720358 ==18756== at 0x8159D21: ts_add_stream (demux_ts.c:319) ==18756== by 0x816050D: demux_open_ts (demux_ts.c:1039) ==18756== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18756== by 0x811E154: demux_open (demuxer.c:998) ==18756== by 0x8079B7C: main (mplayer.c:3237) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 3912713646 ==18756== at 0x8159D29: ts_add_stream (demux_ts.c:319) ==18756== by 0x816050D: demux_open_ts (demux_ts.c:1039) ==18756== by 0x811DE9C: demux_open_stream (demuxer.c:871) ==18756== by 0x811E154: demux_open (demuxer.c:998) ==18756== by 0x8079B7C: main (mplayer.c:3237) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 2859491456 ==18756== at 0x8159D11: ts_add_stream (demux_ts.c:319) ==18756== by 0x815F42E: ts_parse (demux_ts.c:2812) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== by 0x807A2EE: main (mplayer.c:3582) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 3590580840 ==18756== at 0x8159D19: ts_add_stream (demux_ts.c:319) ==18756== by 0x815F42E: ts_parse (demux_ts.c:2812) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== by 0x807A2EE: main (mplayer.c:3582) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 26702928 ==18756== at 0x8159D21: ts_add_stream (demux_ts.c:319) ==18756== by 0x815F42E: ts_parse (demux_ts.c:2812) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== by 0x807A2EE: main (mplayer.c:3582) ==18756== ==18756== Conditional jump or move depends on uninitialised value(s) ==18756== Stack hash: 757792312 ==18756== at 0x8159D29: ts_add_stream (demux_ts.c:319) ==18756== by 0x815F42E: ts_parse (demux_ts.c:2812) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== by 0x807A2EE: main (mplayer.c:3582) ==18756== ==18756== Invalid read of size 4 ==18756== Stack hash: 252964889 ==18756== at 0x847D079: decode_frame (mpegaudiodec.c:2281) ==18756== by 0x82EC20A: avcodec_decode_audio2 (utils.c:941) ==18756== by 0x81BA528: decode_audio (ad_ffmpeg.c:161) ==18756== by 0x81BA863: init (ad_ffmpeg.c:109) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== by 0x807A2EE: main (mplayer.c:3582) ==18756== Address 0x43AC0D7 is 175 bytes inside a block of size 178 alloc'd ==18756== Stack hash: 1248407724 ==18756== at 0x401D57B: realloc (vg_replace_malloc.c:306) ==18756== by 0x815B9ED: fill_packet (demuxer.h:259) ==18756== by 0x815F0B9: ts_parse (demux_ts.c:2886) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5D5A: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== ==18756== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s) ==18756== Stack hash: 3997929021 ==18756== at 0x4000792: (within /lib/ld-2.3.6.so) ==18756== Address 0xBEC60888 is on thread 1's stack ==18756== ==18756== ERROR SUMMARY: 2008 errors from 12 contexts (suppressed: 21 from 1) ==18756== malloc/free: in use at exit: 312,274 bytes in 108 blocks. ==18756== malloc/free: 2,647 allocs, 2,539 frees, 8,295,407 bytes allocated. ==18756== For counts of detected errors, rerun with: -v ==18756== searching for pointers to 108 not-freed blocks. ==18756== checked 3,258,840 bytes. ==18756== ==18756== ==18756== 5,712 bytes in 84 blocks are definitely lost in loss record 4 of 8 ==18756== Stack hash: 1157530174 ==18756== at 0x401D480: malloc (vg_replace_malloc.c:149) ==18756== by 0x8158BD0: new_pid (demux_ts.c:2098) ==18756== by 0x815D697: ts_parse (demux_ts.c:2693) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== ==18756== ==18756== 199,419 (280 direct, 199,139 indirect) bytes in 5 blocks are definitely lost in loss record 6 of 8 ==18756== Stack hash: 1088359650 ==18756== at 0x401D480: malloc (vg_replace_malloc.c:149) ==18756== by 0x815FA15: ts_parse (demuxer.h:237) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5D5A: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== by 0x807A2EE: main (mplayer.c:3582) ==18756== ==18756== ==18756== 65,865 bytes in 1 blocks are possibly lost in loss record 7 of 8 ==18756== Stack hash: 1339846325 ==18756== at 0x401D480: malloc (vg_replace_malloc.c:149) ==18756== by 0x815F580: ts_parse (demuxer.h:248) ==18756== by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224) ==18756== by 0x811E59C: ds_fill_buffer (demuxer.c:505) ==18756== by 0x811ED47: demux_read_data (demuxer.c:527) ==18756== by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28) ==18756== by 0x81E5D5A: MP3_DecodeFrame (sr1.c:58) ==18756== by 0x81DFEE3: init (ad_mp3lib.c:48) ==18756== by 0x80DBFB0: init_audio (dec_audio.c:95) ==18756== by 0x80DC398: init_best_audio_codec (dec_audio.c:270) ==18756== by 0x8078975: reinit_audio_chain (mplayer.c:1585) ==18756== by 0x807A2EE: main (mplayer.c:3582) ==18756== ==18756== LEAK SUMMARY: ==18756== definitely lost: 5,992 bytes in 89 blocks. ==18756== indirectly lost: 199,139 bytes in 4 blocks. ==18756== possibly lost: 65,865 bytes in 1 blocks. ==18756== still reachable: 41,278 bytes in 14 blocks. ==18756== suppressed: 0 bytes in 0 blocks. ==18756== Reachable blocks (those to which a pointer was found) are not shown. ==18756== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-31 10:10:56
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1264 Summary: For this .mp3 file, valgrind reports UninitValue, UninitCondition. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/664852-199-311034112- result256.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com For this .mp3 file, valgrind reports UninitValue, UninitCondition. System Info: MPlayer dev-SVN-r27496-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood; Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 199-song0004.mp3. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz tar xzf 664852-199-311034112-result256.tgz valgrind mplayer 199-song0004.mp3 ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==1295== Memcheck, a memory error detector. ==1295== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==1295== Using LibVEX rev 1715, a library for dynamic binary translation. ==1295== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==1295== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==1295== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==1295== For more details, rerun with: -v ==1295== ==1295== My PID = 1295, parent PID = 1294. Prog and args are: ==1295== mplayer ==1295== 199-song0004.mp3 ==1295== ==1295== Use of uninitialised value of size 4 ==1295== Stack hash: 1139837953 ==1295== at 0x8474A76: huffman_decode (mpegaudiodec.c:1558) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Use of uninitialised value of size 4 ==1295== Stack hash: 2294023456 ==1295== at 0x8474AC9: huffman_decode (mpegaudiodec.c:1568) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Use of uninitialised value of size 4 ==1295== Stack hash: 3324746826 ==1295== at 0x8474E6B: huffman_decode (mpegaudiodec.c:231) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Use of uninitialised value of size 4 ==1295== Stack hash: 1300477421 ==1295== at 0x8474E72: huffman_decode (mpegaudiodec.c:232) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Conditional jump or move depends on uninitialised value(s) ==1295== Stack hash: 2844447559 ==1295== at 0x8474E84: huffman_decode (mpegaudiodec.c:235) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Use of uninitialised value of size 4 ==1295== Stack hash: 2819332149 ==1295== at 0x8474E1A: huffman_decode (mpegaudiodec.c:231) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Use of uninitialised value of size 4 ==1295== Stack hash: 795062744 ==1295== at 0x8474E21: huffman_decode (mpegaudiodec.c:232) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Conditional jump or move depends on uninitialised value(s) ==1295== Stack hash: 717105817 ==1295== at 0x8474E2E: huffman_decode (mpegaudiodec.c:235) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== Use of uninitialised value of size 4 ==1295== Stack hash: 4247672245 ==1295== at 0x8474D9A: huffman_decode (mpegaudiodec.c:1581) ==1295== by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280) ==1295== by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336) ==1295== by 0x8479178: decode_frame (mpegaudiodec.c:2432) ==1295== by 0x82E883A: avcodec_decode_audio2 (utils.c:955) ==1295== by 0x82618A5: av_find_stream_info (utils.c:1888) ==1295== by 0x81C4906: demux_open_lavf (demux_lavf.c:476) ==1295== by 0x811DCDC: demux_open_stream (demuxer.c:871) ==1295== by 0x811DF94: demux_open (demuxer.c:998) ==1295== by 0x80799BC: main (mplayer.c:3237) ==1295== ==1295== ERROR SUMMARY: 422 errors from 9 contexts (suppressed: 21 from 1) ==1295== malloc/free: in use at exit: 32,908 bytes in 12 blocks. ==1295== malloc/free: 6,463 allocs, 6,451 frees, 4,239,463 bytes allocated. ==1295== For counts of detected errors, rerun with: -v ==1295== searching for pointers to 12 not-freed blocks. ==1295== checked 3,250,212 bytes. ==1295== ==1295== LEAK SUMMARY: ==1295== definitely lost: 0 bytes in 0 blocks. ==1295== possibly lost: 0 bytes in 0 blocks. ==1295== still reachable: 32,908 bytes in 12 blocks. ==1295== suppressed: 0 bytes in 0 blocks. ==1295== Reachable blocks (those to which a pointer was found) are not shown. ==1295== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-07 06:57:57
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1239 Summary: [Crash]For this .mp4 file, valgrind reports Leak_DefinitelyLost, SyscallParam, UninitValue, UninitCondition and Mplayer crashes. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/439815-47-832590519- UninitCondition.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com [Crash]For this .mp4 file, valgrind reports Leak_DefinitelyLost, SyscallParam, UninitValue, UninitCondition and Mplayer crashes. System Info: MPlayer dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 47-innovation.mp4. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/439815-47-832590519-UninitCondition.tgz tar xzf 439815-47-832590519-UninitCondition.tgz valgrind mplayer 47-innovation.mp4 ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==19023== Memcheck, a memory error detector. ==19023== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==19023== Using LibVEX rev 1715, a library for dynamic binary translation. ==19023== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==19023== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==19023== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==19023== For more details, rerun with: -v ==19023== ==19023== My PID = 19023, parent PID = 19022. Prog and args are: ==19023== mplayer ==19023== 47-innovation.mp4 ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3822328633 ==19023== at 0x8137D28: demux_mov_fill_buffer (stream.h:261) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3833573599 ==19023== at 0x8137D2E: demux_mov_fill_buffer (stream.h:261) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 380104592 ==19023== at 0x8137EEF: demux_mov_fill_buffer (stream.h:261) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3886050107 ==19023== at 0x8137D4A: demux_mov_fill_buffer (stream.h:263) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 2585262378 ==19023== at 0x81703FA: stream_seek_long (stream.c:310) ==19023== by 0x8137F07: demux_mov_fill_buffer (stream.h:270) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Syscall param llseek(offset_high) contains uninitialised byte(s) ==19023== Stack hash: 3253502438 ==19023== at 0x4000792: (within /lib/ld-2.3.6.so) ==19023== ==19023== Syscall param llseek(offset_low) contains uninitialised byte(s) ==19023== Stack hash: 3253502438 ==19023== at 0x4000792: (within /lib/ld-2.3.6.so) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 513659744 ==19023== at 0x8170458: stream_seek_long (stream.c:357) ==19023== by 0x8137F07: demux_mov_fill_buffer (stream.h:270) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1761850970 ==19023== at 0x817046A: stream_seek_long (stream.c:358) ==19023== by 0x8137F07: demux_mov_fill_buffer (stream.h:270) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1900538884 ==19023== at 0x817046C: stream_seek_long (stream.c:358) ==19023== by 0x8137F07: demux_mov_fill_buffer (stream.h:270) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 2247258669 ==19023== at 0x8170471: stream_seek_long (stream.c:358) ==19023== by 0x8137F07: demux_mov_fill_buffer (stream.h:270) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 4253982527 ==19023== at 0x811B29E: ds_read_packet (stream.h:212) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 648096763 ==19023== at 0x811B26A: ds_read_packet (stream.h:216) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1791112796 ==19023== at 0x401EF8C: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3407813997 ==19023== at 0x401EF95: memcpy (mc_replace_strmem.c:77) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1453493738 ==19023== at 0x401EFAA: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 496906407 ==19023== at 0x401EFFF: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 271827035 ==19023== at 0x401F013: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Use of uninitialised value of size 4 ==19023== Stack hash: 3561499280 ==19023== at 0x401F020: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Use of uninitialised value of size 4 ==19023== Stack hash: 1775988550 ==19023== at 0x401F026: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 2274855014 ==19023== at 0x401F046: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3947826058 ==19023== at 0x401F04A: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3352511086 ==19023== at 0x811B291: ds_read_packet (stream.h:209) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1880966113 ==19023== at 0x401F069: memcpy (mc_replace_strmem.c:406) ==19023== by 0x811B28B: ds_read_packet (stream.h:218) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 2113035936 ==19023== at 0x811B2FB: ds_read_packet (demuxer.h:257) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3782830879 ==19023== at 0x401D514: realloc (vg_replace_malloc.c:306) ==19023== by 0x811B31A: ds_read_packet (demuxer.h:259) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Use of uninitialised value of size 4 ==19023== Stack hash: 1631986275 ==19023== at 0x811B332: ds_read_packet (demuxer.h:268) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811CF8C: ds_fill_buffer (demuxer.c:505) ==19023== by 0x811D6A7: ds_get_packet (demuxer.c:609) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 860864095 ==19023== at 0x816B479: video_read_frame (video.c:548) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1507313771 ==19023== at 0x811AD67: ds_get_next_pts (demuxer.c:668) ==19023== by 0x816B2B2: video_read_frame (video.c:573) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1375396216 ==19023== at 0x8137D28: demux_mov_fill_buffer (stream.h:261) ==19023== by 0x811AD74: ds_get_next_pts (demuxer.c:675) ==19023== by 0x816B2B2: video_read_frame (video.c:573) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1375700134 ==19023== at 0x8137D2E: demux_mov_fill_buffer (stream.h:261) ==19023== by 0x811AD74: ds_get_next_pts (demuxer.c:675) ==19023== by 0x816B2B2: video_read_frame (video.c:573) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1398443331 ==19023== at 0x8137EEF: demux_mov_fill_buffer (stream.h:261) ==19023== by 0x811AD74: ds_get_next_pts (demuxer.c:675) ==19023== by 0x816B2B2: video_read_frame (video.c:573) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1377118418 ==19023== at 0x8137D4A: demux_mov_fill_buffer (stream.h:263) ==19023== by 0x811AD74: ds_get_next_pts (demuxer.c:675) ==19023== by 0x816B2B2: video_read_frame (video.c:573) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 181160021 ==19023== at 0x81703FA: stream_seek_long (stream.c:310) ==19023== by 0x8137F07: demux_mov_fill_buffer (stream.h:270) ==19023== by 0x811AD74: ds_get_next_pts (demuxer.c:675) ==19023== by 0x816B2B2: video_read_frame (video.c:573) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 134719719 ==19023== at 0x807A8E7: main (mplayer.c:2273) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 2180561200 ==19023== at 0x8196CC2: decode (vd_ffmpeg.c:740) ==19023== by 0x80DB02A: decode_video (dec_video.c:369) ==19023== by 0x807A9AC: main (mplayer.c:2292) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 943682454 ==19023== at 0x82E5382: avcodec_decode_video (utils.c:913) ==19023== by 0x8196DCE: decode (vd_ffmpeg.c:781) ==19023== by 0x80DB02A: decode_video (dec_video.c:369) ==19023== by 0x807A9AC: main (mplayer.c:2292) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1722205693 ==19023== at 0x844C528: decode_frame (h264.c:7550) ==19023== by 0x82E53CD: avcodec_decode_video (utils.c:914) ==19023== by 0x8196DCE: decode (vd_ffmpeg.c:781) ==19023== by 0x80DB02A: decode_video (dec_video.c:369) ==19023== by 0x807A9AC: main (mplayer.c:2292) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 361720728 ==19023== at 0x844AEE0: decode_nal_units (h264.c:7371) ==19023== by 0x844C613: decode_frame (h264.c:7620) ==19023== by 0x82E53CD: avcodec_decode_video (utils.c:914) ==19023== by 0x8196DCE: decode (vd_ffmpeg.c:781) ==19023== by 0x80DB02A: decode_video (dec_video.c:369) ==19023== by 0x807A9AC: main (mplayer.c:2292) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3486556831 ==19023== at 0x844AF4B: decode_nal_units (h264.c:7375) ==19023== by 0x844C613: decode_frame (h264.c:7620) ==19023== by 0x82E53CD: avcodec_decode_video (utils.c:914) ==19023== by 0x8196DCE: decode (vd_ffmpeg.c:781) ==19023== by 0x80DB02A: decode_video (dec_video.c:369) ==19023== by 0x807A9AC: main (mplayer.c:2292) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 1521743253 ==19023== at 0x811D687: ds_get_packet (demuxer.c:608) ==19023== by 0x816B474: video_read_frame (video.c:547) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== Warning: set address range perms: large range 268436229 (undefined) ==19023== Warning: set address range perms: large range 268436261 (noaccess) ==19023== Warning: set address range perms: large range 134217927 (undefined) ==19023== Warning: set address range perms: large range 134217959 (noaccess) ==19023== Warning: set address range perms: large range 134217994 (undefined) ==19023== Warning: set address range perms: large range 134218026 (noaccess) ==19023== Warning: set address range perms: large range 1073742982 (undefined) ==19023== Warning: set address range perms: large range 134219486 (undefined) ==19023== Warning: set address range perms: large range 134219518 (noaccess) ==19023== Warning: set address range perms: large range 268437584 (undefined) ==19023== Warning: set address range perms: large range 268437616 (noaccess) ==19023== Warning: set address range perms: large range 268436062 (undefined) ==19023== Warning: set address range perms: large range 268436094 (noaccess) ==19023== Warning: set address range perms: large range 1073742646 (undefined) ==19023== Warning: set address range perms: large range 1073743354 (undefined) ==19023== Warning: set address range perms: large range 536872294 (undefined) ==19023== Warning: set address range perms: large range 536872326 (noaccess) ==19023== Warning: set address range perms: large range 1073742521 (undefined) ==19023== Warning: set address range perms: large range 268435934 (undefined) ==19023== Warning: set address range perms: large range 268435966 (noaccess) ==19023== Warning: set address range perms: large range 536871658 (undefined) ==19023== Warning: set address range perms: large range 536871690 (noaccess) ==19023== Warning: set address range perms: large range 536871722 (undefined) ==19023== Warning: set address range perms: large range 536871754 (noaccess) ==19023== Warning: set address range perms: large range 268438055 (undefined) ==19023== Warning: set address range perms: large range 268438087 (noaccess) ==19023== Warning: set address range perms: large range 268436480 (undefined) ==19023== Warning: set address range perms: large range 268436512 (noaccess) ==19023== Warning: set address range perms: large range 135267840 (undefined) ==19023== Warning: set address range perms: large range 135267872 (noaccess) ==19023== Warning: set address range perms: large range 134218838 (undefined) ==19023== Warning: set address range perms: large range 134218870 (noaccess) ==19023== Warning: set address range perms: large range 536871479 (undefined) ==19023== Warning: set address range perms: large range 536871511 (noaccess) ==19023== Warning: set address range perms: large range 134218184 (undefined) ==19023== Warning: set address range perms: large range 134218216 (noaccess) ==19023== Warning: set address range perms: large range 268436308 (undefined) ==19023== Warning: set address range perms: large range 268436340 (noaccess) ==19023== Warning: set address range perms: large range 268436001 (undefined) ==19023== Warning: set address range perms: large range 268436033 (noaccess) ==19023== Warning: set address range perms: large range 536871639 (undefined) ==19023== Warning: set address range perms: large range 536871671 (noaccess) ==19023== Warning: set address range perms: large range 134218304 (undefined) ==19023== Warning: set address range perms: large range 134218336 (noaccess) ==19023== Warning: set address range perms: large range 268436222 (undefined) ==19023== Warning: set address range perms: large range 268436254 (noaccess) ==19023== Warning: set address range perms: large range 134218720 (undefined) ==19023== Warning: set address range perms: large range 134218752 (noaccess) ==19023== Warning: set address range perms: large range 134218802 (undefined) ==19023== Warning: set address range perms: large range 134218834 (noaccess) ==19023== Warning: set address range perms: large range 536872018 (undefined) ==19023== Warning: set address range perms: large range 536872050 (noaccess) ==19023== Warning: set address range perms: large range 1073742628 (undefined) ==19023== Warning: set address range perms: large range 536871349 (undefined) ==19023== Warning: set address range perms: large range 536871381 (noaccess) ==19023== Warning: set address range perms: large range 536872437 (undefined) ==19023== Warning: set address range perms: large range 536872469 (noaccess) ==19023== Warning: set address range perms: large range 1073743121 (undefined) ==19023== Warning: set address range perms: large range 268436297 (undefined) ==19023== Warning: set address range perms: large range 268436329 (noaccess) ==19023== Warning: set address range perms: large range 268436426 (undefined) ==19023== Warning: set address range perms: large range 268436458 (noaccess) ==19023== Warning: set address range perms: large range 1073741894 (undefined) ==19023== Warning: set address range perms: large range 536874228 (undefined) ==19023== Warning: set address range perms: large range 536874260 (noaccess) ==19023== Warning: set address range perms: large range 134218823 (undefined) ==19023== Warning: set address range perms: large range 134218855 (noaccess) ==19023== Warning: set address range perms: large range 536872459 (undefined) ==19023== Warning: set address range perms: large range 536872491 (noaccess) ==19023== Warning: set address range perms: large range 536870981 (undefined) ==19023== Warning: set address range perms: large range 536871013 (noaccess) ==19023== Warning: set address range perms: large range 134219827 (undefined) ==19023== Warning: set address range perms: large range 134219859 (noaccess) ==19023== Warning: set address range perms: large range 1073742106 (undefined) ==19023== Warning: set address range perms: large range 134219233 (undefined) ==19023== Warning: set address range perms: large range 134219265 (noaccess) ==19023== Warning: set address range perms: large range 1073743033 (undefined) ==19023== Warning: set address range perms: large range 268444198 (undefined) ==19023== Warning: set address range perms: large range 268444230 (noaccess) ==19023== Warning: set address range perms: large range 134218579 (undefined) ==19023== Warning: set address range perms: large range 134218611 (noaccess) ==19023== Warning: set address range perms: large range 536871398 (undefined) ==19023== Warning: set address range perms: large range 536871430 (noaccess) ==19023== Warning: set address range perms: large range 134744108 (undefined) ==19023== Warning: set address range perms: large range 134744140 (noaccess) ==19023== Warning: set address range perms: large range 268697838 (undefined) ==19023== Warning: set address range perms: large range 268697870 (noaccess) ==19023== Warning: set address range perms: large range 536876229 (undefined) ==19023== Warning: set address range perms: large range 536876261 (noaccess) ==19023== ==19023== Conditional jump or move depends on uninitialised value(s) ==19023== Stack hash: 3948087950 ==19023== at 0x811B226: ds_read_packet (demuxer.h:248) ==19023== by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176) ==19023== by 0x811AD74: ds_get_next_pts (demuxer.c:675) ==19023== by 0x816B2B2: video_read_frame (video.c:573) ==19023== by 0x807A8E2: main (mplayer.c:2262) ==19023== ==19023== ERROR SUMMARY: 1394567 errors from 42 contexts (suppressed: 21 from 1) ==19023== malloc/free: in use at exit: 33,091 bytes in 20 blocks. ==19023== malloc/free: 32,034 allocs, 32,012 frees, 2,552,148,160 bytes allocated. ==19023== For counts of detected errors, rerun with: -v ==19023== searching for pointers to 20 not-freed blocks. ==19023== checked 2,951,708 bytes. ==19023== ==19023== ==19023== 20 bytes in 2 blocks are definitely lost in loss record 5 of 11 ==19023== Stack hash: 1420098800 ==19023== at 0x401C6AB: memalign (vg_replace_malloc.c:332) ==19023== by 0x853D894: av_malloc (mem.c:61) ==19023== by 0x853D8D7: av_strdup (mem.c:145) ==19023== by 0x82E5F2A: avcodec_get_context_defaults2 (utils.c:761) ==19023== by 0x82E5FF9: avcodec_alloc_context2 (utils.c:780) ==19023== by 0x82E6021: avcodec_alloc_context (utils.c:790) ==19023== by 0x825C66F: av_new_stream (utils.c:2261) ==19023== by 0x828A65F: mov_read_trak (mov.c:1294) ==19023== by 0x8289058: mov_read_default (mov.c:215) ==19023== by 0x828925B: mov_read_moov (mov.c:455) ==19023== by 0x8289058: mov_read_default (mov.c:215) ==19023== by 0x828C8F5: mov_read_header (mov.c:1810) ==19023== ==19023== LEAK SUMMARY: ==19023== definitely lost: 20 bytes in 2 blocks. ==19023== possibly lost: 0 bytes in 0 blocks. ==19023== still reachable: 33,071 bytes in 18 blocks. ==19023== suppressed: 0 bytes in 0 blocks. ==19023== Reachable blocks (those to which a pointer was found) are not shown. ==19023== To see them, rerun with: --leak-check=full --show-reachable=yes MPlayer interrupted by signal 2 in module: sleep_timer _________________________________________________________________ gdb Backtrace Using host libthread_db library /lib/tls/i686/cmov/libthread_db.so.1. /home/user/bug_report/core: No such file or directory. [Thread debugging using libthread_db enabled] [New Thread -1209972064 (LWP 20064)] MPlayer dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team CPU: Dual-Core AMD Opteron(tm) Processor 2218 HE (Family: 15, Model: 65, Stepping: 3) CPUflags: MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 get_path('codecs.conf') -> '/root/.mplayer/codecs.conf' Reading /root/.mplayer/codecs.conf: Can't open '/root/.mplayer/codecs.conf': No such file or directory Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory Using built-in default codecs.conf. Configuration: --enable-debug=3 CommandLine: '-v' '47-innovation.mp4' get_path('font/font.desc') -> '/root/.mplayer/font/font.desc' font: can't open file: /root/.mplayer/font/font.desc font: can't open file: /usr/local/share/mplayer/font/font.desc Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay Using nanosleep() timing get_path('input.conf') -> '/root/.mplayer/input.conf' Can't open input config file /root/.mplayer/input.conf: No such file or directory Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory Falling back on default (hardcoded) input config get_path('47-innovation.mp4.conf') -> '/root/.mplayer/47-innovation.mp4.conf' Playing 47-innovation.mp4. get_path('sub/') -> '/root/.mplayer/sub/' [file] File size is 5072382 bytes STREAM: [file] 47-innovation.mp4 STREAM: Description: File STREAM: Author: Albeu STREAM: Comment: based on the code from ??? (probably Arpi) LAVF_check: QuickTime/MPEG-4/Motion JPEG 2000 format libavformat file format detected. [mov,mp4,m4a,3gp,3g2,mj2 @ 0x8a044a0]Could not find codec parameters (Data: 0x0000) [mov,mp4,m4a,3gp,3g2,mj2 @ 0x8a044a0]Could not find codec parameters (Video: h264) LAVF_header: av_find_stream_info() failed Checking for YUV4MPEG2 ASF_check: not ASF guid! Checking for NuppelVideo Checking for REAL Checking for SMJPEG Checking for Nullsoft Streaming Video Checking for MOV ISO: File Type Major Brand: ISO/IEC 14496-1 (MPEG-4 system) v2 ISO: File Type Minor Version: 262144 ISO: File Type Compatible Brand #0: mp42 ISO: File Type Compatible Brand #1: iso- MOV: Movie DATA found! MOV: Movie header found! Quicktime/MOV file format detected. MOV: Movie header (100 bytes): tscale=856 dur=2611200 MOV: unknown chunk: iods 13 -------------- MOV: Track #0: MOV: Track header! tkhd len=84 ver=0 flags=0x8 id=101 dur=1073877824 lay=8192 vol=256 MOV: unknown chunk: mdi! 18176 MOV track #0: 0 chunks, 0 samples pts=0 scale=0 time= nan *** constant samplesize -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-07 01:27:58
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1238 Summary: For this .wma file, valgrind reports Leak_DefinitelyLost. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/876901-113-3049269950- Leak_PossiblyLost.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com For this .wma file, valgrind reports Leak_DefinitelyLost. System Info: MPlayer dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 113-IWontCry.wma. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/876901-113-3049269950-Leak_PossiblyLost.tgz tar xzf 876901-113-3049269950-Leak_PossiblyLost.tgz valgrind mplayer 113-IWontCry.wma ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==28724== Memcheck, a memory error detector. ==28724== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==28724== Using LibVEX rev 1715, a library for dynamic binary translation. ==28724== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==28724== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==28724== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==28724== For more details, rerun with: -v ==28724== ==28724== My PID = 28724, parent PID = 28723. Prog and args are: ==28724== mplayer ==28724== 113-IWontCry.wma ==28724== ==28724== ==28724== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 21 from 1) ==28724== malloc/free: in use at exit: 35,912 bytes in 13 blocks. ==28724== malloc/free: 2,675 allocs, 2,662 frees, 2,091,398 bytes allocated. ==28724== For counts of detected errors, rerun with: -v ==28724== searching for pointers to 13 not-freed blocks. ==28724== checked 2,951,504 bytes. ==28724== ==28724== 3,004 bytes in 1 blocks are definitely lost in loss record 5 of 6 ==28724== Stack hash: 3370902398 ==28724== at 0x401D480: malloc (vg_replace_malloc.c:149) ==28724== by 0x8114062: read_asf_header (asfheader.c:518) ==28724== by 0x811FDF3: demux_open_asf (demux_asf.c:619) ==28724== by 0x811C75D: demux_open_stream (demuxer.c:818) ==28724== by 0x811CB44: demux_open (demuxer.c:998) ==28724== by 0x8078DCC: main (mplayer.c:3237) ==28724== ==28724== LEAK SUMMARY: ==28724== definitely lost: 3,004 bytes in 1 blocks. ==28724== possibly lost: 0 bytes in 0 blocks. ==28724== still reachable: 32,908 bytes in 12 blocks. ==28724== suppressed: 0 bytes in 0 blocks. ==28724== Reachable blocks (those to which a pointer was found) are not shown. ==28724== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-07 01:04:42
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1236 Summary: For this .asf file, valgrind reports Leak_DefinitelyLost, UninitValue, UninitCondition. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/857208-9-2042535168- UninitCondition.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com%A¯or this .asf file, valgrind reports Leak_DefinitelyLost, UninitValue, UninitCondition.%A%ASystem Info: %A%AMPlayer dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team¬PU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7)¬PUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1¬ompiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2%A%APlaying 9-nice.asf.%A%A##############################################################%A%Ato reproduce:%Awget http://www.metafuzz.com/testcases/857208-9-2042535168-UninitCondition.tgz%Atar xzf 857208-9-2042535168-UninitCondition.tgz%Avalgrind mplayer 9-nice.asf%A%A::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::%A%A==26826== Memcheck, a memory error detector.%A==26826== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.%A==26826== Using LibVEX rev 1715, a library for dynamic binary translation.%A==26826== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.%A==26826== Using valgrind-3.2.2, a dynamic binary instrumentation framework.%A==26826== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.%A==26826== For more details, rerun with: -v%A==26826== %A==26826== My PID = 26826, parent PID = 26825. Prog and args are:%A==26826== mplayer%A==26826== 9-nice.asf%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1068695994%A==26826== at 0x84DE7E8: vc1_decode_p_block (vc1.c:3014)%A==26826== by 0x84E5E6A: vc1_decode_p_blocks (vc1.c:3227)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 956156308%A==26826== at 0x84DE7F2: vc1_decode_p_block (vc1.c:3016)%A==26826== by 0x84E5E6A: vc1_decode_p_blocks (vc1.c:3227)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 4188412642%A==26826== at 0x84E5B7A: vc1_decode_p_blocks (vc1.c:3209)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 729930868%A==26826== at 0x84E5BC4: vc1_decode_p_blocks (vc1.c:3211)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1754831215%A==26826== at 0x84DE975: vc1_decode_p_block (vc1.c:3038)%A==26826== by 0x84E5E6A: vc1_decode_p_blocks (vc1.c:3227)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 2487231333%A==26826== at 0x84DE4BB: vc1_decode_p_block (vc1.c:3065)%A==26826== by 0x84E5E6A: vc1_decode_p_blocks (vc1.c:3227)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1417212157%A==26826== at 0x84DE993: vc1_decode_p_block (vc1.c:3040)%A==26826== by 0x84E5E6A: vc1_decode_p_blocks (vc1.c:3227)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 3038140499%A==26826== at 0x84DE739: vc1_decode_p_block (vc1.c:3088)%A==26826== by 0x84E5E6A: vc1_decode_p_blocks (vc1.c:3227)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 3104288256%A==26826== at 0x84E5520: vc1_decode_p_blocks (bitstream.h:856)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 449350955%A==26826== at 0x84E671F: vc1_decode_p_blocks (vc1.c:1785)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 3170812779%A==26826== at 0x84E645F: vc1_decode_p_blocks (bitstream.h:856)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 3448188607%A==26826== at 0x84E6463: vc1_decode_p_blocks (bitstream.h:856)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 303485569%A==26826== at 0x84E761D: vc1_decode_p_blocks (bitstream.h:856)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 1403888154%A==26826== at 0x84E71D2: vc1_decode_p_blocks (bitstream.h:856)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 2945145654%A==26826== at 0x84DAC7C: vc1_mc_1mv (common.h:201)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 41800187%A==26826== at 0x84DAC99: vc1_mc_1mv (common.h:201)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 4055418268%A==26826== at 0x84DACB2: vc1_mc_1mv (common.h:201)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 3830338896%A==26826== at 0x84DACC6: vc1_mc_1mv (common.h:201)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1932288480%A==26826== at 0x84DACD6: vc1_mc_1mv (common.h:202)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1249488241%A==26826== at 0x84DAD5F: vc1_mc_1mv (vc1.c:523)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 855599340%A==26826== at 0x84DAD82: vc1_mc_1mv (vc1.c:523)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 4137709462%A==26826== at 0x84DADDC: vc1_mc_1mv (vc1.c:592)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 2677439928%A==26826== at 0x82E8C1C: put_pixels16_x2_mmx2 (dsputil_mmx_avg.h:342)%A==26826== by 0x84DADE2: vc1_mc_1mv (vc1.c:592)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1255616841%A==26826== at 0x82FF4E3: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:35)%A==26826== by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 3288001153%A==26826== at 0x82FF4FB: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:43)%A==26826== by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 1103014914%A==26826== at 0x82FF640: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826== by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 2430804777%A==26826== at 0x82FF643: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826== by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 3258644820%A==26826== at 0x82FF4E3: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:35)%A==26826== by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 996061836%A==26826== at 0x82FF4FB: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:43)%A==26826== by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 3106042893%A==26826== at 0x82FF640: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826== by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 138865460%A==26826== at 0x82FF643: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826== by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1056014416%A==26826== at 0x84E6630: vc1_decode_p_blocks (vc1.c:1756)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 3691084782%A==26826== at 0x84E6656: vc1_decode_p_blocks (vc1.c:1757)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1456184610%A==26826== at 0x84E74BA: vc1_decode_p_blocks (vc1.c:1771)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 2830211964%A==26826== at 0x82E97F0: put_pixels16_mmx (dsputil_mmx.c:385)%A==26826== by 0x84DADE2: vc1_mc_1mv (vc1.c:592)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 249876186%A==26826== at 0x82E9790: put_pixels8_mmx (dsputil_mmx.c:359)%A==26826== by 0x82FF6A8: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:37)%A==26826== by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 2252904165%A==26826== at 0x82E9790: put_pixels8_mmx (dsputil_mmx.c:359)%A==26826== by 0x82FF6A8: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:37)%A==26826== by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1807262433%A==26826== at 0x84E74FD: vc1_decode_p_blocks (vc1.c:1784)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 614620704%A==26826== at 0x82FF556: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:122)%A==26826== by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 3171000672%A==26826== at 0x82FF596: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:148)%A==26826== by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 2617648683%A==26826== at 0x82FF556: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:122)%A==26826== by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 879061355%A==26826== at 0x82FF596: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:148)%A==26826== by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826== by 0x84E6E92: vc1_decode_p_blocks (vc1.c:3172)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 2860622779%A==26826== at 0x84E4B6F: vc1_decode_p_blocks (vc1.c:1756)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 3012384807%A==26826== at 0x84E4C2B: vc1_decode_p_blocks (vc1.c:1771)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1763682053%A==26826== at 0x84E7291: vc1_decode_p_blocks (vc1.c:1784)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 314560203%A==26826== at 0x84DAC7C: vc1_mc_1mv (common.h:201)%A==26826== by 0x84E4453: vc1_decode_p_blocks (vc1.c:3244)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 1424832817%A==26826== at 0x84DACB2: vc1_mc_1mv (common.h:201)%A==26826== by 0x84E4453: vc1_decode_p_blocks (vc1.c:3244)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on uninitialised value(s)%A==26826== Stack hash: 2913870086%A==26826== at 0x84DAD5F: vc1_mc_1mv (vc1.c:523)%A==26826== by 0x84E4453: vc1_decode_p_blocks (vc1.c:3244)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size 4%A==26826== Stack hash: 1507124011%A==26826== at 0x84DADDC: vc1_mc_1mv (vc1.c:592)%A==26826== by 0x84E4453: vc1_decode_p_blocks (vc1.c:3244)%A==26826== by 0x84E8C8A: vc1_decode_frame (vc1.c:3918)%A==26826== by 0x82E53CD: avcodec_decode_video (utils.c:914)%A==26826== by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826== by 0x80DB02A: decode_video (dec_video.c:369)%A==26826== by 0x8079ACD: main (mplayer.c:1761)%A==26826== %AMore than 50 errors detected, the rest will be ignored%A%A==26826== ERROR SUMMARY: 16918 errors from 115 contexts (suppressed: 21 from 1)%A==26826== malloc/free: in use at exit: 426,584 bytes in 134 blocks.%A==26826== malloc/free: 3,802 allocs, 3,668 frees, 4,453,253 bytes allocated.%A==26826== For counts of detected errors, rerun with: -v%A==26826== searching for pointers to 134 not-freed blocks.%A==26826== checked 3,231,952 bytes.%A==26826== %A==26826== %A==26826== 10 bytes in 1 blocks are definitely lost in loss record 4 of 16%A==26826== Stack hash: 122745447%A==26826== at 0x401C6AB: memalign (vg_replace_malloc.c:332)%A==26826== by 0x853D894: av_malloc (mem.c:61)%A==26826== by 0x853D8D7: av_strdup (mem.c:145)%A==26826== by 0x82E5F2A: avcodec_get_context_defaults2 (utils.c:761)%A==26826== by 0x82E5FF9: avcodec_alloc_context2 (utils.c:780)%A==26826== by 0x82E6021: avcodec_alloc_context (utils.c:790)%A==26826== by 0x825C66F: av_new_stream (utils.c:2261)%A==26826== by 0x8266A41: asf_read_header (asf.c:208)%A==26826== by 0x825E11F: av_open_input_stream (utils.c:416)%A==26826== by 0x81A0A4A: demux_open_lavf (demux_lavf.c:459)%A==26826== by 0x811C88C: demux_open_stream (demuxer.c:871)%A==26826== by 0x811CB44: demux_open (demuxer.c:998)%A==26826== %A==26826== %A==26826== 16 bytes in 2 blocks are definitely lost in loss record 6 of 16%A==26826== Stack hash: 3290393404%A==26826== at 0x401D480: malloc (vg_replace_malloc.c:149)%A==26826== by 0x821AE75: Setup_LDT_Keeper (ldt_keeper.c:205)%A==26826== by 0x82322C1: DMO_VideoDecoder_Open (DMO_VideoDecoder.c:98)%A==26826== by 0x8228CDE: init (vd_dmo.c:32)%A==26826== by 0x80DB772: init_video (dec_video.c:264)%A==26826== by 0x80DB9A8: init_best_video_codec (dec_video.c:315)%A==26826== by 0x80777F3: reinit_video_chain (mplayer.c:2211)%A==26826== by 0x807945B: main (mplayer.c:3536)%A==26826== %A==26826== %A==26826== 1,136 (664 direct, 472 indirect) bytes in 2 blocks are definitely lost in loss record 13 of 16%A==26826== Stack hash: 3058604448%A==26826== at 0x401D480: malloc (vg_replace_malloc.c:149)%A==26826== by 0x823227E: DMO_VideoDecoder_Open (DMO_VideoDecoder.c:90)%A==26826== by 0x8228CDE: init (vd_dmo.c:32)%A==26826== by 0x80DB772: init_video (dec_video.c:264)%A==26826== by 0x80DB9A8: init_best_video_codec (dec_video.c:315)%A==26826== by 0x80777F3: reinit_video_chain (mplayer.c:2211)%A==26826== by 0x807945B: main (mplayer.c:3536)%A==26826== %A==26826== LEAK SUMMARY:%A==26826== definitely lost: 690 bytes in 5 blocks.%A==26826== indirectly lost: 472 bytes in 6 blocks.%A==26826== possibly lost: 0 bytes in 0 blocks.%A==26826== still reachable: 425,422 bytes in 123 blocks.%A==26826== suppressed: 0 bytes in 0 blocks.%A==26826== Reachable blocks (those to which a pointer was found) are not shown.%A==26826== To see them, rerun with: --leak-check=full --show-reachable=yes%A -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-06 20:33:16
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1235 Summary: For this .mp3 file, valgrind reports InvalidRead, UninitCondition. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/373907-0-4003270842- SyscallParam.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com For this .mp3 file, valgrind reports InvalidRead, UninitCondition. System Info: MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 21.mp3. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/373907-0-4003270842-SyscallParam.tgz tar xzf 373907-0-4003270842-SyscallParam.tgz valgrind mplayer 21.mp3 ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==5323== Memcheck, a memory error detector. ==5323== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==5323== Using LibVEX rev 1715, a library for dynamic binary translation. ==5323== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==5323== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==5323== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==5323== For more details, rerun with: -v ==5323== ==5323== My PID = 5323, parent PID = 5322. Prog and args are: ==5323== mplayer ==5323== 21.mp3 ==5323== ==5323== Conditional jump or move depends on uninitialised value(s) ==5323== Stack hash: 4126823808 ==5323== at 0x400A65C: (within /lib/ld-2.7.so) ==5323== by 0x4003125: (within /lib/ld-2.7.so) ==5323== by 0x40138EC: (within /lib/ld-2.7.so) ==5323== by 0x4000C3D: (within /lib/ld-2.7.so) ==5323== by 0x4000816: (within /lib/ld-2.7.so) ==5323== ==5323== Conditional jump or move depends on uninitialised value(s) ==5323== Stack hash: 4228028502 ==5323== at 0x400A692: (within /lib/ld-2.7.so) ==5323== by 0x4003125: (within /lib/ld-2.7.so) ==5323== by 0x40138EC: (within /lib/ld-2.7.so) ==5323== by 0x4000C3D: (within /lib/ld-2.7.so) ==5323== by 0x4000816: (within /lib/ld-2.7.so) ==5323== ==5323== Conditional jump or move depends on uninitialised value(s) ==5323== Stack hash: 936347057 ==5323== at 0x400B19D: (within /lib/ld-2.7.so) ==5323== by 0x4003125: (within /lib/ld-2.7.so) ==5323== by 0x40138EC: (within /lib/ld-2.7.so) ==5323== by 0x4000C3D: (within /lib/ld-2.7.so) ==5323== by 0x4000816: (within /lib/ld-2.7.so) ==5323== ==5323== Conditional jump or move depends on uninitialised value(s) ==5323== Stack hash: 3629006124 ==5323== at 0x400A542: (within /lib/ld-2.7.so) ==5323== by 0x4003383: (within /lib/ld-2.7.so) ==5323== by 0x40138EC: (within /lib/ld-2.7.so) ==5323== by 0x4000C3D: (within /lib/ld-2.7.so) ==5323== by 0x4000816: (within /lib/ld-2.7.so) ==5323== ==5323== Conditional jump or move depends on uninitialised value(s) ==5323== Stack hash: 3643999412 ==5323== at 0x400A54A: (within /lib/ld-2.7.so) ==5323== by 0x4003383: (within /lib/ld-2.7.so) ==5323== by 0x40138EC: (within /lib/ld-2.7.so) ==5323== by 0x4000C3D: (within /lib/ld-2.7.so) ==5323== by 0x4000816: (within /lib/ld-2.7.so) ==5323== ==5323== Conditional jump or move depends on uninitialised value(s) ==5323== Stack hash: 4258724220 ==5323== at 0x400A692: (within /lib/ld-2.7.so) ==5323== by 0x4003383: (within /lib/ld-2.7.so) ==5323== by 0x40138EC: (within /lib/ld-2.7.so) ==5323== by 0x4000C3D: (within /lib/ld-2.7.so) ==5323== by 0x4000816: (within /lib/ld-2.7.so) ==5323== ==5323== Invalid read of size 4 ==5323== Stack hash: 1364543850 ==5323== at 0x417FBC4: (within /lib/libc-2.7.so) ==5323== Address 0x10 is not stack'd, malloc'd or (recently) free'd ==5323== ==5323== Process terminating with default action of signal 11 (SIGSEGV) ==5323== Access not within mapped region at address 0x10 ==5323== Stack hash: 1364543850 ==5323== at 0x417FBC4: (within /lib/libc-2.7.so) ==5323== ==5323== ERROR SUMMARY: 20 errors from 7 contexts (suppressed: 0 from 0) ==5323== malloc/free: in use at exit: 33,644 bytes in 21 blocks. ==5323== malloc/free: 3,379 allocs, 3,358 frees, 1,598,202 bytes allocated. ==5323== For counts of detected errors, rerun with: -v ==5323== searching for pointers to 21 not-freed blocks. ==5323== checked 2,952,256 bytes. ==5323== ==5323== LEAK SUMMARY: ==5323== definitely lost: 0 bytes in 0 blocks. ==5323== possibly lost: 0 bytes in 0 blocks. ==5323== still reachable: 33,644 bytes in 21 blocks. ==5323== suppressed: 0 bytes in 0 blocks. ==5323== Reachable blocks (those to which a pointer was found) are not shown. ==5323== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-06 10:05:02
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1234 Summary: [Crash]For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition, and Mplayer crashe. Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/378068-32-1292935739- SyscallParam.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the metafuzz project, see http://www.metafuzz.com [Crash]For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition, and Mplayer crashe. System Info: MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 32-in_the_end.mp3. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/378068-32-1292935739-SyscallParam.tgz tar xzf 378068-32-1292935739-SyscallParam.tgz valgrind mplayer 32-in_the_end.mp3 ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==4342== Memcheck, a memory error detector. ==4342== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==4342== Using LibVEX rev 1715, a library for dynamic binary translation. ==4342== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==4342== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==4342== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==4342== For more details, rerun with: -v ==4342== ==4342== My PID = 4342, parent PID = 4341. Prog and args are: ==4342== mplayer ==4342== 32-in_the_end.mp3 ==4342== ==4342== Conditional jump or move depends on uninitialised value(s) ==4342== Stack hash: 4126823808 ==4342== at 0x400A65C: (within /lib/ld-2.7.so) ==4342== by 0x4003125: (within /lib/ld-2.7.so) ==4342== by 0x40138EC: (within /lib/ld-2.7.so) ==4342== by 0x4000C3D: (within /lib/ld-2.7.so) ==4342== by 0x4000816: (within /lib/ld-2.7.so) ==4342== ==4342== Conditional jump or move depends on uninitialised value(s) ==4342== Stack hash: 4228028502 ==4342== at 0x400A692: (within /lib/ld-2.7.so) ==4342== by 0x4003125: (within /lib/ld-2.7.so) ==4342== by 0x40138EC: (within /lib/ld-2.7.so) ==4342== by 0x4000C3D: (within /lib/ld-2.7.so) ==4342== by 0x4000816: (within /lib/ld-2.7.so) ==4342== ==4342== Conditional jump or move depends on uninitialised value(s) ==4342== Stack hash: 936347057 ==4342== at 0x400B19D: (within /lib/ld-2.7.so) ==4342== by 0x4003125: (within /lib/ld-2.7.so) ==4342== by 0x40138EC: (within /lib/ld-2.7.so) ==4342== by 0x4000C3D: (within /lib/ld-2.7.so) ==4342== by 0x4000816: (within /lib/ld-2.7.so) ==4342== ==4342== Conditional jump or move depends on uninitialised value(s) ==4342== Stack hash: 3629006124 ==4342== at 0x400A542: (within /lib/ld-2.7.so) ==4342== by 0x4003383: (within /lib/ld-2.7.so) ==4342== by 0x40138EC: (within /lib/ld-2.7.so) ==4342== by 0x4000C3D: (within /lib/ld-2.7.so) ==4342== by 0x4000816: (within /lib/ld-2.7.so) ==4342== ==4342== Conditional jump or move depends on uninitialised value(s) ==4342== Stack hash: 3643999412 ==4342== at 0x400A54A: (within /lib/ld-2.7.so) ==4342== by 0x4003383: (within /lib/ld-2.7.so) ==4342== by 0x40138EC: (within /lib/ld-2.7.so) ==4342== by 0x4000C3D: (within /lib/ld-2.7.so) ==4342== by 0x4000816: (within /lib/ld-2.7.so) ==4342== ==4342== Conditional jump or move depends on uninitialised value(s) ==4342== Stack hash: 4258724220 ==4342== at 0x400A692: (within /lib/ld-2.7.so) ==4342== by 0x4003383: (within /lib/ld-2.7.so) ==4342== by 0x40138EC: (within /lib/ld-2.7.so) ==4342== by 0x4000C3D: (within /lib/ld-2.7.so) ==4342== by 0x4000816: (within /lib/ld-2.7.so) ==4342== ==4342== Use of uninitialised value of size 4 ==4342== Stack hash: 2621627734 ==4342== at 0x81E57A6: MP3_DecodeFrame (layer2.c:167) ==4342== by 0x80DA2F8: decode_audio (dec_audio.c:383) ==4342== by 0x80798C8: main (mplayer.c:2044) ==4342== ==4342== Use of uninitialised value of size 4 ==4342== Stack hash: 2620462715 ==4342== at 0x81E5453: MP3_DecodeFrame (layer2.c:178) ==4342== by 0x80DA2F8: decode_audio (dec_audio.c:383) ==4342== by 0x80798C8: main (mplayer.c:2044) ==4342== ==4342== Use of uninitialised value of size 4 ==4342== Stack hash: 2620491464 ==4342== at 0x81E5468: MP3_DecodeFrame (layer2.c:179) ==4342== by 0x80DA2F8: decode_audio (dec_audio.c:383) ==4342== by 0x80798C8: main (mplayer.c:2044) ==4342== ==4342== Use of uninitialised value of size 4 ==4342== Stack hash: 2620516106 ==4342== at 0x81E547A: MP3_DecodeFrame (layer2.c:180) ==4342== by 0x80DA2F8: decode_audio (dec_audio.c:383) ==4342== by 0x80798C8: main (mplayer.c:2044) ==4342== ==4342== Invalid read of size 4 ==4342== Stack hash: 880003731 ==4342== at 0x81E339A: do_layer3 (layer3.c:1157) ==4342== by 0x8165551: demux_open_vqf (demux_vqf.c:38) ==4342== Address 0xBE963000 is not stack'd, malloc'd or (recently) free'd ==4342== ==4342== Invalid read of size 4 ==4342== Stack hash: 897284585 ==4342== at 0x417FBC4: (within /lib/libc-2.7.so) ==4342== by 0x417F806: (within /lib/libc-2.7.so) ==4342== by 0x4180023: __libc_freeres (in /lib/libc-2.7.so) ==4342== by 0x401D1F6: _vgnU_freeres (vg_preloaded.c:60) ==4342== by 0x40ADBC7: exit (in /lib/libc-2.7.so) ==4342== by 0x80768F3: exit_sighandler (mplayer.c:816) ==4342== by 0x40AAE37: (within /lib/libc-2.7.so) ==4342== by 0x8165551: demux_open_vqf (demux_vqf.c:38) ==4342== Address 0x10 is not stack'd, malloc'd or (recently) free'd ==4342== ==4342== Process terminating with default action of signal 11 (SIGSEGV) ==4342== Access not within mapped region at address 0x10 ==4342== Stack hash: 897284585 ==4342== at 0x417FBC4: (within /lib/libc-2.7.so) ==4342== by 0x417F806: (within /lib/libc-2.7.so) ==4342== by 0x4180023: __libc_freeres (in /lib/libc-2.7.so) ==4342== by 0x401D1F6: _vgnU_freeres (vg_preloaded.c:60) ==4342== by 0x40ADBC7: exit (in /lib/libc-2.7.so) ==4342== by 0x80768F3: exit_sighandler (mplayer.c:816) ==4342== by 0x40AAE37: (within /lib/libc-2.7.so) ==4342== by 0x8165551: demux_open_vqf (demux_vqf.c:38) ==4342== ==4342== ERROR SUMMARY: 249 errors from 12 contexts (suppressed: 0 from 0) ==4342== malloc/free: in use at exit: 205,105 bytes in 2,217 blocks. ==4342== malloc/free: 22,972 allocs, 20,755 frees, 6,719,429 bytes allocated. ==4342== For counts of detected errors, rerun with: -v ==4342== searching for pointers to 2,217 not-freed blocks. ==4342== checked 3,129,932 bytes. ==4342== ==4342== LEAK SUMMARY: ==4342== definitely lost: 0 bytes in 0 blocks. ==4342== possibly lost: 0 bytes in 0 blocks. ==4342== still reachable: 205,105 bytes in 2,217 blocks. ==4342== suppressed: 0 bytes in 0 blocks. ==4342== Reachable blocks (those to which a pointer was found) are not shown. ==4342== To see them, rerun with: --leak-check=full --show-reachable=yes MPlayer interrupted by signal 11 in module: decode_audio - MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash. - MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug. _________________________________________________________________ gdb Backtrace /home/user/bug_report/core: No such file or directory. [Thread debugging using libthread_db enabled] MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team CPU: Dual-Core AMD Opteron(tm) Processor 2218 HE (Family: 15, Model: 65, Stepping: 3) CPUflags: MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 get_path('codecs.conf') -> '/root/.mplayer/codecs.conf' Reading /root/.mplayer/codecs.conf: Can't open '/root/.mplayer/codecs.conf': No such file or directory Reading /usr/local/etc/mplayer/codecs.conf: Can't open '/usr/local/etc/mplayer/codecs.conf': No such file or directory Using built-in default codecs.conf. Configuration: --enable-debug=3 CommandLine: '-v' '32-in_the_end.mp3' get_path('font/font.desc') -> '/root/.mplayer/font/font.desc' font: can't open file: /root/.mplayer/font/font.desc font: can't open file: /usr/local/share/mplayer/font/font.desc Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay Using nanosleep() timing get_path('input.conf') -> '/root/.mplayer/input.conf' Can't open input config file /root/.mplayer/input.conf: No such file or directory Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or directory Falling back on default (hardcoded) input config get_path('32-in_the_end.mp3.conf') -> '/root/.mplayer/32-in_the_end.mp3.conf' Playing 32-in_the_end.mp3. get_path('sub/') -> '/root/.mplayer/sub/' [file] File size is 3460830 bytes STREAM: [file] 32-in_the_end.mp3 STREAM: Description: File STREAM: Author: Albeu STREAM: Comment: based on the code from ??? (probably Arpi) LAVF_check: MPEG audio Checking for YUV4MPEG2 ASF_check: not ASF guid! Checking for NuppelVideo Checking for REAL Checking for SMJPEG Searching demuxer type for filename 32-in_the_end.mp3 ext: .mp3 Trying demuxer 17 based on filename extension ==> Found audio stream: 0 demux_audio: seeking from 0x34CEDE to start pos 0x0 demux_audio: audio data 0x0 - 0x34CE5E Audio only file format detected. Clip info: Title: In The nd Artist: [Linkin Park] Album: Year: Comment: Genre: Unknown ========================================================================== Opening audio decoder: [mp3lib] MPEG layer-2, layer-3 dec_audio: Allocating 4608 + 65536 = 70144 bytes for output buffer. mp3lib: using 3DNow!Ex optimized decore! MP3lib: init layer2&3 finished, tables done MPEG 1.0, Layer III, 44100 Hz 128 kbit Joint-Stereo, BPF: 417 Channels: 2, copyright: Yes, original: Yes, CRC: No, emphasis: 0 AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16000->176400) Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3) ========================================================================== Building audio filter chain for 44100Hz/2ch/s16le -> 0Hz/0ch/??... [libaf] Adding filter dummy [dummy] Was reinitialized: 44100Hz/2ch/s16le [dummy] Was reinitialized: 44100Hz/2ch/s16le Trying every known audio driver... ao2: 44100 Hz 2 chans s16le audio_setup: using '/dev/dsp' dsp device audio_setup: using '/dev/mixer' mixer device audio_setup: using 'pcm' mixer device [AO OSS] audio_setup: Can't open audio device /dev/dsp: No such device or address DVB card number must be between 1 and 4 AO: [null] 44100Hz 2ch s16le (2 bytes per sample) AO: Description: Null audio output AO: Author: Tobias Diedrich <ran...@td...> Building audio filter chain for 44100Hz/2ch/s16le -> 44100Hz/2ch/s16le... [dummy] Was reinitialized: 44100Hz/2ch/s16le [dummy] Was reinitialized: 44100Hz/2ch/s16le Video: no video Freeing 0 unused video chunks. Starting playback... Increasing filtered audio buffer size from 0 to 37888 A: 125.5 (02:05.4) of 216.0 (03:36.0) 0.4% Program received signal SIGSEGV, Segmentation fault. 0x081e339a in do_layer3 (fr=0x87591a0, single=-1) at mp3lib/layer3.c:1157 1157 register real bu = *--xr2,bd = *xr1; #0 0x081e339a in do_layer3 (fr=0x87591a0, single=-1) at mp3lib/layer3.c:1157 #1 0x08165552 in demux_open_vqf (demuxer=0x0) at libmpdemux/demux_vqf.c:38 Backtrace stopped: previous frame inner to this frame (corrupt stack?) Dump of assembler code from 0x81e337a to 0x81e33ba: 0x081e337a <do_layer3+2330>: fdivr %st(7),%st 0x081e337c <do_layer3+2332>: decl 0xf484041(%ebx) 0x081e3382 <do_layer3+2338>: test %al,%bh 0x081e3384 <do_layer3+2340>: add (%eax),%al 0x081e3386 <do_layer3+2342>: add %cl,-0x272763(%ebx) 0x081e338c <do_layer3+2348>: decl -0x7626763a(%ecx) 0x081e3392 <do_layer3+2354>: fidivl (%ecx) 0x081e3394 <do_layer3+2356>: rolb shxd9,0x2d904ea(%ebx) 0x081e339b <do_layer3+2363>: add %ebx,%ecx 0x081e339d <do_layer3+2365>: add shx85,%al 0x081e339f <do_layer3+2367>: pusha 0x081e33a0 <do_layer3+2368>: sub shxcad80876,%eax 0x081e33a5 <do_layer3+2373>: flds 0x8762d40(,%eax,4) 0x081e33ac <do_layer3+2380>: fmul %st(2),%st 0x081e33ae <do_layer3+2382>: fsubrp %st,%st(1) 0x081e33b0 <do_layer3+2384>: fstps (%edx) 0x081e33b2 <do_layer3+2386>: fmuls 0x8762d60(,%eax,4) 0x081e33b9 <do_layer3+2393>: fxch %st(1) End of assembler dump. eax 0x6 6 ecx 0xbfffd000 -1073754112 edx 0xbfffcfcc -1073754164 ebx 0xbfffcfe8 -1073754136 esp 0xbfff7910 0xbfff7910 ebp 0xbfffa128 0xbfffa128 esi 0xffffff0f -241 edi 0x0 0 eip 0x81e339a 0x81e339a <do_layer3+2362> eflags 0x210296 [ PF AF SF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 st0 9.3241867560323044017422944307327271e-09 (raw 0x3fe4a030350000000000) st1 -nan(0x8001800180018001) (raw 0xffff8001800180018001) st2 -nan(0x7fff7fff7fff7fff) (raw 0xffff7fff7fff7fff7fff) st3 -nan(0xc20fe000126980) (raw 0xffff00c20fe000126980) st4 -nan(0x22ea00b003d03e90) (raw 0xffff22ea00b003d03e90) st5 -0 (raw 0x80000000000000000000) st6 13109.035698911757208406925201416016 (raw 0x400cccd4248e416a0000) st7 -537.47045153413637308403849601745605 (raw 0xc008865e1be0c05e0000) fctrl 0x37f 895 fstat 0x3832 14386 ftag 0x3fff 16383 fiseg 0x0 0 fioff 0x0 0 foseg 0x0 0 fooff 0x0 0 fop 0x0 0 xmm0 {v4_float = {0x0, 0x0, 0x0, 0xc2960000}, v2_double = {0x0, 0x8000000000000000}, v16_int8 = {0xfd, 0xa3, 0xb6, 0xed, 0x77, 0xff, 0xfb, 0x92, 0x6c, 0x83, 0x1, 0x4, 0x4b, 0x61, 0xd9, 0x53}, v8_int16 = {0xa3fd, 0xedb6, 0xff77, 0x92fb, 0x836c, 0x401, 0x614b, 0x53d9}, v4_int32 = { 0xedb6a3fd, 0x92fbff77, 0x401836c, 0x53d9614b}, v2_int64 = {0x92fbff77edb6a3fd, 0x53d9614b0401836c}, uint128 = 0x53d9614b0401836c92fbff77edb6a3fd} xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0xc, 0x33, 0x26, 0x35, 0x61, 0xfb, 0x4d, 0x2f, 0x2, 0x22, 0x8f, 0x15, 0x6d, 0x61, 0x4c, 0x30}, v8_int16 = {0x330c, 0x3526, 0xfb61, 0x2f4d, 0x2202, 0x158f, 0x616d, 0x304c}, v4_int32 = {0x3526330c, 0x2f4dfb61, 0x158f2202, 0x304c616d}, v2_int64 = {0x2f4dfb613526330c, 0x304c616d158f2202}, uint128 = 0x304c616d158f22022f4dfb613526330c} xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x8000000000000000}, v16_int8 = {0x4d, 0x90, 0xac, 0xa, 0xac, 0xe8, 0xf6, 0x14, 0xca, 0xc, 0x2d, 0x9f, 0xe9, 0x1c, 0x60, 0x73}, v8_int16 = {0x904d, 0xaac, 0xe8ac, 0x14f6, 0xcca, 0x9f2d, 0x1ce9, 0x7360}, v4_int32 = {0xaac904d, 0x14f6e8ac, 0x9f2d0cca, 0x73601ce9}, v2_int64 = {0x14f6e8ac0aac904d, 0x73601ce99f2d0cca}, uint128 = 0x73601ce99f2d0cca14f6e8ac0aac904d} xmm3 {v4_float = {0x55351e8, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x3d, 0x6a, 0xaa, 0x4c, 0xd2, 0x18, 0xa0, 0x23, 0xa1, 0xa6, 0x30, 0xa6, 0xe, 0x3a, 0x81, 0x95}, v8_int16 = {0x6a3d, 0x4caa, 0x18d2, 0x23a0, 0xa6a1, 0xa630, 0x3a0e, 0x9581}, v4_int32 = {0x4caa6a3d, 0x23a018d2, 0xa630a6a1, 0x95813a0e}, v2_int64 = {0x23a018d24caa6a3d, 0x95813a0ea630a6a1}, uint128 = 0x95813a0ea630a6a123a018d24caa6a3d} xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] mm0 {uint64 = 0x865e1be0c05e0000, v2_int32 = {0xc05e0000, 0x865e1be0}, v4_int16 = {0x0, 0xc05e, 0x1be0, 0x865e}, v8_int8 = {0x0, 0x0, 0x5e, 0xc0, 0xe0, 0x1b, 0x5e, 0x86}} mm1 {uint64 = 0xa030350000000000, v2_int32 = {0x0, 0xa0303500}, v4_int16 = {0x0, 0x0, 0x3500, 0xa030}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x35, 0x30, 0xa0}} mm2 {uint64 = 0x8001800180018001, v2_int32 = {0x80018001, 0x80018001}, v4_int16 = {0x8001, 0x8001, 0x8001, 0x8001}, v8_int8 = {0x1, 0x80, 0x1, 0x80, 0x1, 0x80, 0x1, 0x80}} mm3 {uint64 = 0x7fff7fff7fff7fff, v2_int32 = {0x7fff7fff, 0x7fff7fff}, v4_int16 = {0x7fff, 0x7fff, 0x7fff, 0x7fff}, v8_int8 = {0xff, 0x7f, 0xff, 0x7f, 0xff, 0x7f, 0xff, 0x7f}} mm4 {uint64 = 0xc20fe000126980, v2_int32 = {0x126980, 0xc20fe0}, v4_int16 = {0x6980, 0x12, 0xfe0, 0xc2}, v8_int8 = {0x80, 0x69, 0x12, 0x0, 0xe0, 0xf, 0xc2, 0x0}} mm5 {uint64 = 0x22ea00b003d03e90, v2_int32 = {0x3d03e90, 0x22ea00b0}, v4_int16 = {0x3e90, 0x3d0, 0xb0, 0x22ea}, v8_int8 = {0x90, 0x3e, 0xd0, 0x3, 0xb0, 0x0, 0xea, 0x22}} mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm7 {uint64 = 0xccd4248e416a0000, v2_int32 = {0x416a0000, 0xccd4248e}, v4_int16 = {0x0, 0x416a, 0x248e, 0xccd4}, v8_int8 = {0x0, 0x0, 0x6a, 0x41, 0x8e, 0x24, 0xd4, 0xcc}} The program is running. Quit anyway (and kill it)? (y or n) [answered Y; input not from terminal] -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-06 07:51:48
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1233 Summary: For this .spx file, valgrind reports InvalidRead, UninitCondition, Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/110690-0-3627122432- result32512.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the SUPERB-TRUST 2008 project, see http://www.truststc.org/superb/ For this .spx file, valgrind reports InvalidRead, UninitCondition, System Info: MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing meh.spx. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/110690-0-3627122432-result32512.tgz tar xzf 110690-0-3627122432-result32512.tgz valgrind mplayer meh.spx ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==13148== Memcheck, a memory error detector. ==13148== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==13148== Using LibVEX rev 1715, a library for dynamic binary translation. ==13148== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==13148== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==13148== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==13148== For more details, rerun with: -v ==13148== ==13148== My PID = 13148, parent PID = 13147. Prog and args are: ==13148== mplayer ==13148== meh.spx ==13148== ==13148== Conditional jump or move depends on uninitialised value(s) ==13148== Stack hash: 4126823808 ==13148== at 0x400A65C: (within /lib/ld-2.7.so) ==13148== by 0x4003125: (within /lib/ld-2.7.so) ==13148== by 0x40138EC: (within /lib/ld-2.7.so) ==13148== by 0x4000C3D: (within /lib/ld-2.7.so) ==13148== by 0x4000816: (within /lib/ld-2.7.so) ==13148== ==13148== Conditional jump or move depends on uninitialised value(s) ==13148== Stack hash: 4228028502 ==13148== at 0x400A692: (within /lib/ld-2.7.so) ==13148== by 0x4003125: (within /lib/ld-2.7.so) ==13148== by 0x40138EC: (within /lib/ld-2.7.so) ==13148== by 0x4000C3D: (within /lib/ld-2.7.so) ==13148== by 0x4000816: (within /lib/ld-2.7.so) ==13148== ==13148== Conditional jump or move depends on uninitialised value(s) ==13148== Stack hash: 936347057 ==13148== at 0x400B19D: (within /lib/ld-2.7.so) ==13148== by 0x4003125: (within /lib/ld-2.7.so) ==13148== by 0x40138EC: (within /lib/ld-2.7.so) ==13148== by 0x4000C3D: (within /lib/ld-2.7.so) ==13148== by 0x4000816: (within /lib/ld-2.7.so) ==13148== ==13148== Conditional jump or move depends on uninitialised value(s) ==13148== Stack hash: 3629006124 ==13148== at 0x400A542: (within /lib/ld-2.7.so) ==13148== by 0x4003383: (within /lib/ld-2.7.so) ==13148== by 0x40138EC: (within /lib/ld-2.7.so) ==13148== by 0x4000C3D: (within /lib/ld-2.7.so) ==13148== by 0x4000816: (within /lib/ld-2.7.so) ==13148== ==13148== Conditional jump or move depends on uninitialised value(s) ==13148== Stack hash: 3643999412 ==13148== at 0x400A54A: (within /lib/ld-2.7.so) ==13148== by 0x4003383: (within /lib/ld-2.7.so) ==13148== by 0x40138EC: (within /lib/ld-2.7.so) ==13148== by 0x4000C3D: (within /lib/ld-2.7.so) ==13148== by 0x4000816: (within /lib/ld-2.7.so) ==13148== ==13148== Conditional jump or move depends on uninitialised value(s) ==13148== Stack hash: 4258724220 ==13148== at 0x400A692: (within /lib/ld-2.7.so) ==13148== by 0x4003383: (within /lib/ld-2.7.so) ==13148== by 0x40138EC: (within /lib/ld-2.7.so) ==13148== by 0x4000C3D: (within /lib/ld-2.7.so) ==13148== by 0x4000816: (within /lib/ld-2.7.so) ==13148== ==13148== Invalid read of size 4 ==13148== Stack hash: 1364543850 ==13148== at 0x417FBC4: (within /lib/libc-2.7.so) ==13148== Address 0x10 is not stack'd, malloc'd or (recently) free'd ==13148== ==13148== Process terminating with default action of signal 11 (SIGSEGV) ==13148== Access not within mapped region at address 0x10 ==13148== Stack hash: 1364543850 ==13148== at 0x417FBC4: (within /lib/libc-2.7.so) ==13148== ==13148== ERROR SUMMARY: 20 errors from 7 contexts (suppressed: 0 from 0) ==13148== malloc/free: in use at exit: 33,636 bytes in 20 blocks. ==13148== malloc/free: 2,321 allocs, 2,301 frees, 1,272,114 bytes allocated. ==13148== For counts of detected errors, rerun with: -v ==13148== searching for pointers to 20 not-freed blocks. ==13148== checked 2,951,952 bytes. ==13148== ==13148== LEAK SUMMARY: ==13148== definitely lost: 0 bytes in 0 blocks. ==13148== possibly lost: 0 bytes in 0 blocks. ==13148== still reachable: 33,636 bytes in 20 blocks. ==13148== suppressed: 0 bytes in 0 blocks. ==13148== Reachable blocks (those to which a pointer was found) are not shown. ==13148== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-08-06 07:22:22
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1232 Summary: For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition, Product: MPlayer Version: HEAD Platform: Other URL: http://www.metafuzz.com/testcases/664852-199-311034112- result256.tgz OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: xue...@be... CC: cat...@li... This bug was found as part of the SUPERB-TRUST 2008 project, see http://www.truststc.org/superb/ For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition, System Info: MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2, Stepping: 7) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2 Playing 199-song0004.mp3. ############################################################## to reproduce: wget http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz tar xzf 664852-199-311034112-result256.tgz valgrind mplayer 199-song0004.mp3 ::::::::::::::::::::Valgrind result::::::::::::::::::::::::::::: ==6930== Memcheck, a memory error detector. ==6930== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==6930== Using LibVEX rev 1715, a library for dynamic binary translation. ==6930== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==6930== Using valgrind-3.2.2, a dynamic binary instrumentation framework. ==6930== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==6930== For more details, rerun with: -v ==6930== ==6930== My PID = 6930, parent PID = 6929. Prog and args are: ==6930== mplayer ==6930== 199-song0004.mp3 ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 4126823808 ==6930== at 0x400A65C: (within /lib/ld-2.7.so) ==6930== by 0x4003125: (within /lib/ld-2.7.so) ==6930== by 0x40138EC: (within /lib/ld-2.7.so) ==6930== by 0x4000C3D: (within /lib/ld-2.7.so) ==6930== by 0x4000816: (within /lib/ld-2.7.so) ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 4228028502 ==6930== at 0x400A692: (within /lib/ld-2.7.so) ==6930== by 0x4003125: (within /lib/ld-2.7.so) ==6930== by 0x40138EC: (within /lib/ld-2.7.so) ==6930== by 0x4000C3D: (within /lib/ld-2.7.so) ==6930== by 0x4000816: (within /lib/ld-2.7.so) ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 936347057 ==6930== at 0x400B19D: (within /lib/ld-2.7.so) ==6930== by 0x4003125: (within /lib/ld-2.7.so) ==6930== by 0x40138EC: (within /lib/ld-2.7.so) ==6930== by 0x4000C3D: (within /lib/ld-2.7.so) ==6930== by 0x4000816: (within /lib/ld-2.7.so) ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 3629006124 ==6930== at 0x400A542: (within /lib/ld-2.7.so) ==6930== by 0x4003383: (within /lib/ld-2.7.so) ==6930== by 0x40138EC: (within /lib/ld-2.7.so) ==6930== by 0x4000C3D: (within /lib/ld-2.7.so) ==6930== by 0x4000816: (within /lib/ld-2.7.so) ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 3643999412 ==6930== at 0x400A54A: (within /lib/ld-2.7.so) ==6930== by 0x4003383: (within /lib/ld-2.7.so) ==6930== by 0x40138EC: (within /lib/ld-2.7.so) ==6930== by 0x4000C3D: (within /lib/ld-2.7.so) ==6930== by 0x4000816: (within /lib/ld-2.7.so) ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 4258724220 ==6930== at 0x400A692: (within /lib/ld-2.7.so) ==6930== by 0x4003383: (within /lib/ld-2.7.so) ==6930== by 0x40138EC: (within /lib/ld-2.7.so) ==6930== by 0x4000C3D: (within /lib/ld-2.7.so) ==6930== by 0x4000816: (within /lib/ld-2.7.so) ==6930== ==6930== Use of uninitialised value of size 4 ==6930== Stack hash: 1861723244 ==6930== at 0x84691C6: huffman_decode (mpegaudiodec.c:1558) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Use of uninitialised value of size 4 ==6930== Stack hash: 3015908747 ==6930== at 0x8469219: huffman_decode (mpegaudiodec.c:1568) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Use of uninitialised value of size 4 ==6930== Stack hash: 4046632117 ==6930== at 0x84695BB: huffman_decode (mpegaudiodec.c:231) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Use of uninitialised value of size 4 ==6930== Stack hash: 2022362712 ==6930== at 0x84695C2: huffman_decode (mpegaudiodec.c:232) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 3566332850 ==6930== at 0x84695D4: huffman_decode (mpegaudiodec.c:235) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Use of uninitialised value of size 4 ==6930== Stack hash: 3541217440 ==6930== at 0x846956A: huffman_decode (mpegaudiodec.c:231) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Use of uninitialised value of size 4 ==6930== Stack hash: 1516948035 ==6930== at 0x8469571: huffman_decode (mpegaudiodec.c:232) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Conditional jump or move depends on uninitialised value(s) ==6930== Stack hash: 1438991108 ==6930== at 0x846957E: huffman_decode (mpegaudiodec.c:235) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Use of uninitialised value of size 4 ==6930== Stack hash: 674590240 ==6930== at 0x84694EA: huffman_decode (mpegaudiodec.c:1581) ==6930== by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280) ==6930== by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336) ==6930== by 0x846D8B8: decode_frame (mpegaudiodec.c:2432) ==6930== by 0x82E503A: avcodec_decode_audio2 (utils.c:945) ==6930== by 0x82601D0: av_find_stream_info (utils.c:1830) ==6930== by 0x81A0A26: demux_open_lavf (demux_lavf.c:466) ==6930== by 0x811C84C: demux_open_stream (demuxer.c:871) ==6930== by 0x811CB04: demux_open (demuxer.c:998) ==6930== by 0x8078D8C: main (mplayer.c:3237) ==6930== ==6930== Invalid read of size 4 ==6930== Stack hash: 1364543850 ==6930== at 0x417FBC4: (within /lib/libc-2.7.so) ==6930== Address 0x10 is not stack'd, malloc'd or (recently) free'd ==6930== ==6930== Process terminating with default action of signal 11 (SIGSEGV) ==6930== Access not within mapped region at address 0x10 ==6930== Stack hash: 1364543850 ==6930== at 0x417FBC4: (within /lib/libc-2.7.so) ==6930== ==6930== ERROR SUMMARY: 442 errors from 16 contexts (suppressed: 0 from 0) ==6930== malloc/free: in use at exit: 33,644 bytes in 21 blocks. ==6930== malloc/free: 6,297 allocs, 6,276 frees, 4,225,284 bytes allocated. ==6930== For counts of detected errors, rerun with: -v ==6930== searching for pointers to 21 not-freed blocks. ==6930== checked 2,952,272 bytes. ==6930== ==6930== LEAK SUMMARY: ==6930== definitely lost: 0 bytes in 0 blocks. ==6930== possibly lost: 0 bytes in 0 blocks. ==6930== still reachable: 33,644 bytes in 21 blocks. ==6930== suppressed: 0 bytes in 0 blocks. ==6930== Reachable blocks (those to which a pointer was found) are not shown. ==6930== To see them, rerun with: --leak-check=full --show-reachable=yes -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-07-18 20:35:53
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1211 Summary: Too many Use of uninitialised and Conditional jump bugs Product: MPlayer Version: HEAD Platform: PC (x86) URL: http://www.cs.berkeley.edu/~ethiodad/zuf_enate22.wma OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: core AssignedTo: Rei...@st... ReportedBy: eth...@gm... CC: cat...@li... Valgrind reported millions of uninitailized and conditional jump bugs while playing the followinf link. http://www.cs.berkeley.edu/~ethiodad/zuf_enate22.wma Even thought i have seen similar bug reports that are uninitialized and conditional jump, these bugs that i found playing .wma file seem serious bugs that need attention. these bugs are reproducable in mplayer version SVN-r27327-4.1.2. Here is the report from Valgrind: MPlayer dev-SVN-r27327-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (Family: 6, Model: 15, Stepping: 6) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2 Playing zuf_enate22.wma. ASF file format detected. [asfheader] Audio stream found, -aid 1 ========================================================================== Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 2567684456 ==11686== at 0x851A929: adpcm_decode_frame (adpcm.c:711) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x8198A96: init (ad_ffmpeg.c:109) ==11686== by 0x80DB022: init_audio (dec_audio.c:95) ==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270) ==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585) ==11686== by 0x8078131: main (mplayer.c:3583) ==11686== ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 2075487956 ==11686== at 0x851A945: adpcm_decode_frame (adpcm.c:720) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x8198A96: init (ad_ffmpeg.c:109) ==11686== by 0x80DB022: init_audio (dec_audio.c:95) ==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270) ==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585) ==11686== by 0x8078131: main (mplayer.c:3583) ==11686== ==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 1402692663 ==11686== at 0x851A974: adpcm_decode_frame (common.h:224) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x8198A96: init (ad_ffmpeg.c:109) ==11686== by 0x80DB022: init_audio (dec_audio.c:95) ==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270) ==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585) ==11686== by 0x8078131: main (mplayer.c:3583) ==11686== ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 1094897246 ==11686== at 0x851A877: adpcm_decode_frame (adpcm.c:711) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x8198A96: init (ad_ffmpeg.c:109) ==11686== by 0x80DB022: init_audio (dec_audio.c:95) ==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270) ==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585) ==11686== by 0x8078131: main (mplayer.c:3583) ==11686== ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 602700746 ==11686== at 0x851A893: adpcm_decode_frame (adpcm.c:720) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x8198A96: init (ad_ffmpeg.c:109) ==11686== by 0x80DB022: init_audio (dec_audio.c:95) ==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270) ==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585) ==11686== by 0x8078131: main (mplayer.c:3583) ==11686== ==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 372502074 ==11686== at 0x851A8C3: adpcm_decode_frame (common.h:224) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x8198A96: init (ad_ffmpeg.c:109) ==11686== by 0x80DB022: init_audio (dec_audio.c:95) ==11686== by 0x80DB418: init_best_audio_codec (dec_audio.c:270) ==11686== by 0x8076788: reinit_audio_chain (mplayer.c:1585) ==11686== by 0x8078131: main (mplayer.c:3583) AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16002->176400) Selected audio codec: [ffadpcmimadk4] afm: ffmpeg (FFmpeg DK4 IMA ADPCM audio) ========================================================================== AO: [oss] 44100Hz 2ch s16le (2 bytes per sample) Video: no video Starting playback... ==11686== ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 1757386080 ==11686== at 0x851A929: adpcm_decode_frame (adpcm.c:711) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x80DA984: decode_audio (dec_audio.c:383) ==11686== by 0x80784F9: main (mplayer.c:2044) ==11686== ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 1809862588 ==11686== at 0x851A945: adpcm_decode_frame (adpcm.c:720) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x80DA984: decode_audio (dec_audio.c:383) ==11686== by 0x80784F9: main (mplayer.c:2044) ==11686== ==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 1897948155 ==11686== at 0x851A974: adpcm_decode_frame (common.h:224) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x80DA984: decode_audio (dec_audio.c:383) ==11686== by 0x80784F9: main (mplayer.c:2044) ==11686== ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 1423785422 ==11686== at 0x851A877: adpcm_decode_frame (adpcm.c:711) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x80DA984: decode_audio (dec_audio.c:383) ==11686== by 0x80784F9: main (mplayer.c:2044) ==11686== ==11686== Use of uninitialised value of size 4 ==11686== Stack hash: 1476261930 ==11686== at 0x851A893: adpcm_decode_frame (adpcm.c:720) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x80DA984: decode_audio (dec_audio.c:383) ==11686== by 0x80784F9: main (mplayer.c:2044) ==11686== ==11686== Conditional jump or move depends on uninitialised value(s)==11686== Stack hash: 1566221658 ==11686== at 0x851A8C3: adpcm_decode_frame (common.h:224) ==11686== by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928) ==11686== by 0x8198748: decode_audio (ad_ffmpeg.c:161) ==11686== by 0x80DA984: decode_audio (dec_audio.c:383) ==11686== by 0x80784F9: main (mplayer.c:2044) ==11686== ==11686== Syscall param write(buf) points to uninitialised byte(s) ==11686== Stack hash: 2550802113 ==11686== at 0x4000792: (within /lib/ld-2.3.6.so) ==11686== Address 0x433fb90 is 0 bytes inside a block of size 65,536 alloc'd ==11686== Stack hash: 2167153555 ==11686== at 0x401D898: malloc (vg_replace_malloc.c:207) ==11686== by 0x401D9DC: realloc (vg_replace_malloc.c:429) ==11686== by 0x80DAA6E: decode_audio (dec_audio.c:401) ==11686== by 0x80784F9: main (mplayer.c:2044) A: 16.0 (16.0) of 331.0 (05:31.0) 33.7% MPlayer interrupted by signal 2 in module: play_audio A: 16.9 (16.9) of 331.0 (05:31.0) 34.5% Exiting... (Quit) ==11686== ==11686== ERROR SUMMARY: 1282478 errors from 13 contexts (suppressed: 19 from 1) ==11686== malloc/free: in use at exit: 39,029 bytes in 17 blocks. ==11686== malloc/free: 2,480 allocs, 2,463 frees, 1,995,146 bytes allocated. ==11686== For counts of detected errors, rerun with: -v ==11686== searching for pointers to 17 not-freed blocks. ==11686== checked 2,898,920 bytes. ==11686== ==11686== LEAK SUMMARY: ==11686== definitely lost: 5,976 bytes in 1 blocks. ==11686== possibly lost: 0 bytes in 0 blocks. ==11686== still reachable: 33,053 bytes in 16 blocks. ==11686== suppressed: 0 bytes in 0 blocks. ==11686== Rerun with --leak-check=full to see details of leaked memo The Bugs were found doing summer Research for SUBERB-TRUST 2008. -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: Nichole S. <nst...@mi...> - 2008-07-17 23:13:54
|
Hi guys, I just wanted to check and see if anyone had collected any data on their or other people's bugs as far as what kind it is, what fuzzer found it, how it was handled by the developers,etc. Jason and I are working on an excel spreadsheet that will list all this so if you already have any part of it done and would like to email that to me at nst...@ee... it would be pretty awesome. =) Otherwise, no worries and just ignore this email. ;) Thanks! ~Nichole |
From: <bug...@bu...> - 2008-07-17 21:49:51
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1210 Summary: Demuxer: Conditional jump or move depends on uninitialised value(s) Product: MPlayer Version: HEAD Platform: PC (x86) URL: http://www.eecs.berkeley.edu/~sckhan/36-p6.mp4 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: demuxer AssignedTo: r_...@ti... ReportedBy: sc...@ee... CC: cat...@li... The following report is for the SUPERB-TRUST 2008, the cyber security project. #Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) valgrind report the Invalid Read. #The test case is "36-p6.mp4" can be found at the URL *http://www.eecs.berkeley.edu/~sckhan/36-p6.mp4 #Reproducible with the following command *valgrind mplayer Can also be run as: *valgrind --log-file=log33 mplayer 36-p6.mp4 #OS: Debian Etch Linux #Valgrind output: ==25952== Memcheck, a memory error detector. ==25952== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==25952== Using LibVEX rev 1854, a library for dynamic binary translation. ==25952== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==25952== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==25952== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==25952== For more details, rerun with: -v ==25952== ==25952== My PID = 25952, parent PID = 3261. Prog and args are: ==25952== mplayer ==25952== 36-p6.mp4 ==25952== ==25952== Warning: set address range perms: large range 268436356 (undefined) ==25952== Warning: set address range perms: large range 268436364 (undefined) ==25952== Conditional jump or move depends on uninitialised value(s) ==25952== Stack hash: 4138916608 ==25952== at 0x81376E2: gen_sh_video (demux_mov.c:1011) ==25952== by 0x813B7D4: lschunks (demux_mov.c:1326) ==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==25952== by 0x811E23E: demux_open_stream (demuxer.c:864) ==25952== by 0x811E511: demux_open (demuxer.c:991) ==25952== by 0x80779AE: main (mplayer.c:3238) ==25952== ==25952== Conditional jump or move depends on uninitialised value(s) ==25952== Stack hash: 1577548237 ==25952== at 0x81376FB: gen_sh_video (demux_mov.c:1013) ==25952== by 0x813B7D4: lschunks (demux_mov.c:1326) ==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==25952== by 0x811E23E: demux_open_stream (demuxer.c:864) ==25952== by 0x811E511: demux_open (demuxer.c:991) ==25952== by 0x80779AE: main (mplayer.c:3238) ==25952== ==25952== Conditional jump or move depends on uninitialised value(s) ==25952== Stack hash: 1993611979 ==25952== at 0x8137701: gen_sh_video (demux_mov.c:1013) ==25952== by 0x813B7D4: lschunks (demux_mov.c:1326) ==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==25952== by 0x811E23E: demux_open_stream (demuxer.c:864) ==25952== by 0x811E511: demux_open (demuxer.c:991) ==25952== by 0x80779AE: main (mplayer.c:3238) ==25952== ==25952== Conditional jump or move depends on uninitialised value(s) ==25952== Stack hash: 1841849951 ==25952== at 0x8137645: gen_sh_video (demux_mov.c:1013) ==25952== by 0x813B7D4: lschunks (demux_mov.c:1326) ==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==25952== by 0x811E23E: demux_open_stream (demuxer.c:864) ==25952== by 0x811E511: demux_open (demuxer.c:991) ==25952== by 0x80779AE: main (mplayer.c:3238) ==25952== ==25952== Conditional jump or move depends on uninitialised value(s) ==25952== Stack hash: 2604633478 ==25952== at 0x8137650: gen_sh_video (demux_mov.c:1013) ==25952== by 0x813B7D4: lschunks (demux_mov.c:1326) ==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==25952== by 0x811E23E: demux_open_stream (demuxer.c:864) ==25952== by 0x811E511: demux_open (demuxer.c:991) ==25952== by 0x80779AE: main (mplayer.c:3238) ==25952== ==25952== Conditional jump or move depends on uninitialised value(s) ==25952== Stack hash: 3159385134 ==25952== at 0x8137658: gen_sh_video (demux_mov.c:1013) ==25952== by 0x813B7D4: lschunks (demux_mov.c:1326) ==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==25952== by 0x811E23E: demux_open_stream (demuxer.c:864) ==25952== by 0x811E511: demux_open (demuxer.c:991) ==25952== by 0x80779AE: main (mplayer.c:3238) ==25952== ==25952== Conditional jump or move depends on uninitialised value(s) ==25952== Stack hash: 879750629 ==25952== at 0x81376B3: gen_sh_video (demux_mov.c:1106) ==25952== by 0x813B7D4: lschunks (demux_mov.c:1326) ==25952== by 0x813C1E5: mov_read_header (demux_mov.c:1934) ==25952== by 0x811E23E: demux_open_stream (demuxer.c:864) ==25952== by 0x811E511: demux_open (demuxer.c:991) ==25952== by 0x80779AE: main (mplayer.c:3238) ==25952== Warning: set address range perms: large range 268436388 (noaccess) ==25952== Warning: set address range perms: large range 268436396 (noaccess) ==25952== ==25952== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 19 from 1) ==25952== malloc/free: in use at exit: 81,597 bytes in 19 blocks. ==25952== malloc/free: 2,343 allocs, 2,324 frees, 538,294,607 bytes allocated. ==25952== For counts of detected errors, rerun with: -v ==25952== searching for pointers to 19 not-freed blocks. ==25952== checked 2,898,776 bytes. ==25952== ==25952== LEAK SUMMARY: ==25952== definitely lost: 48,697 bytes in 8 blocks. ==25952== possibly lost: 0 bytes in 0 blocks. ==25952== still reachable: 32,900 bytes in 11 blocks. ==25952== suppressed: 0 bytes in 0 blocks. ==25952== Rerun with --leak-check=full to see details of leaked memory. *This report to inform the error found in Mplayer using the test case: 36-p6.mp4 with Stack hash: 879750629 and back-trace at: gen_sh_video (demux_mov.c:1106). #The bug is found in making comparison of the fuzzing tools and is a part of the metafuzz project. *URL at: metafuzz.com -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-07-17 20:48:36
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1152 ------- Comment #5 from zl...@gm... 2008-07-17 22:47 CEST ------- I realized that I put different links in the URL field and the Description field. The correct URL should be: http://www.eecs.berkeley.edu/~zhl210/545634-1659-52280140-InvalidRead.tgz Sorry about that! -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: Nichole A. E. <nic...@gm...> - 2008-07-17 05:56:07
|
---------- Forwarded message ---------- From: SourceForge.net <no...@so...> Date: Wed, Jul 16, 2008 at 10:52 PM Subject: [ faac-Bugs-2020278 ] Mplayer Crashed: Invalid Read To: no...@so... Bugs item #2020278, was opened at 2008-07-16 22:52 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100704&aid=2020278&group_id=704 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nichole Alvarez (nalvarez) Assigned to: Nobody/Anonymous (nobody) Summary: Mplayer Crashed: Invalid Read Initial Comment: I worked in the lab as part of the SUPERB-TRUST 2008 for the security project and found these bugs in the file 8-3.wav. The errors are Crash and 2 Invalid Read. You can download the file with the following links and can run the command below: You can find this bug in: www.metafuzz.com wget http://www.metafuzz.com/testcases/854652-8-3592192390-InvalidRead.tgz tar xzfv 854652-8-3592192390-InvalidRead.tgz http://www.cs.berkeley.edu/~nalvarez/8-3.wav<http://www.cs.berkeley.edu/%7Enalvarez/8-3.wav> I have this version : MPlayer dev-SVN-r27185-4.1.2 (C) 2000-2008 MPlayer Team CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz (Family: 6, Model: 15, Stepping: 13) CPUflags: MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1 Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2 AO: [oss] 96000Hz 1ch s16le (2 bytes per sample) Video: no video Starting playback... FAAD: error: Maximum number of scalefactor bands exceeded, trying to resync! FAAD: error: Gain control not yet implemented, trying to resync! FAAD: error: Invalid number of channels, trying to resync! FAAD: error: Maximum number of scalefactor bands exceeded, trying to resync! FAAD: error: Gain control not yet implemented, trying to resync! FAAD: error: Gain control not yet implemented, trying to resync! MPlayer interrupted by signal 11 in module: decode_audio - MPlayer crashed by bad usage of CPU/FPU/RAM. Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash. - MPlayer crashed. This shouldn't happen. It can be a bug in the MPlayer code _or_ in your drivers _or_ in your gcc version. If you think it's MPlayer's fault, please read DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and won't help unless you provide this information when reporting a possible bug ==3511== My PID = 3511, parent PID = 3417. Prog and args are: ==3511== mplayer ==3511== 8-3.wav ==3511== ==3511== Invalid read of size 2 ==3511== Stack hash: 3454906702 ==3511== at 0x81AFF85: ic_prediction (ic_predict.c:92) ==3511== by 0x81C45B8: reconstruct_single_channel (specrec.c:879) ==3511== by 0x81CA4B5: decode_sce_lfe (syntax.c:597) ==3511== by 0x81CACE8: raw_data_block (syntax.c:434) ==3511== by 0x81AB749: aac_frame_decode (decoder.c:872) ==3511== by 0x818B432: decode_audio (ad_faad.c:235) ==3511== by 0x80DA9D4: decode_audio (dec_audio.c:383) ==3511== by 0x8078409: main (mplayer.c:2044) ==3511== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==3511== ==3511== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1) ==3511== malloc/free: in use at exit: 237,601 bytes in 2,206 blocks. ==3511== malloc/free: 2,474 allocs, 268 frees, 1,524,479 bytes allocated. ==3511== For counts of detected errors, rerun with: -v ==3511== searching for pointers to 2,206 not-freed blocks. ==3511== checked 2,973,992 bytes. ==3511== ==3511== LEAK SUMMARY: ==3511== definitely lost: 0 bytes in 0 blocks. ==3511== possibly lost: 0 bytes in 0 blocks. ==3511== still reachable: 237,601 bytes in 2,206 blocks. ==3511== suppressed: 0 bytes in 0 blocks. ==3511== Rerun with --leak-check=full to see details of leaked memory. ------- Comment #1 From nichole 2008-07-11 00:49:38 CEST [reply] ------- I tried same input file with version MPlayer dev-SVN-r27249-4.1.2 still crashes. Here is Gdb outputs: AUDIO PAYLOAD: d3 2d c6 f0 AUDIO PAYLOAD: 2d c6 f0 20 AUDIO PAYLOAD: c6 f0 20 23 AUDIO PAYLOAD: f0 20 23 d1 AUDIO PAYLOAD: 20 23 d1 5b AUDIO PAYLOAD: 23 d1 5b 0 AUDIO PAYLOAD: d1 5b 0 dc AUDIO PAYLOAD: 5b 0 dc 40 AUDIO PAYLOAD: 0 dc 40 d0 AUDIO PAYLOAD: dc 40 d0 70 AUDIO PAYLOAD: 40 d0 70 0 AUDIO PAYLOAD: d0 70 0 ed AUDIO PAYLOAD: 70 0 ed 4e AUDIO PAYLOAD: 0 ed 4e cf AUDIO PAYLOAD: ed 4e cf d0 AUDIO PAYLOAD: 4e cf d0 f AUDIO PAYLOAD: cf d0 f f0 AUDIO PAYLOAD: d0 f f0 ae AUDIO PAYLOAD: f f0 ae 0 AUDIO PAYLOAD: f0 ae 0 a1 AUDIO PAYLOAD: ae 0 a1 ee AUDIO PAYLOAD: 0 a1 ee 3 AUDIO PAYLOAD: a1 ee 3 80 AUDIO PAYLOAD: ee 3 80 2f AUDIO PAYLOAD: 3 80 2f 1 AUDIO PAYLOAD: 80 2f 1 0 AUDIO PAYLOAD: 2f 1 0 1e AUDIO PAYLOAD: 1 0 1e 24 AUDIO PAYLOAD: 0 1e 24 fd AUDIO PAYLOAD: 1e 24 fd 5f AUDIO PAYLOAD: 24 fd 5f f2 AUDIO PAYLOAD: fd 5f f2 fe AUDIO PAYLOAD: 5f f2 fe 37 AUDIO PAYLOAD: f2 fe 37 3e AUDIO PAYLOAD: fe 37 3e c0 AUDIO PAYLOAD: 37 3e c0 3e AUDIO PAYLOAD: 3e c0 3e 1 AUDIO PAYLOAD: c0 3e 1 42 AUDIO PAYLOAD: 3e 1 42 f0 AUDIO PAYLOAD: 1 42 f0 73 AUDIO PAYLOAD: 42 f0 73 f2 AUDIO PAYLOAD: f0 73 f2 3 AUDIO PAYLOAD: 73 f2 3 d AUDIO PAYLOAD: f2 3 d 37 AUDIO PAYLOAD: 3 d 37 31 AUDIO PAYLOAD: d 37 31 30 AUDIO PAYLOAD: 37 31 30 51 AUDIO PAYLOAD: 31 30 51 22 AUDIO PAYLOAD: 30 51 22 26 AUDIO PAYLOAD: 51 22 26 f AUDIO PAYLOAD: 22 26 f c AUDIO PAYLOAD: 26 f c 1f AUDIO PAYLOAD: f c 1f 8f AUDIO PAYLOAD: c 1f 8f d AUDIO PAYLOAD: 1f 8f d ef AUDIO PAYLOAD: 8f d ef e0 AUDIO PAYLOAD: d ef e0 3 AUDIO PAYLOAD: ef e0 3 d AUDIO PAYLOAD: e0 3 d b0 AUDIO PAYLOAD: 3 d b0 a AUDIO PAYLOAD: d b0 a e AUDIO PAYLOAD: b0 a e ff AUDIO PAYLOAD: a e ff e8 AUDIO PAYLOAD: e ff e8 e AUDIO PAYLOAD: ff e8 e 3 AUDIO PAYLOAD: e8 e 3 0 AUDIO PAYLOAD: e 3 0 11 AUDIO PAYLOAD: 3 0 11 f1 AUDIO PAYLOAD: 0 11 f1 20 AUDIO PAYLOAD: 11 f1 20 2 AUDIO PAYLOAD: f1 20 2 d4 AUDIO PAYLOAD: 20 2 d4 e AUDIO PAYLOAD: 2 d4 e 20 AUDIO PAYLOAD: d4 e 20 60 AUDIO PAYLOAD: e 20 60 14 AUDIO PAYLOAD: 20 60 14 fe AUDIO PAYLOAD: 60 14 fe 13 AUDIO PAYLOAD: 14 fe 13 73 AUDIO PAYLOAD: fe 13 73 1f AUDIO PAYLOAD: 13 73 1f f5 AUDIO PAYLOAD: 73 1f f5 0 AUDIO PAYLOAD: 1f f5 0 30 AUDIO PAYLOAD: f5 0 30 47 AUDIO PAYLOAD: 0 30 47 1e AUDIO PAYLOAD: 30 47 1e f3 AUDIO PAYLOAD: 47 1e f3 0 AUDIO PAYLOAD: 1e f3 0 5f AUDIO PAYLOAD: f3 0 5f 2 AUDIO PAYLOAD: 0 5f 2 2f AUDIO PAYLOAD: 5f 2 2f f3 AUDIO PAYLOAD: 2 2f f3 cc AUDIO PAYLOAD: 2f f3 cc 43 AUDIO PAYLOAD: f3 cc 43 bf AUDIO PAYLOAD: cc 43 bf 20 AUDIO PAYLOAD: 43 bf 20 0 AUDIO PAYLOAD: bf 20 0 c0 AUDIO PAYLOAD: 20 0 c0 30 AUDIO PAYLOAD: 0 c0 30 a3 AUDIO PAYLOAD: c0 30 a3 b AUDIO PAYLOAD: 30 a3 b 1f AUDIO PAYLOAD: a3 b 1f c1 AUDIO PAYLOAD: b 1f c1 2d AUDIO PAYLOAD: 1f c1 2d a1 AUDIO PAYLOAD: c1 2d a1 1c AUDIO PAYLOAD: 2d a1 1c 4 AUDIO PAYLOAD: a1 1c 4 d AUDIO PAYLOAD: 1c 4 d db AUDIO PAYLOAD: 4 d db ee AUDIO PAYLOAD: d db ee 11 AUDIO PAYLOAD: db ee 11 30 AUDIO PAYLOAD: ee 11 30 ec AUDIO PAYLOAD: 11 30 ec 3f AUDIO PAYLOAD: 30 ec 3f 0 AUDIO PAYLOAD: ec 3f 0 c4 AUDIO PAYLOAD: 3f 0 c4 40 AUDIO PAYLOAD: 0 c4 40 fc AUDIO PAYLOAD: c4 40 fc d3 AUDIO PAYLOAD: 40 fc d3 51 AUDIO PAYLOAD: fc d3 51 31 AUDIO PAYLOAD: d3 51 31 3 AUDIO PAYLOAD: 51 31 3 1e AUDIO PAYLOAD: 31 3 1e 20 AUDIO PAYLOAD: 3 1e 20 f4 AUDIO PAYLOAD: 1e 20 f4 32 AUDIO PAYLOAD: 20 f4 32 de AUDIO PAYLOAD: f4 32 de 62 AUDIO PAYLOAD: 32 de 62 f AUDIO PAYLOAD: de 62 f 2d AUDIO PAYLOAD: 62 f 2d 47 AUDIO PAYLOAD: f 2d 47 30 AUDIO PAYLOAD: 2d 47 30 22 AUDIO PAYLOAD: 47 30 22 10 AUDIO PAYLOAD: 30 22 10 35 AUDIO PAYLOAD: 22 10 35 5 AUDIO PAYLOAD: 10 35 5 40 AUDIO PAYLOAD: 35 5 40 2 AUDIO PAYLOAD: 5 40 2 10 AUDIO PAYLOAD: 40 2 10 e0 AUDIO PAYLOAD: 2 10 e0 de AUDIO PAYLOAD: 10 e0 de cb AUDIO PAYLOAD: e0 de cb e0 AUDIO PAYLOAD: de cb e0 bc AUDIO PAYLOAD: cb e0 bc fd AUDIO PAYLOAD: e0 bc fd d2 AUDIO PAYLOAD: bc fd d2 2b AUDIO PAYLOAD: fd d2 2b d2 AUDIO PAYLOAD: d2 2b d2 2c AUDIO PAYLOAD: 2b d2 2c cd AUDIO PAYLOAD: d2 2c cd b0 AUDIO PAYLOAD: 2c cd b0 f AUDIO PAYLOAD: cd b0 f fa AUDIO PAYLOAD: b0 f fa f AUDIO PAYLOAD: f fa f f AUDIO PAYLOAD: fa f f 12 AUDIO PAYLOAD: f f 12 2 AUDIO PAYLOAD: f 12 2 5f AUDIO PAYLOAD: 12 2 5f e0 AUDIO PAYLOAD: 2 5f e0 25 AUDIO PAYLOAD: 5f e0 25 1 AUDIO PAYLOAD: e0 25 1 fc AUDIO PAYLOAD: 25 1 fc 2 AUDIO PAYLOAD: 1 fc 2 1 AUDIO PAYLOAD: fc 2 1 72 AUDIO PAYLOAD: 2 1 72 1f AUDIO PAYLOAD: 1 72 1f 13 AUDIO PAYLOAD: 72 1f 13 f AUDIO PAYLOAD: 1f 13 f 37 AUDIO PAYLOAD: 13 f 37 21 AUDIO PAYLOAD: f 37 21 e AUDIO PAYLOAD: 37 21 e 17 AUDIO PAYLOAD: 21 e 17 6f AUDIO PAYLOAD: e 17 6f f0 AUDIO PAYLOAD: 17 6f f0 10 AUDIO PAYLOAD: 6f f0 10 1 AUDIO PAYLOAD: f0 10 1 10 AUDIO PAYLOAD: 10 1 10 0 AUDIO PAYLOAD: 1 10 0 fe AUDIO PAYLOAD: 10 0 fe 3 AUDIO PAYLOAD: 0 fe 3 23 AUDIO PAYLOAD: fe 3 23 30 AUDIO PAYLOAD: 3 23 30 4 AUDIO PAYLOAD: 23 30 4 8 AUDIO PAYLOAD: 30 4 8 0 AUDIO PAYLOAD: 4 8 0 20 AUDIO PAYLOAD: 8 0 20 fc AUDIO PAYLOAD: 0 20 fc ee AUDIO PAYLOAD: 20 fc ee ee AUDIO PAYLOAD: fc ee ee 2 AUDIO PAYLOAD: ee ee 2 1a AUDIO PAYLOAD: ee 2 1a 1f AUDIO PAYLOAD: 2 1a 1f d0 AUDIO PAYLOAD: 1a 1f d0 cc AUDIO PAYLOAD: 1f d0 cc 11 AUDIO PAYLOAD: d0 cc 11 d0 AUDIO PAYLOAD: cc 11 d0 f AUDIO PAYLOAD: 11 d0 f 8e AUDIO PAYLOAD: d0 f 8e 0 AUDIO PAYLOAD: f 8e 0 80 AUDIO PAYLOAD: 8e 0 80 20 AUDIO PAYLOAD: 0 80 20 1 AUDIO PAYLOAD: 80 20 1 fe AUDIO PAYLOAD: 20 1 fe 40 AUDIO PAYLOAD: 1 fe 40 f0 AUDIO PAYLOAD: fe 40 f0 e AUDIO PAYLOAD: 40 f0 e 22 AUDIO PAYLOAD: f0 e 22 d3 AUDIO PAYLOAD: e 22 d3 2b AUDIO PAYLOAD: 22 d3 2b 27 AUDIO PAYLOAD: d3 2b 27 e0 AUDIO PAYLOAD: 2b 27 e0 30 AUDIO PAYLOAD: 27 e0 30 7 AUDIO PAYLOAD: e0 30 7 e AUDIO PAYLOAD: 30 7 e 0 AUDIO PAYLOAD: 7 e 0 e0 AUDIO PAYLOAD: e 0 e0 32 AUDIO PAYLOAD: 0 e0 32 3 AUDIO PAYLOAD: e0 32 3 20 AUDIO PAYLOAD: 32 3 20 d3 AUDIO PAYLOAD: 3 20 d3 54 AUDIO PAYLOAD: 20 d3 54 24 AUDIO PAYLOAD: d3 54 24 3 AUDIO PAYLOAD: 54 24 3 d2 AUDIO PAYLOAD: 24 3 d2 7f AUDIO PAYLOAD: 3 d2 7f 16 AUDIO PAYLOAD: d2 7f 16 0 AUDIO PAYLOAD: 7f 16 0 20 AUDIO PAYLOAD: 16 0 20 1f AUDIO PAYLOAD: 0 20 1f d2 AUDIO PAYLOAD: 20 1f d2 e AUDIO PAYLOAD: 1f d2 e 8b AUDIO PAYLOAD: d2 e 8b 0 AUDIO PAYLOAD: e 8b 0 fe AUDIO PAYLOAD: 8b 0 fe ff AUDIO PAYLOAD: 0 fe ff f0 AUDIO PAYLOAD: fe ff f0 ec AAC_PROBE: ret 4264 AAC SYNC AFTER 4264 bytes FAAD: error: Gain control not yet implemented, trying to resync! AAC_PROBE: 4608 bytes AUDIO PAYLOAD: f0 ec 50 ed AUDIO PAYLOAD: ec 50 ed 1b AUDIO PAYLOAD: 50 ed 1b f1 AUDIO PAYLOAD: ed 1b f1 c2 AUDIO PAYLOAD: 1b f1 c2 1f AUDIO PAYLOAD: f1 c2 1f 1 AUDIO PAYLOAD: c2 1f 1 11 AUDIO PAYLOAD: 1f 1 11 0 AUDIO PAYLOAD: 1 11 0 af AUDIO PAYLOAD: 11 0 af 8 AUDIO PAYLOAD: 0 af 8 32 AUDIO PAYLOAD: af 8 32 b AUDIO PAYLOAD: 8 32 b 71 AUDIO PAYLOAD: 32 b 71 f0 AUDIO PAYLOAD: b 71 f0 1 AUDIO PAYLOAD: 71 f0 1 11 AUDIO PAYLOAD: f0 1 11 dc AUDIO PAYLOAD: 1 11 dc 1 AUDIO PAYLOAD: 11 dc 1 11 AUDIO PAYLOAD: dc 1 11 10 AUDIO PAYLOAD: 1 11 10 fe AUDIO PAYLOAD: 11 10 fe 67 AUDIO PAYLOAD: 10 fe 67 0 AUDIO PAYLOAD: fe 67 0 0 AUDIO PAYLOAD: 67 0 0 21 AUDIO PAYLOAD: 0 0 21 f1 AUDIO PAYLOAD: 0 21 f1 30 AUDIO PAYLOAD: 21 f1 30 14 AUDIO PAYLOAD: f1 30 14 f0 AUDIO PAYLOAD: 30 14 f0 34 AUDIO PAYLOAD: 14 f0 34 61 AUDIO PAYLOAD: f0 34 61 e2 AUDIO PAYLOAD: 34 61 e2 10 AUDIO PAYLOAD: 61 e2 10 12 AUDIO PAYLOAD: e2 10 12 dd AUDIO PAYLOAD: 10 12 dd 34 AUDIO PAYLOAD: 12 dd 34 c0 AUDIO PAYLOAD: dd 34 c0 e AUDIO PAYLOAD: 34 c0 e 45 AUDIO PAYLOAD: c0 e 45 ef AUDIO PAYLOAD: e 45 ef 0 AUDIO PAYLOAD: 45 ef 0 f0 AUDIO PAYLOAD: ef 0 f0 f1 AUDIO PAYLOAD: 0 f0 f1 2f AUDIO PAYLOAD: f0 f1 2f a0 AUDIO PAYLOAD: f1 2f a0 1a AUDIO PAYLOAD: 2f a0 1a 3 AUDIO PAYLOAD: a0 1a 3 dd AUDIO PAYLOAD: 1a 3 dd 2d AUDIO PAYLOAD: 3 dd 2d d4 AUDIO PAYLOAD: dd 2d d4 b AUDIO PAYLOAD: 2d d4 b e0 AUDIO PAYLOAD: d4 b e0 c AUDIO PAYLOAD: b e0 c 3e AUDIO PAYLOAD: e0 c 3e ce AUDIO PAYLOAD: c 3e ce b0 AUDIO PAYLOAD: 3e ce b0 0 AUDIO PAYLOAD: ce b0 0 e2 AUDIO PAYLOAD: b0 0 e2 15 AUDIO PAYLOAD: 0 e2 15 ef AUDIO PAYLOAD: e2 15 ef d AUDIO PAYLOAD: 15 ef d 16 AUDIO PAYLOAD: ef d 16 e AUDIO PAYLOAD: d 16 e 0 AUDIO PAYLOAD: 16 e 0 34 AUDIO PAYLOAD: e 0 34 f2 AUDIO PAYLOAD: 0 34 f2 70 AUDIO PAYLOAD: 34 f2 70 21 AUDIO PAYLOAD: f2 70 21 fd AUDIO PAYLOAD: 70 21 fd f0 AUDIO PAYLOAD: 21 fd f0 46 AUDIO PAYLOAD: fd f0 46 b AUDIO PAYLOAD: f0 46 b 1 AUDIO PAYLOAD: 46 b 1 12 AUDIO PAYLOAD: b 1 12 30 AUDIO PAYLOAD: 1 12 30 d1 AUDIO PAYLOAD: 12 30 d1 1b AUDIO PAYLOAD: 30 d1 1b e7 AUDIO PAYLOAD: d1 1b e7 1 AUDIO PAYLOAD: 1b e7 1 21 AUDIO PAYLOAD: e7 1 21 6 AUDIO PAYLOAD: 1 21 6 fe AUDIO PAYLOAD: 21 6 fe 33 AUDIO PAYLOAD: 6 fe 33 12 AUDIO PAYLOAD: fe 33 12 4d AUDIO PAYLOAD: 33 12 4d 32 AUDIO PAYLOAD: 12 4d 32 bf AUDIO PAYLOAD: 4d 32 bf 50 AUDIO PAYLOAD: 32 bf 50 df AUDIO PAYLOAD: bf 50 df f8 AUDIO PAYLOAD: 50 df f8 0 AUDIO PAYLOAD: df f8 0 ef AUDIO PAYLOAD: f8 0 ef fd AUDIO PAYLOAD: 0 ef fd 0 AUDIO PAYLOAD: ef fd 0 0 AUDIO PAYLOAD: fd 0 0 1d AUDIO PAYLOAD: 0 0 1d e3 AUDIO PAYLOAD: 0 1d e3 da AUDIO PAYLOAD: 1d e3 da bf AUDIO PAYLOAD: e3 da bf 1 AUDIO PAYLOAD: da bf 1 d0 AUDIO PAYLOAD: bf 1 d0 0 AUDIO PAYLOAD: 1 d0 0 13 AUDIO PAYLOAD: d0 0 13 f1 AUDIO PAYLOAD: 0 13 f1 73 AUDIO PAYLOAD: 13 f1 73 e1 AUDIO PAYLOAD: f1 73 e1 3d AUDIO PAYLOAD: 73 e1 3d ef AUDIO PAYLOAD: e1 3d ef ff AUDIO PAYLOAD: 3d ef ff f0 AUDIO PAYLOAD: ef ff f0 12 AAC_PROBE: ret 111 AAC SYNC AFTER 111 bytes Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1209816864 (LWP 13456)] ic_prediction (ics=0xbff5d258, spec=0xbff5c210, state=0x0, frame_len=1024, sf_index=0 '\0') at libfaad2/ic_predict.c:92 92 r[0] = inv_quant_pred(state->r[0]); (gdb) bt #0 ic_prediction (ics=0xbff5d258, spec=0xbff5c210, state=0x0, frame_len=1024, sf_index=0 '\0') at libfaad2/ic_predict.c:92 #1 0x081c4599 in reconstruct_single_channel (hDecoder=0x89c4ec8, ics=0xbff5d258, sce=0xbff5d252, spec_data=0xbff623fc) at libfaad2/specrec.c:879 #2 0x081ca496 in decode_sce_lfe (hDecoder=0x89c4ec8, hInfo=0x8714620, ld=0xbff62c80, id_syn_ele=0 '\0') at libfaad2/syntax.c:597 #3 0x081cacc9 in raw_data_block (hDecoder=0x89c4ec8, hInfo=0x8714620, ld=0xbff62c80, pce=0x89c5539, drc=0x89c5818) at libfaad2/syntax.c:434 #4 0x081ab72a in aac_frame_decode (hDecoder=0x89c4ec8, hInfo=0x8714620, buffer=<value optimized out>, buffer_size=4497, sample_buffer2=0x0, sample_buffer_size=0) at libfaad2/decoder.c:872 #5 0x0818b423 in decode_audio (sh=0x89a7b80, buf=0x89a8eb0 "", minlen=65536, maxlen=114688) at libmpcodecs/ad_faad.c:235 #6 0x080daa75 in decode_audio (sh_audio=0x89a7b80, minlen=65536) at libmpcodecs/dec_audio.c:383 #7 0x080784ea in main (argc=3, argv=0xbff64034) at mplayer.c:2044 (gdb) disass $pc-32 $pc+32 Dump of assembler code from 0x81aff45 to 0x81aff85: 0x081aff45 <ic_prediction+549>: mov 0xffffff9c(%ebp),%edx 0x081aff48 <ic_prediction+552>: cmpb $0x0,0x27ed(%edx,%eax,1) 0x081aff50 <ic_prediction+560>: setne 0xffffffd3(%ebp) 0x081aff54 <ic_prediction+564>: mov 0xc(%ebp),%eax 0x081aff57 <ic_prediction+567>: mov 0x10(%ebp),%edx 0x081aff5a <ic_prediction+570>: lea (%eax,%edi,4),%esi 0x081aff5d <ic_prediction+573>: lea (%edi,%edi,2),%eax 0x081aff60 <ic_prediction+576>: flds (%esi) 0x081aff62 <ic_prediction+578>: lea (%edx,%eax,4),%ebx 0x081aff65 <ic_prediction+581>: movswl (%ebx),%eax 0x081aff68 <ic_prediction+584>: fstps 0xffffffb0(%ebp) 0x081aff6b <ic_prediction+587>: call 0x81afb80 <inv_quant_pred> 0x081aff70 <ic_prediction+592>: movswl 0x2(%ebx),%eax 0x081aff74 <ic_prediction+596>: fstps 0xffffffb8(%ebp) 0x081aff77 <ic_prediction+599>: call 0x81afb80 <inv_quant_pred> 0x081aff7c <ic_prediction+604>: movswl 0x4(%ebx),%eax 0x081aff80 <ic_prediction+608>: fstps 0xffffffb4(%ebp) 0x081aff83 <ic_prediction+611>: call 0x81afb80 <inv_quant_pred> End of assembler dump. (gdb) info all-registers eax 0x0 0 ecx 0xbff5d252 -1074408878 edx 0x0 0 ebx 0x0 0 esp 0xbff5c120 0xbff5c120 ebp 0xbff5c1a8 0xbff5c1a8 esi 0xbff5c210 -1074413040 edi 0x0 0 eip 0x81aff65 0x81aff65 <ic_prediction+581> eflags 0x10246 [ PF ZF IF RF ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 st0 -1.8923294931028067367151379585266113e-07 (raw 0xbfe8cb2ff50000000000) st1 0 (raw 0x00000000000000000000) st2 0 (raw 0x00000000000000000000) st3 0 (raw 0x00000000000000000000) st4 0 (raw 0x00000000000000000000) st5 0 (raw 0x00000000000000000000) ---Type <return> to continue, or q <return> to quit--- st6 0 (raw 0x00000000000000000000) st7 2.98023223876953125e-08 (raw 0x3fe68000000000000000) fctrl 0x37f 895 fstat 0x3820 14368 ftag 0x3fff 16383 fiseg 0x73 115 fioff 0x81aff60 135987040 foseg 0x7b 123 fooff 0xbff5c210 -1074413040 fop 0x106 262 xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, ---Type <return> to continue, or q <return> to quit--- 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000} mxcsr 0x1f80 [ IM DM ZM OM UM PM ] mm0 {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}} ---Type <return> to continue, or q <return> to quit--- mm1 {uint64 = 0xcb2ff50000000000, v2_int32 = {0x0, 0xcb2ff500}, v4_int16 = {0x0, 0x0, 0xf500, 0xcb2f}, v8_int8 = { 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5, 0x2f, 0xcb}} mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}} //This bug has been reported to Mplayer developers and been mentioned that the problems is in libfaad2. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100704&aid=2020278&group_id=704 |
From: <bug...@bu...> - 2008-07-17 05:41:40
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1134 nic...@gm... changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|InvalidRead |Mplayer Crashed: Invalid | |Read ------- Comment #3 from nic...@gm... 2008-07-17 07:40 CEST ------- *Summary has been added* ----------------------------- |Mplayer Crashed: Invalid Read| ----------------------------- -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-07-17 02:55:23
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1209 Summary: Error in Video Decoding: Mplayer Crashed: Invalid Write and Invalid Read Product: MPlayer Version: HEAD Platform: PC (x86) URL: http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: vd AssignedTo: r_...@ti... ReportedBy: sc...@ee... CC: cat...@li... The following report is for the SUPERB-TRUST 2008, the cyber security project. #Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) valgrind report the Invalid Read. #The test case is "72-innovation.mp4" can be found at the URL *http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4 #Reproducible with the following command *valgrind mplayer Can also be run as: *valgrind --log-file=log31 mplayer 72-innovation.mp4 #OS: Debian Etch Linux #Valgrind output: ==24434== Memcheck, a memory error detector. ==24434== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==24434== Using LibVEX rev 1854, a library for dynamic binary translation. ==24434== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==24434== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==24434== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==24434== For more details, rerun with: -v ==24434== ==24434== My PID = 24434, parent PID = 23665. Prog and args are: ==24434== mplayer ==24434== 72-innovation.mp4 ==24434== ==24434== Warning: set address range perms: large range 268435464 (undefined) ==24434== Invalid read of size 1 ==24434== Stack hash: 1392381560 ==24434== at 0x8434F24: fill_caches (h264.c:221) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 1803710756 ==24434== at 0x8434F40: fill_caches (h264.c:222) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 3106009430 ==24434== at 0x8434F5A: fill_caches (h264.c:223) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid write of size 4 ==24434== Stack hash: 34571318 ==24434== at 0x843E4B4: decode_mb_skip (h264.c:4492) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 4089718473 ==24434== at 0x843E4C3: decode_mb_skip (h264.c:4493) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a38236 is 0 bytes after a block of size 6 alloc'd ==24434== Stack hash: 1195100994 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341DD3: alloc_picture (mpegvideo.c:211) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 3849898332 ==24434== at 0x843E4D2: decode_mb_skip (h264.c:4494) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 3455090548 ==24434== at 0x844B620: hl_decode_mb (h264.c:2732) ==24434== by 0x84550CE: decode_slice (h264.c:6868) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 2235960050 ==24434== at 0x8448E1E: hl_motion (h264.c:1875) ==24434== by 0x844C138: hl_decode_mb (h264.c:2608) ==24434== by 0x84550CE: decode_slice (h264.c:6868) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid write of size 4 ==24434== Stack hash: 3080996705 ==24434== at 0x843E13B: decode_mb_skip (h264.c:4465) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x456f580 is 0 bytes after a block of size 128 alloc'd ==24434== Stack hash: 4143647095 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843A9F4: alloc_tables (h264.c:2102) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid write of size 4 ==24434== Stack hash: 408088271 ==24434== at 0x843E141: decode_mb_skip (h264.c:4465) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x456f584 is 4 bytes after a block of size 128 alloc'd ==24434== Stack hash: 4143647095 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843A9F4: alloc_tables (h264.c:2102) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid write of size 4 ==24434== Stack hash: 3732146042 ==24434== at 0x843E148: decode_mb_skip (h264.c:4465) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x456f588 is 8 bytes after a block of size 128 alloc'd ==24434== Stack hash: 4143647095 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843A9F4: alloc_tables (h264.c:2102) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid write of size 4 ==24434== Stack hash: 2761236517 ==24434== at 0x843E14F: decode_mb_skip (h264.c:4465) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x456f58c is 12 bytes after a block of size 128 alloc'd ==24434== Stack hash: 4143647095 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843A9F4: alloc_tables (h264.c:2102) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 3242631602 ==24434== at 0x8434EE6: fill_caches (h264.c:219) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 1872021842 ==24434== at 0x8434F06: fill_caches (h264.c:220) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 946237960 ==24434== at 0x84359F4: fill_caches (h264.c:220) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 454968717 ==24434== at 0x84359DD: fill_caches (h264.c:221) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4571800 is 4 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 774728905 ==24434== at 0x84359C9: fill_caches (h264.c:222) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4571800 is 4 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 283459662 ==24434== at 0x84359B2: fill_caches (h264.c:223) ==24434== by 0x843E190: decode_mb_skip (h264.c:4485) ==24434== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== Address 0x4571800 is 4 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 3162096898 ==24434== at 0x8450541: decode_mb_cavlc (h264.c:4572) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35b1f is 5 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 51897805 ==24434== at 0x8434EE6: fill_caches (h264.c:219) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35b1c is 2 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 85394487 ==24434== at 0x8435998: fill_caches (h264.c:219) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45729f0 is 4 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 2976255341 ==24434== at 0x8434F06: fill_caches (h264.c:220) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35b1d is 3 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 2050471459 ==24434== at 0x84359F4: fill_caches (h264.c:220) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45729f4 is 8 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 2496615059 ==24434== at 0x8434F24: fill_caches (h264.c:221) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 1559202216 ==24434== at 0x84359DD: fill_caches (h264.c:221) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 2907944255 ==24434== at 0x8434F40: fill_caches (h264.c:222) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 1878962404 ==24434== at 0x84359C9: fill_caches (h264.c:222) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid read of size 1 ==24434== Stack hash: 4210242929 ==24434== at 0x8434F5A: fill_caches (h264.c:223) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd ==24434== Stack hash: 4192036247 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x843AA14: alloc_tables (h264.c:2103) ==24434== by 0x844E17F: decode_slice_header (h264.c:3969) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== ==24434== Invalid read of size 4 ==24434== Stack hash: 1387693161 ==24434== at 0x84359B2: fill_caches (h264.c:223) ==24434== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd ==24434== Stack hash: 2899467712 ==24434== at 0x401C882: memalign (vg_replace_malloc.c:460) ==24434== by 0x85490B4: av_malloc (mem.c:61) ==24434== by 0x8549136: av_mallocz (mem.c:134) ==24434== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==24434== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==24434== by 0x843ACA8: frame_start (h264.c:2227) ==24434== by 0x844DD67: decode_slice_header (h264.c:4058) ==24434== by 0x84574CC: decode_nal_units (h264.c:7573) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 525688319 ==24434== at 0x8452B26: decode_mb_cavlc (h264.c:555) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35ab0 is not stack'd, malloc'd or (recently) free'd ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 3583291791 ==24434== at 0x8452B36: decode_mb_cavlc (h264.c:556) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35ab1 is not stack'd, malloc'd or (recently) free'd ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 1463286360 ==24434== at 0x8452B47: decode_mb_cavlc (h264.c:557) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35ab2 is not stack'd, malloc'd or (recently) free'd ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 3638248225 ==24434== at 0x8452B58: decode_mb_cavlc (h264.c:558) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35ab3 is not stack'd, malloc'd or (recently) free'd ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 1518242794 ==24434== at 0x8452B69: decode_mb_cavlc (h264.c:559) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35ab4 is not stack'd, malloc'd or (recently) free'd ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 3693204659 ==24434== at 0x8452B7A: decode_mb_cavlc (h264.c:560) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35ab5 is not stack'd, malloc'd or (recently) free'd ==24434== ==24434== Invalid write of size 1 ==24434== Stack hash: 1573199228 ==24434== at 0x8452B8B: decode_mb_cavlc (h264.c:561) ==24434== by 0x84550BF: decode_slice (h264.c:6866) ==24434== by 0x845551B: execute_decode_slices (h264.c:7455) ==24434== by 0x8457C31: decode_nal_units (h264.c:7641) ==24434== by 0x8458834: decode_frame (h264.c:7772) ==24434== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==24434== by 0x826355C: av_find_stream_info (utils.c:1820) ==24434== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==24434== by 0x811E11F: demux_open_stream (demuxer.c:811) ==24434== by 0x811E511: demux_open (demuxer.c:991) ==24434== by 0x80779AE: main (mplayer.c:3238) ==24434== Address 0x4a35ab6 is not stack'd, malloc'd or (recently) free'd ==24434== Warning: set address range perms: large range 268435496 (noaccess) ==24434== ==24434== ERROR SUMMARY: 85 errors from 36 contexts (suppressed: 19 from 1) ==24434== malloc/free: in use at exit: 73,692 bytes in 47 blocks. ==24434== malloc/free: 2,574 allocs, 2,527 frees, 287,835,648 bytes allocated. ==24434== For counts of detected errors, rerun with: -v ==24434== searching for pointers to 47 not-freed blocks. ==24434== checked 2,936,764 bytes. ==24434== ==24434== LEAK SUMMARY: ==24434== definitely lost: 30 bytes in 3 blocks. ==24434== possibly lost: 0 bytes in 0 blocks. ==24434== still reachable: 73,662 bytes in 44 blocks. ==24434== suppressed: 0 bytes in 0 blocks. ==24434== Rerun with --leak-check=full to see details of leaked memory. *This report to inform the error found in Mplayer where it crashes in running test case: 72-innovation.mp4 with Stack hash: 1392381560 and error back-trace at: fill_caches (h264.c:221). ***Mplayer Crashed Info*** The debugged info of crash can be seen at URL: <http://www.eecs.berkeley.edu/~sckhan/crash6> #The bug is found in making comparison of the fuzzing tools and is a part of the metafuzz project. *URL at: metafuzz.com -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-07-17 01:13:53
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1208 Summary: Error in Video Decoding: Invalid Write and Invalid Read Product: MPlayer Version: HEAD Platform: PC (x86) URL: http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: vd AssignedTo: r_...@ti... ReportedBy: sc...@ee... CC: cat...@li... The following report is for the SUPERB-TRUST 2008, the cyber security project. #Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) valgrind report the Invalid Read. #The test case is "72-innovation.mp4" can be found at the URL *http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4 #Reproducible with the following command *valgrind mplayer Can also be run as: *valgrind --log-file=log29 mplayer 72-innovation.mp4 #OS: Debian Etch Linux #Valgrind output: ==21324== Memcheck, a memory error detector. ==21324== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==21324== Using LibVEX rev 1854, a library for dynamic binary translation. ==21324== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==21324== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==21324== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==21324== For more details, rerun with: -v ==21324== ==21324== My PID = 21324, parent PID = 3261. Prog and args are: ==21324== mplayer ==21324== 72-innovation.mp4 ==21324== ==21324== Warning: set address range perms: large range 268435464 (undefined) ==21324== Invalid read of size 1 ==21324== Stack hash: 1392381560 ==21324== at 0x8434F24: fill_caches (h264.c:221) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 1803710756 ==21324== at 0x8434F40: fill_caches (h264.c:222) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 3106009430 ==21324== at 0x8434F5A: fill_caches (h264.c:223) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid write of size 4 ==21324== Stack hash: 34571318 ==21324== at 0x843E4B4: decode_mb_skip (h264.c:4492) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 4089718473 ==21324== at 0x843E4C3: decode_mb_skip (h264.c:4493) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a38236 is 0 bytes after a block of size 6 alloc'd ==21324== Stack hash: 1195100994 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341DD3: alloc_picture (mpegvideo.c:211) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 3849898332 ==21324== at 0x843E4D2: decode_mb_skip (h264.c:4494) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 3455090548 ==21324== at 0x844B620: hl_decode_mb (h264.c:2732) ==21324== by 0x84550CE: decode_slice (h264.c:6868) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 2235960050 ==21324== at 0x8448E1E: hl_motion (h264.c:1875) ==21324== by 0x844C138: hl_decode_mb (h264.c:2608) ==21324== by 0x84550CE: decode_slice (h264.c:6868) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid write of size 4 ==21324== Stack hash: 3080996705 ==21324== at 0x843E13B: decode_mb_skip (h264.c:4465) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x456f580 is 0 bytes after a block of size 128 alloc'd ==21324== Stack hash: 4143647095 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843A9F4: alloc_tables (h264.c:2102) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid write of size 4 ==21324== Stack hash: 408088271 ==21324== at 0x843E141: decode_mb_skip (h264.c:4465) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x456f584 is 4 bytes after a block of size 128 alloc'd ==21324== Stack hash: 4143647095 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843A9F4: alloc_tables (h264.c:2102) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid write of size 4 ==21324== Stack hash: 3732146042 ==21324== at 0x843E148: decode_mb_skip (h264.c:4465) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x456f588 is 8 bytes after a block of size 128 alloc'd ==21324== Stack hash: 4143647095 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843A9F4: alloc_tables (h264.c:2102) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid write of size 4 ==21324== Stack hash: 2761236517 ==21324== at 0x843E14F: decode_mb_skip (h264.c:4465) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x456f58c is 12 bytes after a block of size 128 alloc'd ==21324== Stack hash: 4143647095 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843A9F4: alloc_tables (h264.c:2102) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 3242631602 ==21324== at 0x8434EE6: fill_caches (h264.c:219) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 1872021842 ==21324== at 0x8434F06: fill_caches (h264.c:220) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 946237960 ==21324== at 0x84359F4: fill_caches (h264.c:220) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x45717fc is 0 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 454968717 ==21324== at 0x84359DD: fill_caches (h264.c:221) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4571800 is 4 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 774728905 ==21324== at 0x84359C9: fill_caches (h264.c:222) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4571800 is 4 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 283459662 ==21324== at 0x84359B2: fill_caches (h264.c:223) ==21324== by 0x843E190: decode_mb_skip (h264.c:4485) ==21324== by 0x8450411: decode_mb_cavlc (h264.c:4527) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== Address 0x4571800 is 4 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 3162096898 ==21324== at 0x8450541: decode_mb_cavlc (h264.c:4572) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35b1f is 5 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 51897805 ==21324== at 0x8434EE6: fill_caches (h264.c:219) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35b1c is 2 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 85394487 ==21324== at 0x8435998: fill_caches (h264.c:219) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45729f0 is 4 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 2976255341 ==21324== at 0x8434F06: fill_caches (h264.c:220) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35b1d is 3 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 2050471459 ==21324== at 0x84359F4: fill_caches (h264.c:220) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45729f4 is 8 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 2496615059 ==21324== at 0x8434F24: fill_caches (h264.c:221) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 1559202216 ==21324== at 0x84359DD: fill_caches (h264.c:221) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 2907944255 ==21324== at 0x8434F40: fill_caches (h264.c:222) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 1878962404 ==21324== at 0x84359C9: fill_caches (h264.c:222) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid read of size 1 ==21324== Stack hash: 4210242929 ==21324== at 0x8434F5A: fill_caches (h264.c:223) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd ==21324== Stack hash: 4192036247 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x843AA14: alloc_tables (h264.c:2103) ==21324== by 0x844E17F: decode_slice_header (h264.c:3969) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== ==21324== Invalid read of size 4 ==21324== Stack hash: 1387693161 ==21324== at 0x84359B2: fill_caches (h264.c:223) ==21324== by 0x8450826: decode_mb_cavlc (h264.c:4619) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd ==21324== Stack hash: 2899467712 ==21324== at 0x401C882: memalign (vg_replace_malloc.c:460) ==21324== by 0x85490B4: av_malloc (mem.c:61) ==21324== by 0x8549136: av_mallocz (mem.c:134) ==21324== by 0x8341E11: alloc_picture (mpegvideo.c:212) ==21324== by 0x83422B0: MPV_frame_start (mpegvideo.c:868) ==21324== by 0x843ACA8: frame_start (h264.c:2227) ==21324== by 0x844DD67: decode_slice_header (h264.c:4058) ==21324== by 0x84574CC: decode_nal_units (h264.c:7573) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 525688319 ==21324== at 0x8452B26: decode_mb_cavlc (h264.c:555) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35ab0 is not stack'd, malloc'd or (recently) free'd ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 3583291791 ==21324== at 0x8452B36: decode_mb_cavlc (h264.c:556) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35ab1 is not stack'd, malloc'd or (recently) free'd ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 1463286360 ==21324== at 0x8452B47: decode_mb_cavlc (h264.c:557) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35ab2 is not stack'd, malloc'd or (recently) free'd ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 3638248225 ==21324== at 0x8452B58: decode_mb_cavlc (h264.c:558) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35ab3 is not stack'd, malloc'd or (recently) free'd ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 1518242794 ==21324== at 0x8452B69: decode_mb_cavlc (h264.c:559) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35ab4 is not stack'd, malloc'd or (recently) free'd ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 3693204659 ==21324== at 0x8452B7A: decode_mb_cavlc (h264.c:560) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35ab5 is not stack'd, malloc'd or (recently) free'd ==21324== ==21324== Invalid write of size 1 ==21324== Stack hash: 1573199228 ==21324== at 0x8452B8B: decode_mb_cavlc (h264.c:561) ==21324== by 0x84550BF: decode_slice (h264.c:6866) ==21324== by 0x845551B: execute_decode_slices (h264.c:7455) ==21324== by 0x8457C31: decode_nal_units (h264.c:7641) ==21324== by 0x8458834: decode_frame (h264.c:7772) ==21324== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==21324== by 0x826355C: av_find_stream_info (utils.c:1820) ==21324== by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466) ==21324== by 0x811E11F: demux_open_stream (demuxer.c:811) ==21324== by 0x811E511: demux_open (demuxer.c:991) ==21324== by 0x80779AE: main (mplayer.c:3238) ==21324== Address 0x4a35ab6 is not stack'd, malloc'd or (recently) free'd ==21324== Warning: set address range perms: large range 268435496 (noaccess) ==21324== ==21324== ERROR SUMMARY: 85 errors from 36 contexts (suppressed: 19 from 1) ==21324== malloc/free: in use at exit: 73,692 bytes in 47 blocks. ==21324== malloc/free: 2,574 allocs, 2,527 frees, 287,835,670 bytes allocated. ==21324== For counts of detected errors, rerun with: -v ==21324== searching for pointers to 47 not-freed blocks. ==21324== checked 2,936,740 bytes. ==21324== ==21324== LEAK SUMMARY: ==21324== definitely lost: 30 bytes in 3 blocks. ==21324== possibly lost: 0 bytes in 0 blocks. ==21324== still reachable: 73,662 bytes in 44 blocks. ==21324== suppressed: 0 bytes in 0 blocks. ==21324== Rerun with --leak-check=full to see details of leaked memory. *This report to inform the error found in Mplayer using the test case: 72-innovation.mp4 with Stack hash: 1573199228 and back-trace at: decode_mb_cavlc (h264.c:561). The Error is Invalid Write and Invalid Read of different sizes. #The bug is found in making comparison of the fuzzing tools and is a part of the metafuzz project. *URL at: metafuzz.com -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-07-17 00:53:11
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1207 Summary: Error in Video Decoding: Conditional jump or move depends on uninitialised value(s) Product: MPlayer Version: HEAD Platform: PC (x86) URL: http://www.eecs.berkeley.edu/~sckhan/innovation.mp4 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: vd AssignedTo: r_...@ti... ReportedBy: sc...@ee... CC: cat...@li... The following report is for the SUPERB-TRUST 2008, the cyber security project. #Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) valgrind report the Invalid Read. #The test case is "innovation.mp4" can be found at the URL *http://www.eecs.berkeley.edu/~sckhan/innovation.mp4 #Reproducible with the following command *valgrind mplayer Can also be run as: *valgrind --log-file=log28 mplayer innovation.mp4 #OS: Debian Etch Linux #Valgrind output: ==15631== Memcheck, a memory error detector. ==15631== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==15631== Using LibVEX rev 1854, a library for dynamic binary translation. ==15631== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==15631== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==15631== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==15631== For more details, rerun with: -v ==15631== ==15631== My PID = 15631, parent PID = 2865. Prog and args are: ==15631== mplayer ==15631== innovation.mp4 ==15631== ==15631== Conditional jump or move depends on uninitialised value(s) ==15631== Stack hash: 1277775230 ==15631== at 0x84534A3: decode_mb_cavlc (golomb.h:145) ==15631== by 0x84550BF: decode_slice (h264.c:6866) ==15631== by 0x845551B: execute_decode_slices (h264.c:7455) ==15631== by 0x8457C31: decode_nal_units (h264.c:7641) ==15631== by 0x8458834: decode_frame (h264.c:7772) ==15631== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==15631== by 0x8199049: decode (vd_ffmpeg.c:781) ==15631== by 0x80DB6CA: decode_video (dec_video.c:369) ==15631== by 0x80786B6: main (mplayer.c:1761) ==15631== ==15631== Conditional jump or move depends on uninitialised value(s) ==15631== Stack hash: 1358373215 ==15631== at 0x84515A4: decode_mb_cavlc (golomb.h:60) ==15631== by 0x84550BF: decode_slice (h264.c:6866) ==15631== by 0x845551B: execute_decode_slices (h264.c:7455) ==15631== by 0x8457C31: decode_nal_units (h264.c:7641) ==15631== by 0x8458834: decode_frame (h264.c:7772) ==15631== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==15631== by 0x8199049: decode (vd_ffmpeg.c:781) ==15631== by 0x80DB6CA: decode_video (dec_video.c:369) ==15631== by 0x80786B6: main (mplayer.c:1761) ==15631== ==15631== Conditional jump or move depends on uninitialised value(s) ==15631== Stack hash: 1482017514 ==15631== at 0x8450B8F: decode_mb_cavlc (golomb.h:60) ==15631== by 0x84550BF: decode_slice (h264.c:6866) ==15631== by 0x845551B: execute_decode_slices (h264.c:7455) ==15631== by 0x8457C31: decode_nal_units (h264.c:7641) ==15631== by 0x8458834: decode_frame (h264.c:7772) ==15631== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==15631== by 0x8199049: decode (vd_ffmpeg.c:781) ==15631== by 0x80DB6CA: decode_video (dec_video.c:369) ==15631== by 0x80786B6: main (mplayer.c:1761) ==15631== ==15631== Conditional jump or move depends on uninitialised value(s) ==15631== Stack hash: 911728638 ==15631== at 0x843C4AF: decode_residual (common.h:126) ==15631== by 0x84529D8: decode_mb_cavlc (h264.c:4947) ==15631== by 0x84550BF: decode_slice (h264.c:6866) ==15631== by 0x845551B: execute_decode_slices (h264.c:7455) ==15631== by 0x8457C31: decode_nal_units (h264.c:7641) ==15631== by 0x8458834: decode_frame (h264.c:7772) ==15631== by 0x82ECCEF: avcodec_decode_video (utils.c:897) ==15631== by 0x8199049: decode (vd_ffmpeg.c:781) ==15631== by 0x80DB6CA: decode_video (dec_video.c:369) ==15631== by 0x80786B6: main (mplayer.c:1761) ==15631== ==15631== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 19 from 1) ==15631== malloc/free: in use at exit: 73,692 bytes in 47 blocks. ==15631== malloc/free: 40,929 allocs, 40,882 frees, 19,431,243 bytes allocated. ==15631== For counts of detected errors, rerun with: -v ==15631== searching for pointers to 47 not-freed blocks. ==15631== checked 2,940,320 bytes. ==15631== ==15631== LEAK SUMMARY: ==15631== definitely lost: 30 bytes in 3 blocks. ==15631== possibly lost: 0 bytes in 0 blocks. ==15631== still reachable: 73,662 bytes in 44 blocks. ==15631== suppressed: 0 bytes in 0 blocks. ==15631== Rerun with --leak-check=full to see details of leaked memory. *This report to inform the error found in Mplayer using the test case: innovation.mp4 with Stack hash: 911728638 and back-trace at: decode_residual (common.h:126). #The bug is found in making comparison of the fuzzing tools and is a part of the metafuzz project. *URL at: metafuzz.com -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |
From: <bug...@bu...> - 2008-07-17 00:24:13
|
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1152 ------- Comment #4 from zl...@gm... 2008-07-17 02:22 CEST ------- I have redirected the bug to FFmpeg, issue #538: https://roundup.mplayerhq.hu/roundup/ffmpeg/issue538. Thank you. -- Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. |