catchconv-bugreports Mailing List for catchconv

Status: Pre-Alpha

Brought to you by: daw617, hardcorebit, saseshia

catchconv-bugreports — List for cc:'ing on bugreports

You can subscribe to this list here.

2008	_Jan	_Feb	_Mar	_Apr	_May	_Jun (15)	_Jul (196)	_Aug (8)	_Sep (2)	_Oct (3)	_Nov	_Dec
2009	_Jan	_Feb	_Mar	_Apr	_May	_Jun	_Jul	_Aug	_Sep (1)	_Oct	_Nov (1)	_Dec

Flat | Threaded

1 2 3 .. 9 > >> (Page 1 of 9)

[Catchconv-bugreports] [Bug 1239] [Crash]For this .mp4 file, valgrind reports Leak_DefinitelyLost, SyscallParam, UninitValue, UninitCondition and Mplayer crashes.

From: <bug...@bu...> - 2009-11-10 23:10:28

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1239


pat...@gm... changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Comment #1 from pat...@gm...  2009-11-10 23:53 CEST -------
demux_mov is depreciated
svn uses demux_lavf for mov now


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1204] Demuxer: Invalid Write

From: <bug...@bu...> - 2009-09-23 01:09:50

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1204


pat...@gm... changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Comment #2 from pat...@gm...  2009-09-23 02:53 CEST -------
demux_mov is no longer default mov demuxer.

closing demux_mov bugs...

file works with demuxer lavf (now default)
sample url is 404 , can be found at 
http://samples.mplayerhq.hu/mov/mp4/mp3audioproblem.mp4


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1147] Mplayer crashes on MP4 file and Valgrind reports invalid write of size 1 and uninitialized values

From: <bug...@bu...> - 2008-10-01 17:08:25

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1147


pat...@gm... changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Comment #4 from pat...@gm...  2008-10-01 19:07 CEST -------
.


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1147] Mplayer crashes on MP4 file and Valgrind reports invalid write of size 1 and uninitialized values

From: <bug...@bu...> - 2008-10-01 17:08:01

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1147





------- Comment #3 from pat...@gm...  2008-10-01 19:07 CEST -------
demuxer_mov is depreciated and no longer default
please test with latest svn and generate new report.


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1153] Invalid write at demux_mov.c:174 followed by crash

From: <bug...@bu...> - 2008-10-01 16:45:07

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1153


pat...@gm... changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Comment #2 from pat...@gm...  2008-10-01 18:23 CEST -------
demux_mov is being depreciated, and is no longer the default mov demuxer
please try with svn and make new report if so.


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1281] New: For this .mp3 file, valgrind reports SyscallParam, UninitValue, UninitCondition.

From: <bug...@bu...> - 2008-09-15 13:21:02

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1281

           Summary: For this .mp3 file, valgrind reports SyscallParam,
                    UninitValue, UninitCondition.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/664852-199-311034112-
                    result256.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see http://www.metafuzz.com

For this .mp3 file, valgrind reports SyscallParam, UninitValue,
UninitCondition.

System Info: 
MPlayer dev-SVN-r27614-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood; Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
Playing 199-song0004.mp3.
##############################################################
to reproduce:
wget http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz
tar xzf 664852-199-311034112-result256.tgz
valgrind mplayer 199-song0004.mp3
::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::
==18860== Memcheck, a memory error detector.
==18860== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==18860== Using LibVEX rev 1715, a library for dynamic binary translation.
==18860== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==18860== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==18860== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==18860== For more details, rerun with: -v
==18860== 
==18860== My PID = 18860, parent PID = 18859.  Prog and args are:
==18860==    mplayer
==18860==    199-song0004.mp3
==18860== 
==18860== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s)
==18860== Stack hash: 2542116815
==18860==    at 0x4000792: (within /lib/ld-2.3.6.so)
==18860==  Address 0xBEA07878 is on thread 1's stack
==18860== 
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 2849271825
==18860==    at 0x8478A26: huffman_decode (mpegaudiodec.c:1518)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 4003457328
==18860==    at 0x8478A79: huffman_decode (mpegaudiodec.c:1528)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 739213402
==18860==    at 0x8478E1B: huffman_decode (mpegaudiodec.c:230)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 3009911293
==18860==    at 0x8478E22: huffman_decode (mpegaudiodec.c:231)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Conditional jump or move depends on uninitialised value(s)
==18860== Stack hash: 258914135
==18860==    at 0x8478E34: huffman_decode (mpegaudiodec.c:234)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 233798725
==18860==    at 0x8478DCA: huffman_decode (mpegaudiodec.c:230)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 2504496616
==18860==    at 0x8478DD1: huffman_decode (mpegaudiodec.c:231)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Conditional jump or move depends on uninitialised value(s)
==18860== Stack hash: 2426539689
==18860==    at 0x8478DDE: huffman_decode (mpegaudiodec.c:234)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Use of uninitialised value of size 4
==18860== Stack hash: 1662138821
==18860==    at 0x8478D4A: huffman_decode (mpegaudiodec.c:1541)
==18860==    by 0x847978D: mp_decode_layer3 (mpegaudiodec.c:2179)
==18860==    by 0x847B1C1: mp_decode_frame (mpegaudiodec.c:2223)
==18860==    by 0x847D128: decode_frame (mpegaudiodec.c:2307)
==18860==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18860==    by 0x82649E5: av_find_stream_info (utils.c:1892)
==18860==    by 0x81C4B46: demux_open_lavf (demux_lavf.c:475)
==18860==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18860==    by 0x811E154: demux_open (demuxer.c:998)
==18860==    by 0x8079B7C: main (mplayer.c:3237)
==18860== 
==18860== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s)
==18860== Stack hash: 3997929021
==18860==    at 0x4000792: (within /lib/ld-2.3.6.so)
==18860==  Address 0xBEA07898 is on thread 1's stack
==18860== 
==18860== ERROR SUMMARY: 424 errors from 11 contexts (suppressed: 21 from 1)
==18860== malloc/free: in use at exit: 41,286 bytes in 15 blocks.
==18860== malloc/free: 6,731 allocs, 6,716 frees, 4,267,463 bytes allocated.
==18860== For counts of detected errors, rerun with: -v
==18860== searching for pointers to 15 not-freed blocks.
==18860== checked 3,258,620 bytes.
==18860== 
==18860== LEAK SUMMARY:
==18860==    definitely lost: 0 bytes in 0 blocks.
==18860==      possibly lost: 0 bytes in 0 blocks.
==18860==    still reachable: 41,286 bytes in 15 blocks.
==18860==         suppressed: 0 bytes in 0 blocks.
==18860== Reachable blocks (those to which a pointer was found) are not shown.
==18860== To see them, rerun with: --leak-check=full --show-reachable=yes


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1280] New: For this .mpg file, valgrind reports Overlap, Leak_DefinitelyLost, SyscallParam, Leak_PossiblyLost, InvalidRead, UninitCondition.

From: <bug...@bu...> - 2008-09-15 13:18:10

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1280

           Summary: For this .mpg file, valgrind reports Overlap,
                    Leak_DefinitelyLost, SyscallParam, Leak_PossiblyLost,
                    InvalidRead, UninitCondition.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/422552-2608-
                    1493372757-UninitCondition.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see http://www.metafuzz.com

For this .mpg file, valgrind reports Overlap, Leak_DefinitelyLost,
SyscallParam, Leak_PossiblyLost, InvalidRead, UninitCondition.

System Info: 
MPlayer dev-SVN-r27614-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood; Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
Playing 2608-charmaineraymond.mpg.
##############################################################
to reproduce:
wget
http://www.metafuzz.com/testcases/422552-2608-1493372757-UninitCondition.tgz
tar xzf 422552-2608-1493372757-UninitCondition.tgz
valgrind mplayer 2608-charmaineraymond.mpg
::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::
==18756== Memcheck, a memory error detector.
==18756== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==18756== Using LibVEX rev 1715, a library for dynamic binary translation.
==18756== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==18756== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==18756== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==18756== For more details, rerun with: -v
==18756== 
==18756== My PID = 18756, parent PID = 18755.  Prog and args are:
==18756==    mplayer
==18756==    2608-charmaineraymond.mpg
==18756== 
==18756== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s)
==18756== Stack hash: 2542116815
==18756==    at 0x4000792: (within /lib/ld-2.3.6.so)
==18756==  Address 0xBEC60868 is on thread 1's stack
==18756== 
==18756== Source and destination overlap in memcpy(0xBEC606E7, 0xBEC606E7, 173)
==18756== Stack hash: 2085754019
==18756==    at 0x401EFF6: memcpy (mc_replace_strmem.c:116)
==18756==    by 0x815F9D1: ts_parse (demux_ts.c:3074)
==18756==    by 0x815FE38: demux_open_ts (demux_ts.c:664)
==18756==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18756==    by 0x811E154: demux_open (demuxer.c:998)
==18756==    by 0x8079B7C: main (mplayer.c:3237)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 3867733782
==18756==    at 0x8159D11: ts_add_stream (demux_ts.c:319)
==18756==    by 0x816050D: demux_open_ts (demux_ts.c:1039)
==18756==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18756==    by 0x811E154: demux_open (demuxer.c:998)
==18756==    by 0x8079B7C: main (mplayer.c:3237)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 3882727070
==18756==    at 0x8159D19: ts_add_stream (demux_ts.c:319)
==18756==    by 0x816050D: demux_open_ts (demux_ts.c:1039)
==18756==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18756==    by 0x811E154: demux_open (demuxer.c:998)
==18756==    by 0x8079B7C: main (mplayer.c:3237)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 3897720358
==18756==    at 0x8159D21: ts_add_stream (demux_ts.c:319)
==18756==    by 0x816050D: demux_open_ts (demux_ts.c:1039)
==18756==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18756==    by 0x811E154: demux_open (demuxer.c:998)
==18756==    by 0x8079B7C: main (mplayer.c:3237)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 3912713646
==18756==    at 0x8159D29: ts_add_stream (demux_ts.c:319)
==18756==    by 0x816050D: demux_open_ts (demux_ts.c:1039)
==18756==    by 0x811DE9C: demux_open_stream (demuxer.c:871)
==18756==    by 0x811E154: demux_open (demuxer.c:998)
==18756==    by 0x8079B7C: main (mplayer.c:3237)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 2859491456
==18756==    at 0x8159D11: ts_add_stream (demux_ts.c:319)
==18756==    by 0x815F42E: ts_parse (demux_ts.c:2812)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756==    by 0x807A2EE: main (mplayer.c:3582)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 3590580840
==18756==    at 0x8159D19: ts_add_stream (demux_ts.c:319)
==18756==    by 0x815F42E: ts_parse (demux_ts.c:2812)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756==    by 0x807A2EE: main (mplayer.c:3582)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 26702928
==18756==    at 0x8159D21: ts_add_stream (demux_ts.c:319)
==18756==    by 0x815F42E: ts_parse (demux_ts.c:2812)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756==    by 0x807A2EE: main (mplayer.c:3582)
==18756== 
==18756== Conditional jump or move depends on uninitialised value(s)
==18756== Stack hash: 757792312
==18756==    at 0x8159D29: ts_add_stream (demux_ts.c:319)
==18756==    by 0x815F42E: ts_parse (demux_ts.c:2812)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756==    by 0x807A2EE: main (mplayer.c:3582)
==18756== 
==18756== Invalid read of size 4
==18756== Stack hash: 252964889
==18756==    at 0x847D079: decode_frame (mpegaudiodec.c:2281)
==18756==    by 0x82EC20A: avcodec_decode_audio2 (utils.c:941)
==18756==    by 0x81BA528: decode_audio (ad_ffmpeg.c:161)
==18756==    by 0x81BA863: init (ad_ffmpeg.c:109)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756==    by 0x807A2EE: main (mplayer.c:3582)
==18756==  Address 0x43AC0D7 is 175 bytes inside a block of size 178 alloc'd
==18756== Stack hash: 1248407724
==18756==    at 0x401D57B: realloc (vg_replace_malloc.c:306)
==18756==    by 0x815B9ED: fill_packet (demuxer.h:259)
==18756==    by 0x815F0B9: ts_parse (demux_ts.c:2886)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5D5A: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756== 
==18756== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s)
==18756== Stack hash: 3997929021
==18756==    at 0x4000792: (within /lib/ld-2.3.6.so)
==18756==  Address 0xBEC60888 is on thread 1's stack
==18756== 
==18756== ERROR SUMMARY: 2008 errors from 12 contexts (suppressed: 21 from 1)
==18756== malloc/free: in use at exit: 312,274 bytes in 108 blocks.
==18756== malloc/free: 2,647 allocs, 2,539 frees, 8,295,407 bytes allocated.
==18756== For counts of detected errors, rerun with: -v
==18756== searching for pointers to 108 not-freed blocks.
==18756== checked 3,258,840 bytes.
==18756== 
==18756== 
==18756== 5,712 bytes in 84 blocks are definitely lost in loss record 4 of 8
==18756== Stack hash: 1157530174
==18756==    at 0x401D480: malloc (vg_replace_malloc.c:149)
==18756==    by 0x8158BD0: new_pid (demux_ts.c:2098)
==18756==    by 0x815D697: ts_parse (demux_ts.c:2693)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5ADA: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756== 
==18756== 
==18756== 199,419 (280 direct, 199,139 indirect) bytes in 5 blocks are
definitely lost in loss record 6 of 8
==18756== Stack hash: 1088359650
==18756==    at 0x401D480: malloc (vg_replace_malloc.c:149)
==18756==    by 0x815FA15: ts_parse (demuxer.h:237)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5D5A: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756==    by 0x807A2EE: main (mplayer.c:3582)
==18756== 
==18756== 
==18756== 65,865 bytes in 1 blocks are possibly lost in loss record 7 of 8
==18756== Stack hash: 1339846325
==18756==    at 0x401D480: malloc (vg_replace_malloc.c:149)
==18756==    by 0x815F580: ts_parse (demuxer.h:248)
==18756==    by 0x815FAD3: demux_ts_fill_buffer (demux_ts.c:3224)
==18756==    by 0x811E59C: ds_fill_buffer (demuxer.c:505)
==18756==    by 0x811ED47: demux_read_data (demuxer.c:527)
==18756==    by 0x81DFF53: mplayer_audio_read (ad_mp3lib.c:28)
==18756==    by 0x81E5D5A: MP3_DecodeFrame (sr1.c:58)
==18756==    by 0x81DFEE3: init (ad_mp3lib.c:48)
==18756==    by 0x80DBFB0: init_audio (dec_audio.c:95)
==18756==    by 0x80DC398: init_best_audio_codec (dec_audio.c:270)
==18756==    by 0x8078975: reinit_audio_chain (mplayer.c:1585)
==18756==    by 0x807A2EE: main (mplayer.c:3582)
==18756== 
==18756== LEAK SUMMARY:
==18756==    definitely lost: 5,992 bytes in 89 blocks.
==18756==    indirectly lost: 199,139 bytes in 4 blocks.
==18756==      possibly lost: 65,865 bytes in 1 blocks.
==18756==    still reachable: 41,278 bytes in 14 blocks.
==18756==         suppressed: 0 bytes in 0 blocks.
==18756== Reachable blocks (those to which a pointer was found) are not shown.
==18756== To see them, rerun with: --leak-check=full --show-reachable=yes


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1264] New: For this .mp3 file, valgrind reports UninitValue, UninitCondition.

From: <bug...@bu...> - 2008-08-31 10:10:56

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1264

           Summary: For this .mp3 file, valgrind reports UninitValue,
                    UninitCondition.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/664852-199-311034112-
                    result256.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see http://www.metafuzz.com

For this .mp3 file, valgrind reports UninitValue, UninitCondition.

System Info: 

MPlayer dev-SVN-r27496-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood; Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 199-song0004.mp3.

##############################################################

to reproduce:
wget http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz
tar xzf 664852-199-311034112-result256.tgz
valgrind mplayer 199-song0004.mp3

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==1295== Memcheck, a memory error detector.
==1295== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==1295== Using LibVEX rev 1715, a library for dynamic binary translation.
==1295== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==1295== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==1295== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==1295== For more details, rerun with: -v
==1295== 
==1295== My PID = 1295, parent PID = 1294.  Prog and args are:
==1295==    mplayer
==1295==    199-song0004.mp3
==1295== 
==1295== Use of uninitialised value of size 4
==1295== Stack hash: 1139837953
==1295==    at 0x8474A76: huffman_decode (mpegaudiodec.c:1558)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Use of uninitialised value of size 4
==1295== Stack hash: 2294023456
==1295==    at 0x8474AC9: huffman_decode (mpegaudiodec.c:1568)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Use of uninitialised value of size 4
==1295== Stack hash: 3324746826
==1295==    at 0x8474E6B: huffman_decode (mpegaudiodec.c:231)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Use of uninitialised value of size 4
==1295== Stack hash: 1300477421
==1295==    at 0x8474E72: huffman_decode (mpegaudiodec.c:232)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Conditional jump or move depends on uninitialised value(s)
==1295== Stack hash: 2844447559
==1295==    at 0x8474E84: huffman_decode (mpegaudiodec.c:235)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Use of uninitialised value of size 4
==1295== Stack hash: 2819332149
==1295==    at 0x8474E1A: huffman_decode (mpegaudiodec.c:231)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Use of uninitialised value of size 4
==1295== Stack hash: 795062744
==1295==    at 0x8474E21: huffman_decode (mpegaudiodec.c:232)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Conditional jump or move depends on uninitialised value(s)
==1295== Stack hash: 717105817
==1295==    at 0x8474E2E: huffman_decode (mpegaudiodec.c:235)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== Use of uninitialised value of size 4
==1295== Stack hash: 4247672245
==1295==    at 0x8474D9A: huffman_decode (mpegaudiodec.c:1581)
==1295==    by 0x84757DD: mp_decode_layer3 (mpegaudiodec.c:2280)
==1295==    by 0x8477211: mp_decode_frame (mpegaudiodec.c:2336)
==1295==    by 0x8479178: decode_frame (mpegaudiodec.c:2432)
==1295==    by 0x82E883A: avcodec_decode_audio2 (utils.c:955)
==1295==    by 0x82618A5: av_find_stream_info (utils.c:1888)
==1295==    by 0x81C4906: demux_open_lavf (demux_lavf.c:476)
==1295==    by 0x811DCDC: demux_open_stream (demuxer.c:871)
==1295==    by 0x811DF94: demux_open (demuxer.c:998)
==1295==    by 0x80799BC: main (mplayer.c:3237)
==1295== 
==1295== ERROR SUMMARY: 422 errors from 9 contexts (suppressed: 21 from 1)
==1295== malloc/free: in use at exit: 32,908 bytes in 12 blocks.
==1295== malloc/free: 6,463 allocs, 6,451 frees, 4,239,463 bytes allocated.
==1295== For counts of detected errors, rerun with: -v
==1295== searching for pointers to 12 not-freed blocks.
==1295== checked 3,250,212 bytes.
==1295== 
==1295== LEAK SUMMARY:
==1295==    definitely lost: 0 bytes in 0 blocks.
==1295==      possibly lost: 0 bytes in 0 blocks.
==1295==    still reachable: 32,908 bytes in 12 blocks.
==1295==         suppressed: 0 bytes in 0 blocks.
==1295== Reachable blocks (those to which a pointer was found) are not shown.
==1295== To see them, rerun with: --leak-check=full --show-reachable=yes


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1239] New: [Crash]For this .mp4 file, valgrind reports Leak_DefinitelyLost, SyscallParam, UninitValue, UninitCondition and Mplayer crashes.

From: <bug...@bu...> - 2008-08-07 06:57:57

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1239

           Summary: [Crash]For this .mp4 file, valgrind reports
                    Leak_DefinitelyLost, SyscallParam, UninitValue,
                    UninitCondition and Mplayer crashes.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/439815-47-832590519-
                    UninitCondition.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see http://www.metafuzz.com

[Crash]For this .mp4 file, valgrind reports Leak_DefinitelyLost, SyscallParam,
UninitValue, UninitCondition and Mplayer crashes.

System Info: 

MPlayer dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 47-innovation.mp4.

##############################################################

to reproduce:
wget http://www.metafuzz.com/testcases/439815-47-832590519-UninitCondition.tgz
tar xzf 439815-47-832590519-UninitCondition.tgz
valgrind mplayer 47-innovation.mp4

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==19023== Memcheck, a memory error detector.
==19023== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==19023== Using LibVEX rev 1715, a library for dynamic binary translation.
==19023== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==19023== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==19023== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==19023== For more details, rerun with: -v
==19023== 
==19023== My PID = 19023, parent PID = 19022.  Prog and args are:
==19023==    mplayer
==19023==    47-innovation.mp4
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3822328633
==19023==    at 0x8137D28: demux_mov_fill_buffer (stream.h:261)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3833573599
==19023==    at 0x8137D2E: demux_mov_fill_buffer (stream.h:261)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 380104592
==19023==    at 0x8137EEF: demux_mov_fill_buffer (stream.h:261)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3886050107
==19023==    at 0x8137D4A: demux_mov_fill_buffer (stream.h:263)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 2585262378
==19023==    at 0x81703FA: stream_seek_long (stream.c:310)
==19023==    by 0x8137F07: demux_mov_fill_buffer (stream.h:270)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Syscall param llseek(offset_high) contains uninitialised byte(s)
==19023== Stack hash: 3253502438
==19023==    at 0x4000792: (within /lib/ld-2.3.6.so)
==19023== 
==19023== Syscall param llseek(offset_low) contains uninitialised byte(s)
==19023== Stack hash: 3253502438
==19023==    at 0x4000792: (within /lib/ld-2.3.6.so)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 513659744
==19023==    at 0x8170458: stream_seek_long (stream.c:357)
==19023==    by 0x8137F07: demux_mov_fill_buffer (stream.h:270)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1761850970
==19023==    at 0x817046A: stream_seek_long (stream.c:358)
==19023==    by 0x8137F07: demux_mov_fill_buffer (stream.h:270)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1900538884
==19023==    at 0x817046C: stream_seek_long (stream.c:358)
==19023==    by 0x8137F07: demux_mov_fill_buffer (stream.h:270)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 2247258669
==19023==    at 0x8170471: stream_seek_long (stream.c:358)
==19023==    by 0x8137F07: demux_mov_fill_buffer (stream.h:270)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 4253982527
==19023==    at 0x811B29E: ds_read_packet (stream.h:212)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 648096763
==19023==    at 0x811B26A: ds_read_packet (stream.h:216)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1791112796
==19023==    at 0x401EF8C: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3407813997
==19023==    at 0x401EF95: memcpy (mc_replace_strmem.c:77)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1453493738
==19023==    at 0x401EFAA: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 496906407
==19023==    at 0x401EFFF: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 271827035
==19023==    at 0x401F013: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Use of uninitialised value of size 4
==19023== Stack hash: 3561499280
==19023==    at 0x401F020: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Use of uninitialised value of size 4
==19023== Stack hash: 1775988550
==19023==    at 0x401F026: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 2274855014
==19023==    at 0x401F046: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3947826058
==19023==    at 0x401F04A: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3352511086
==19023==    at 0x811B291: ds_read_packet (stream.h:209)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1880966113
==19023==    at 0x401F069: memcpy (mc_replace_strmem.c:406)
==19023==    by 0x811B28B: ds_read_packet (stream.h:218)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 2113035936
==19023==    at 0x811B2FB: ds_read_packet (demuxer.h:257)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3782830879
==19023==    at 0x401D514: realloc (vg_replace_malloc.c:306)
==19023==    by 0x811B31A: ds_read_packet (demuxer.h:259)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Use of uninitialised value of size 4
==19023== Stack hash: 1631986275
==19023==    at 0x811B332: ds_read_packet (demuxer.h:268)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811CF8C: ds_fill_buffer (demuxer.c:505)
==19023==    by 0x811D6A7: ds_get_packet (demuxer.c:609)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 860864095
==19023==    at 0x816B479: video_read_frame (video.c:548)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1507313771
==19023==    at 0x811AD67: ds_get_next_pts (demuxer.c:668)
==19023==    by 0x816B2B2: video_read_frame (video.c:573)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1375396216
==19023==    at 0x8137D28: demux_mov_fill_buffer (stream.h:261)
==19023==    by 0x811AD74: ds_get_next_pts (demuxer.c:675)
==19023==    by 0x816B2B2: video_read_frame (video.c:573)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1375700134
==19023==    at 0x8137D2E: demux_mov_fill_buffer (stream.h:261)
==19023==    by 0x811AD74: ds_get_next_pts (demuxer.c:675)
==19023==    by 0x816B2B2: video_read_frame (video.c:573)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1398443331
==19023==    at 0x8137EEF: demux_mov_fill_buffer (stream.h:261)
==19023==    by 0x811AD74: ds_get_next_pts (demuxer.c:675)
==19023==    by 0x816B2B2: video_read_frame (video.c:573)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1377118418
==19023==    at 0x8137D4A: demux_mov_fill_buffer (stream.h:263)
==19023==    by 0x811AD74: ds_get_next_pts (demuxer.c:675)
==19023==    by 0x816B2B2: video_read_frame (video.c:573)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 181160021
==19023==    at 0x81703FA: stream_seek_long (stream.c:310)
==19023==    by 0x8137F07: demux_mov_fill_buffer (stream.h:270)
==19023==    by 0x811AD74: ds_get_next_pts (demuxer.c:675)
==19023==    by 0x816B2B2: video_read_frame (video.c:573)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 134719719
==19023==    at 0x807A8E7: main (mplayer.c:2273)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 2180561200
==19023==    at 0x8196CC2: decode (vd_ffmpeg.c:740)
==19023==    by 0x80DB02A: decode_video (dec_video.c:369)
==19023==    by 0x807A9AC: main (mplayer.c:2292)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 943682454
==19023==    at 0x82E5382: avcodec_decode_video (utils.c:913)
==19023==    by 0x8196DCE: decode (vd_ffmpeg.c:781)
==19023==    by 0x80DB02A: decode_video (dec_video.c:369)
==19023==    by 0x807A9AC: main (mplayer.c:2292)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1722205693
==19023==    at 0x844C528: decode_frame (h264.c:7550)
==19023==    by 0x82E53CD: avcodec_decode_video (utils.c:914)
==19023==    by 0x8196DCE: decode (vd_ffmpeg.c:781)
==19023==    by 0x80DB02A: decode_video (dec_video.c:369)
==19023==    by 0x807A9AC: main (mplayer.c:2292)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 361720728
==19023==    at 0x844AEE0: decode_nal_units (h264.c:7371)
==19023==    by 0x844C613: decode_frame (h264.c:7620)
==19023==    by 0x82E53CD: avcodec_decode_video (utils.c:914)
==19023==    by 0x8196DCE: decode (vd_ffmpeg.c:781)
==19023==    by 0x80DB02A: decode_video (dec_video.c:369)
==19023==    by 0x807A9AC: main (mplayer.c:2292)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3486556831
==19023==    at 0x844AF4B: decode_nal_units (h264.c:7375)
==19023==    by 0x844C613: decode_frame (h264.c:7620)
==19023==    by 0x82E53CD: avcodec_decode_video (utils.c:914)
==19023==    by 0x8196DCE: decode (vd_ffmpeg.c:781)
==19023==    by 0x80DB02A: decode_video (dec_video.c:369)
==19023==    by 0x807A9AC: main (mplayer.c:2292)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 1521743253
==19023==    at 0x811D687: ds_get_packet (demuxer.c:608)
==19023==    by 0x816B474: video_read_frame (video.c:547)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== Warning: set address range perms: large range 268436229 (undefined)
==19023== Warning: set address range perms: large range 268436261 (noaccess)
==19023== Warning: set address range perms: large range 134217927 (undefined)
==19023== Warning: set address range perms: large range 134217959 (noaccess)
==19023== Warning: set address range perms: large range 134217994 (undefined)
==19023== Warning: set address range perms: large range 134218026 (noaccess)
==19023== Warning: set address range perms: large range 1073742982 (undefined)
==19023== Warning: set address range perms: large range 134219486 (undefined)
==19023== Warning: set address range perms: large range 134219518 (noaccess)
==19023== Warning: set address range perms: large range 268437584 (undefined)
==19023== Warning: set address range perms: large range 268437616 (noaccess)
==19023== Warning: set address range perms: large range 268436062 (undefined)
==19023== Warning: set address range perms: large range 268436094 (noaccess)
==19023== Warning: set address range perms: large range 1073742646 (undefined)
==19023== Warning: set address range perms: large range 1073743354 (undefined)
==19023== Warning: set address range perms: large range 536872294 (undefined)
==19023== Warning: set address range perms: large range 536872326 (noaccess)
==19023== Warning: set address range perms: large range 1073742521 (undefined)
==19023== Warning: set address range perms: large range 268435934 (undefined)
==19023== Warning: set address range perms: large range 268435966 (noaccess)
==19023== Warning: set address range perms: large range 536871658 (undefined)
==19023== Warning: set address range perms: large range 536871690 (noaccess)
==19023== Warning: set address range perms: large range 536871722 (undefined)
==19023== Warning: set address range perms: large range 536871754 (noaccess)
==19023== Warning: set address range perms: large range 268438055 (undefined)
==19023== Warning: set address range perms: large range 268438087 (noaccess)
==19023== Warning: set address range perms: large range 268436480 (undefined)
==19023== Warning: set address range perms: large range 268436512 (noaccess)
==19023== Warning: set address range perms: large range 135267840 (undefined)
==19023== Warning: set address range perms: large range 135267872 (noaccess)
==19023== Warning: set address range perms: large range 134218838 (undefined)
==19023== Warning: set address range perms: large range 134218870 (noaccess)
==19023== Warning: set address range perms: large range 536871479 (undefined)
==19023== Warning: set address range perms: large range 536871511 (noaccess)
==19023== Warning: set address range perms: large range 134218184 (undefined)
==19023== Warning: set address range perms: large range 134218216 (noaccess)
==19023== Warning: set address range perms: large range 268436308 (undefined)
==19023== Warning: set address range perms: large range 268436340 (noaccess)
==19023== Warning: set address range perms: large range 268436001 (undefined)
==19023== Warning: set address range perms: large range 268436033 (noaccess)
==19023== Warning: set address range perms: large range 536871639 (undefined)
==19023== Warning: set address range perms: large range 536871671 (noaccess)
==19023== Warning: set address range perms: large range 134218304 (undefined)
==19023== Warning: set address range perms: large range 134218336 (noaccess)
==19023== Warning: set address range perms: large range 268436222 (undefined)
==19023== Warning: set address range perms: large range 268436254 (noaccess)
==19023== Warning: set address range perms: large range 134218720 (undefined)
==19023== Warning: set address range perms: large range 134218752 (noaccess)
==19023== Warning: set address range perms: large range 134218802 (undefined)
==19023== Warning: set address range perms: large range 134218834 (noaccess)
==19023== Warning: set address range perms: large range 536872018 (undefined)
==19023== Warning: set address range perms: large range 536872050 (noaccess)
==19023== Warning: set address range perms: large range 1073742628 (undefined)
==19023== Warning: set address range perms: large range 536871349 (undefined)
==19023== Warning: set address range perms: large range 536871381 (noaccess)
==19023== Warning: set address range perms: large range 536872437 (undefined)
==19023== Warning: set address range perms: large range 536872469 (noaccess)
==19023== Warning: set address range perms: large range 1073743121 (undefined)
==19023== Warning: set address range perms: large range 268436297 (undefined)
==19023== Warning: set address range perms: large range 268436329 (noaccess)
==19023== Warning: set address range perms: large range 268436426 (undefined)
==19023== Warning: set address range perms: large range 268436458 (noaccess)
==19023== Warning: set address range perms: large range 1073741894 (undefined)
==19023== Warning: set address range perms: large range 536874228 (undefined)
==19023== Warning: set address range perms: large range 536874260 (noaccess)
==19023== Warning: set address range perms: large range 134218823 (undefined)
==19023== Warning: set address range perms: large range 134218855 (noaccess)
==19023== Warning: set address range perms: large range 536872459 (undefined)
==19023== Warning: set address range perms: large range 536872491 (noaccess)
==19023== Warning: set address range perms: large range 536870981 (undefined)
==19023== Warning: set address range perms: large range 536871013 (noaccess)
==19023== Warning: set address range perms: large range 134219827 (undefined)
==19023== Warning: set address range perms: large range 134219859 (noaccess)
==19023== Warning: set address range perms: large range 1073742106 (undefined)
==19023== Warning: set address range perms: large range 134219233 (undefined)
==19023== Warning: set address range perms: large range 134219265 (noaccess)
==19023== Warning: set address range perms: large range 1073743033 (undefined)
==19023== Warning: set address range perms: large range 268444198 (undefined)
==19023== Warning: set address range perms: large range 268444230 (noaccess)
==19023== Warning: set address range perms: large range 134218579 (undefined)
==19023== Warning: set address range perms: large range 134218611 (noaccess)
==19023== Warning: set address range perms: large range 536871398 (undefined)
==19023== Warning: set address range perms: large range 536871430 (noaccess)
==19023== Warning: set address range perms: large range 134744108 (undefined)
==19023== Warning: set address range perms: large range 134744140 (noaccess)
==19023== Warning: set address range perms: large range 268697838 (undefined)
==19023== Warning: set address range perms: large range 268697870 (noaccess)
==19023== Warning: set address range perms: large range 536876229 (undefined)
==19023== Warning: set address range perms: large range 536876261 (noaccess)
==19023== 
==19023== Conditional jump or move depends on uninitialised value(s)
==19023== Stack hash: 3948087950
==19023==    at 0x811B226: ds_read_packet (demuxer.h:248)
==19023==    by 0x81380B8: demux_mov_fill_buffer (demux_mov.c:2176)
==19023==    by 0x811AD74: ds_get_next_pts (demuxer.c:675)
==19023==    by 0x816B2B2: video_read_frame (video.c:573)
==19023==    by 0x807A8E2: main (mplayer.c:2262)
==19023== 
==19023== ERROR SUMMARY: 1394567 errors from 42 contexts (suppressed: 21 from
1)
==19023== malloc/free: in use at exit: 33,091 bytes in 20 blocks.
==19023== malloc/free: 32,034 allocs, 32,012 frees, 2,552,148,160 bytes
allocated.
==19023== For counts of detected errors, rerun with: -v
==19023== searching for pointers to 20 not-freed blocks.
==19023== checked 2,951,708 bytes.
==19023== 
==19023== 
==19023== 20 bytes in 2 blocks are definitely lost in loss record 5 of 11
==19023== Stack hash: 1420098800
==19023==    at 0x401C6AB: memalign (vg_replace_malloc.c:332)
==19023==    by 0x853D894: av_malloc (mem.c:61)
==19023==    by 0x853D8D7: av_strdup (mem.c:145)
==19023==    by 0x82E5F2A: avcodec_get_context_defaults2 (utils.c:761)
==19023==    by 0x82E5FF9: avcodec_alloc_context2 (utils.c:780)
==19023==    by 0x82E6021: avcodec_alloc_context (utils.c:790)
==19023==    by 0x825C66F: av_new_stream (utils.c:2261)
==19023==    by 0x828A65F: mov_read_trak (mov.c:1294)
==19023==    by 0x8289058: mov_read_default (mov.c:215)
==19023==    by 0x828925B: mov_read_moov (mov.c:455)
==19023==    by 0x8289058: mov_read_default (mov.c:215)
==19023==    by 0x828C8F5: mov_read_header (mov.c:1810)
==19023== 
==19023== LEAK SUMMARY:
==19023==    definitely lost: 20 bytes in 2 blocks.
==19023==      possibly lost: 0 bytes in 0 blocks.
==19023==    still reachable: 33,071 bytes in 18 blocks.
==19023==         suppressed: 0 bytes in 0 blocks.
==19023== Reachable blocks (those to which a pointer was found) are not shown.
==19023== To see them, rerun with: --leak-check=full --show-reachable=yes
MPlayer interrupted by signal 2 in module: sleep_timer
_________________________________________________________________

gdb Backtrace

Using host libthread_db library /lib/tls/i686/cmov/libthread_db.so.1.
/home/user/bug_report/core: No such file or directory.
[Thread debugging using libthread_db enabled]
[New Thread -1209972064 (LWP 20064)]
MPlayer dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Dual-Core AMD Opteron(tm) Processor 2218 HE (Family: 15, Model: 65,
Stepping: 3)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
get_path('codecs.conf') -> '/root/.mplayer/codecs.conf'
Reading /root/.mplayer/codecs.conf: Can't open '/root/.mplayer/codecs.conf': No
such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open
'/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '47-innovation.mp4'
get_path('font/font.desc') -> '/root/.mplayer/font/font.desc'
font: can't open file: /root/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/root/.mplayer/input.conf'
Can't open input config file /root/.mplayer/input.conf: No such file or
directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or
directory
Falling back on default (hardcoded) input config
get_path('47-innovation.mp4.conf') -> '/root/.mplayer/47-innovation.mp4.conf'

Playing 47-innovation.mp4.
get_path('sub/') -> '/root/.mplayer/sub/'
[file] File size is 5072382 bytes
STREAM: [file] 47-innovation.mp4
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: QuickTime/MPEG-4/Motion JPEG 2000 format
libavformat file format detected.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8a044a0]Could not find codec parameters (Data:
0x0000)
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x8a044a0]Could not find codec parameters (Video:
h264)
LAVF_header: av_find_stream_info() failed
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Checking for Nullsoft Streaming Video
Checking for MOV
ISO: File Type Major Brand: ISO/IEC 14496-1 (MPEG-4 system) v2
ISO: File Type Minor Version: 262144
ISO: File Type Compatible Brand #0: mp42
ISO: File Type Compatible Brand #1: iso-
MOV: Movie DATA found!
MOV: Movie header found!
Quicktime/MOV file format detected.
MOV: Movie header (100 bytes): tscale=856  dur=2611200
MOV: unknown chunk: iods 13
--------------
MOV: Track #0:
MOV:  Track header!
tkhd len=84 ver=0 flags=0x8 id=101 dur=1073877824 lay=8192 vol=256
MOV: unknown chunk: mdi! 18176
MOV track #0: 0 chunks, 0 samples
pts=0  scale=0  time=  nan
*** constant samplesize


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1238] New: For this .wma file, valgrind reports Leak_DefinitelyLost.

From: <bug...@bu...> - 2008-08-07 01:27:58

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1238

           Summary: For this .wma file, valgrind reports
                    Leak_DefinitelyLost.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/876901-113-3049269950-
                    Leak_PossiblyLost.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see http://www.metafuzz.com

For this .wma file, valgrind reports Leak_DefinitelyLost.

System Info: 

MPlayer dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 113-IWontCry.wma.

##############################################################

to reproduce:
wget
http://www.metafuzz.com/testcases/876901-113-3049269950-Leak_PossiblyLost.tgz
tar xzf 876901-113-3049269950-Leak_PossiblyLost.tgz
valgrind mplayer 113-IWontCry.wma

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==28724== Memcheck, a memory error detector.
==28724== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==28724== Using LibVEX rev 1715, a library for dynamic binary translation.
==28724== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==28724== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==28724== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==28724== For more details, rerun with: -v
==28724== 
==28724== My PID = 28724, parent PID = 28723.  Prog and args are:
==28724==    mplayer
==28724==    113-IWontCry.wma
==28724== 
==28724== 
==28724== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 21 from 1)
==28724== malloc/free: in use at exit: 35,912 bytes in 13 blocks.
==28724== malloc/free: 2,675 allocs, 2,662 frees, 2,091,398 bytes allocated.
==28724== For counts of detected errors, rerun with: -v
==28724== searching for pointers to 13 not-freed blocks.
==28724== checked 2,951,504 bytes.
==28724== 
==28724== 3,004 bytes in 1 blocks are definitely lost in loss record 5 of 6
==28724== Stack hash: 3370902398
==28724==    at 0x401D480: malloc (vg_replace_malloc.c:149)
==28724==    by 0x8114062: read_asf_header (asfheader.c:518)
==28724==    by 0x811FDF3: demux_open_asf (demux_asf.c:619)
==28724==    by 0x811C75D: demux_open_stream (demuxer.c:818)
==28724==    by 0x811CB44: demux_open (demuxer.c:998)
==28724==    by 0x8078DCC: main (mplayer.c:3237)
==28724== 
==28724== LEAK SUMMARY:
==28724==    definitely lost: 3,004 bytes in 1 blocks.
==28724==      possibly lost: 0 bytes in 0 blocks.
==28724==    still reachable: 32,908 bytes in 12 blocks.
==28724==         suppressed: 0 bytes in 0 blocks.
==28724== Reachable blocks (those to which a pointer was found) are not shown.
==28724== To see them, rerun with: --leak-check=full --show-reachable=yes


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1236] New: For this .asf file, valgrind reports Leak_DefinitelyLost, UninitValue, UninitCondition.

From: <bug...@bu...> - 2008-08-07 01:04:42

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1236

           Summary: For this .asf file, valgrind reports
                    Leak_DefinitelyLost, UninitValue, UninitCondition.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/857208-9-2042535168-
                    UninitCondition.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see
http://www.metafuzz.com%A¯or this .asf file, valgrind reports
Leak_DefinitelyLost, UninitValue, UninitCondition.%A%ASystem Info: %A%AMPlayer
dev-SVN-r27422-4.1.2 (C) 2000-2008 MPlayer Team¬PU: Intel Pentium 4/Celeron 4
Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin (Family: 15, Model: 2,
Stepping: 7)¬PUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1¬ompiled
for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2%A%APlaying
9-nice.asf.%A%A##############################################################%A%Ato
reproduce:%Awget
http://www.metafuzz.com/testcases/857208-9-2042535168-UninitCondition.tgz%Atar
xzf 857208-9-2042535168-UninitCondition.tgz%Avalgrind mplayer
9-nice.asf%A%A::::::::::::::::::::Valgrind
result:::::::::::::::::::::::::::::%A%A==26826== Memcheck, a memory error
detector.%A==26826== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward
et al.%A==26826== Using LibVEX rev 1715, a library for dynamic binary
translation.%A==26826== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks
LLP.%A==26826== Using valgrind-3.2.2, a dynamic binary instrumentation
framework.%A==26826== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward
et al.%A==26826== For more details, rerun with: -v%A==26826== %A==26826== My
PID = 26826, parent PID = 26825.  Prog and args are:%A==26826==   
mplayer%A==26826==    9-nice.asf%A==26826== %A==26826== Conditional jump or
move depends on uninitialised value(s)%A==26826== Stack hash:
1068695994%A==26826==    at 0x84DE7E8: vc1_decode_p_block
(vc1.c:3014)%A==26826==    by 0x84E5E6A: vc1_decode_p_blocks
(vc1.c:3227)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 956156308%A==26826==    at
0x84DE7F2: vc1_decode_p_block (vc1.c:3016)%A==26826==    by 0x84E5E6A:
vc1_decode_p_blocks (vc1.c:3227)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 4188412642%A==26826==    at
0x84E5B7A: vc1_decode_p_blocks (vc1.c:3209)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 729930868%A==26826==    at
0x84E5BC4: vc1_decode_p_blocks (vc1.c:3211)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1754831215%A==26826==    at
0x84DE975: vc1_decode_p_block (vc1.c:3038)%A==26826==    by 0x84E5E6A:
vc1_decode_p_blocks (vc1.c:3227)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 2487231333%A==26826==    at
0x84DE4BB: vc1_decode_p_block (vc1.c:3065)%A==26826==    by 0x84E5E6A:
vc1_decode_p_blocks (vc1.c:3227)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1417212157%A==26826==    at
0x84DE993: vc1_decode_p_block (vc1.c:3040)%A==26826==    by 0x84E5E6A:
vc1_decode_p_blocks (vc1.c:3227)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 3038140499%A==26826==    at
0x84DE739: vc1_decode_p_block (vc1.c:3088)%A==26826==    by 0x84E5E6A:
vc1_decode_p_blocks (vc1.c:3227)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 3104288256%A==26826==    at 0x84E5520:
vc1_decode_p_blocks (bitstream.h:856)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 449350955%A==26826==    at
0x84E671F: vc1_decode_p_blocks (vc1.c:1785)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 3170812779%A==26826==    at 0x84E645F:
vc1_decode_p_blocks (bitstream.h:856)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 3448188607%A==26826==    at 0x84E6463:
vc1_decode_p_blocks (bitstream.h:856)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 303485569%A==26826==    at 0x84E761D:
vc1_decode_p_blocks (bitstream.h:856)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 1403888154%A==26826==    at 0x84E71D2:
vc1_decode_p_blocks (bitstream.h:856)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 2945145654%A==26826==    at
0x84DAC7C: vc1_mc_1mv (common.h:201)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 41800187%A==26826==    at
0x84DAC99: vc1_mc_1mv (common.h:201)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 4055418268%A==26826==    at
0x84DACB2: vc1_mc_1mv (common.h:201)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 3830338896%A==26826==    at
0x84DACC6: vc1_mc_1mv (common.h:201)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1932288480%A==26826==    at
0x84DACD6: vc1_mc_1mv (common.h:202)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1249488241%A==26826==    at
0x84DAD5F: vc1_mc_1mv (vc1.c:523)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 855599340%A==26826==    at
0x84DAD82: vc1_mc_1mv (vc1.c:523)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 4137709462%A==26826==    at 0x84DADDC: vc1_mc_1mv
(vc1.c:592)%A==26826==    by 0x84E6E92: vc1_decode_p_blocks
(vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 2677439928%A==26826==    at 0x82E8C1C:
put_pixels16_x2_mmx2 (dsputil_mmx_avg.h:342)%A==26826==    by 0x84DADE2:
vc1_mc_1mv (vc1.c:592)%A==26826==    by 0x84E6E92: vc1_decode_p_blocks
(vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1255616841%A==26826==    at
0x82FF4E3: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:35)%A==26826== 
  by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 3288001153%A==26826==    at
0x82FF4FB: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:43)%A==26826== 
  by 0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 1103014914%A==26826==    at 0x82FF640:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826==    by
0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 2430804777%A==26826==    at 0x82FF643:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826==    by
0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 3258644820%A==26826==    at
0x82FF4E3: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:35)%A==26826== 
  by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 996061836%A==26826==    at
0x82FF4FB: put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:43)%A==26826== 
  by 0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 3106042893%A==26826==    at 0x82FF640:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826==    by
0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 138865460%A==26826==    at 0x82FF643:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:61)%A==26826==    by
0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1056014416%A==26826==    at
0x84E6630: vc1_decode_p_blocks (vc1.c:1756)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 3691084782%A==26826==    at
0x84E6656: vc1_decode_p_blocks (vc1.c:1757)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1456184610%A==26826==    at
0x84E74BA: vc1_decode_p_blocks (vc1.c:1771)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 2830211964%A==26826==    at 0x82E97F0:
put_pixels16_mmx (dsputil_mmx.c:385)%A==26826==    by 0x84DADE2: vc1_mc_1mv
(vc1.c:592)%A==26826==    by 0x84E6E92: vc1_decode_p_blocks
(vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 249876186%A==26826==    at 0x82E9790: put_pixels8_mmx
(dsputil_mmx.c:359)%A==26826==    by 0x82FF6A8: put_h264_chroma_mc8_mmx
(dsputil_h264_template_mmx.c:37)%A==26826==    by 0x84DB1A8: vc1_mc_1mv
(vc1.c:603)%A==26826==    by 0x84E6E92: vc1_decode_p_blocks
(vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 2252904165%A==26826==    at 0x82E9790: put_pixels8_mmx
(dsputil_mmx.c:359)%A==26826==    by 0x82FF6A8: put_h264_chroma_mc8_mmx
(dsputil_h264_template_mmx.c:37)%A==26826==    by 0x84DB1DB: vc1_mc_1mv
(vc1.c:604)%A==26826==    by 0x84E6E92: vc1_decode_p_blocks
(vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1807262433%A==26826==    at
0x84E74FD: vc1_decode_p_blocks (vc1.c:1784)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 614620704%A==26826==    at 0x82FF556:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:122)%A==26826==    by
0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 3171000672%A==26826==    at 0x82FF596:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:148)%A==26826==    by
0x84DB1A8: vc1_mc_1mv (vc1.c:603)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 2617648683%A==26826==    at 0x82FF556:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:122)%A==26826==    by
0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 879061355%A==26826==    at 0x82FF596:
put_h264_chroma_mc8_mmx (dsputil_h264_template_mmx.c:148)%A==26826==    by
0x84DB1DB: vc1_mc_1mv (vc1.c:604)%A==26826==    by 0x84E6E92:
vc1_decode_p_blocks (vc1.c:3172)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 2860622779%A==26826==    at
0x84E4B6F: vc1_decode_p_blocks (vc1.c:1756)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 3012384807%A==26826==    at
0x84E4C2B: vc1_decode_p_blocks (vc1.c:1771)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1763682053%A==26826==    at
0x84E7291: vc1_decode_p_blocks (vc1.c:1784)%A==26826==    by 0x84E8C8A:
vc1_decode_frame (vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 314560203%A==26826==    at
0x84DAC7C: vc1_mc_1mv (common.h:201)%A==26826==    by 0x84E4453:
vc1_decode_p_blocks (vc1.c:3244)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 1424832817%A==26826==    at
0x84DACB2: vc1_mc_1mv (common.h:201)%A==26826==    by 0x84E4453:
vc1_decode_p_blocks (vc1.c:3244)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Conditional jump or move depends on
uninitialised value(s)%A==26826== Stack hash: 2913870086%A==26826==    at
0x84DAD5F: vc1_mc_1mv (vc1.c:523)%A==26826==    by 0x84E4453:
vc1_decode_p_blocks (vc1.c:3244)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %A==26826== Use of uninitialised value of size
4%A==26826== Stack hash: 1507124011%A==26826==    at 0x84DADDC: vc1_mc_1mv
(vc1.c:592)%A==26826==    by 0x84E4453: vc1_decode_p_blocks
(vc1.c:3244)%A==26826==    by 0x84E8C8A: vc1_decode_frame
(vc1.c:3918)%A==26826==    by 0x82E53CD: avcodec_decode_video
(utils.c:914)%A==26826==    by 0x8196DCE: decode (vd_ffmpeg.c:781)%A==26826==  
 by 0x80DB02A: decode_video (dec_video.c:369)%A==26826==    by 0x8079ACD: main
(mplayer.c:1761)%A==26826== %AMore than 50 errors detected, the rest will be
ignored%A%A==26826== ERROR SUMMARY: 16918 errors from 115 contexts (suppressed:
21 from 1)%A==26826== malloc/free: in use at exit: 426,584 bytes in 134
blocks.%A==26826== malloc/free: 3,802 allocs, 3,668 frees, 4,453,253 bytes
allocated.%A==26826== For counts of detected errors, rerun with: -v%A==26826==
searching for pointers to 134 not-freed blocks.%A==26826== checked 3,231,952
bytes.%A==26826== %A==26826== %A==26826== 10 bytes in 1 blocks are definitely
lost in loss record 4 of 16%A==26826== Stack hash: 122745447%A==26826==    at
0x401C6AB: memalign (vg_replace_malloc.c:332)%A==26826==    by 0x853D894:
av_malloc (mem.c:61)%A==26826==    by 0x853D8D7: av_strdup
(mem.c:145)%A==26826==    by 0x82E5F2A: avcodec_get_context_defaults2
(utils.c:761)%A==26826==    by 0x82E5FF9: avcodec_alloc_context2
(utils.c:780)%A==26826==    by 0x82E6021: avcodec_alloc_context
(utils.c:790)%A==26826==    by 0x825C66F: av_new_stream
(utils.c:2261)%A==26826==    by 0x8266A41: asf_read_header
(asf.c:208)%A==26826==    by 0x825E11F: av_open_input_stream
(utils.c:416)%A==26826==    by 0x81A0A4A: demux_open_lavf
(demux_lavf.c:459)%A==26826==    by 0x811C88C: demux_open_stream
(demuxer.c:871)%A==26826==    by 0x811CB44: demux_open
(demuxer.c:998)%A==26826== %A==26826== %A==26826== 16 bytes in 2 blocks are
definitely lost in loss record 6 of 16%A==26826== Stack hash:
3290393404%A==26826==    at 0x401D480: malloc
(vg_replace_malloc.c:149)%A==26826==    by 0x821AE75: Setup_LDT_Keeper
(ldt_keeper.c:205)%A==26826==    by 0x82322C1: DMO_VideoDecoder_Open
(DMO_VideoDecoder.c:98)%A==26826==    by 0x8228CDE: init
(vd_dmo.c:32)%A==26826==    by 0x80DB772: init_video
(dec_video.c:264)%A==26826==    by 0x80DB9A8: init_best_video_codec
(dec_video.c:315)%A==26826==    by 0x80777F3: reinit_video_chain
(mplayer.c:2211)%A==26826==    by 0x807945B: main (mplayer.c:3536)%A==26826==
%A==26826== %A==26826== 1,136 (664 direct, 472 indirect) bytes in 2 blocks are
definitely lost in loss record 13 of 16%A==26826== Stack hash:
3058604448%A==26826==    at 0x401D480: malloc
(vg_replace_malloc.c:149)%A==26826==    by 0x823227E: DMO_VideoDecoder_Open
(DMO_VideoDecoder.c:90)%A==26826==    by 0x8228CDE: init
(vd_dmo.c:32)%A==26826==    by 0x80DB772: init_video
(dec_video.c:264)%A==26826==    by 0x80DB9A8: init_best_video_codec
(dec_video.c:315)%A==26826==    by 0x80777F3: reinit_video_chain
(mplayer.c:2211)%A==26826==    by 0x807945B: main (mplayer.c:3536)%A==26826==
%A==26826== LEAK SUMMARY:%A==26826==    definitely lost: 690 bytes in 5
blocks.%A==26826==    indirectly lost: 472 bytes in 6 blocks.%A==26826==     
possibly lost: 0 bytes in 0 blocks.%A==26826==    still reachable: 425,422
bytes in 123 blocks.%A==26826==         suppressed: 0 bytes in 0
blocks.%A==26826== Reachable blocks (those to which a pointer was found) are
not shown.%A==26826== To see them, rerun with: --leak-check=full
--show-reachable=yes%A


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1235] New: For this .mp3 file, valgrind reports InvalidRead, UninitCondition.

From: <bug...@bu...> - 2008-08-06 20:33:16

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1235

           Summary: For this .mp3 file, valgrind reports InvalidRead,
                    UninitCondition.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/373907-0-4003270842-
                    SyscallParam.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see http://www.metafuzz.com

For this .mp3 file, valgrind reports InvalidRead, UninitCondition.

System Info: 

MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 21.mp3.

##############################################################

to reproduce:
wget http://www.metafuzz.com/testcases/373907-0-4003270842-SyscallParam.tgz
tar xzf 373907-0-4003270842-SyscallParam.tgz
valgrind mplayer 21.mp3

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==5323== Memcheck, a memory error detector.
==5323== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==5323== Using LibVEX rev 1715, a library for dynamic binary translation.
==5323== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==5323== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==5323== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==5323== For more details, rerun with: -v
==5323== 
==5323== My PID = 5323, parent PID = 5322.  Prog and args are:
==5323==    mplayer
==5323==    21.mp3
==5323== 
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4126823808
==5323==    at 0x400A65C: (within /lib/ld-2.7.so)
==5323==    by 0x4003125: (within /lib/ld-2.7.so)
==5323==    by 0x40138EC: (within /lib/ld-2.7.so)
==5323==    by 0x4000C3D: (within /lib/ld-2.7.so)
==5323==    by 0x4000816: (within /lib/ld-2.7.so)
==5323== 
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4228028502
==5323==    at 0x400A692: (within /lib/ld-2.7.so)
==5323==    by 0x4003125: (within /lib/ld-2.7.so)
==5323==    by 0x40138EC: (within /lib/ld-2.7.so)
==5323==    by 0x4000C3D: (within /lib/ld-2.7.so)
==5323==    by 0x4000816: (within /lib/ld-2.7.so)
==5323== 
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 936347057
==5323==    at 0x400B19D: (within /lib/ld-2.7.so)
==5323==    by 0x4003125: (within /lib/ld-2.7.so)
==5323==    by 0x40138EC: (within /lib/ld-2.7.so)
==5323==    by 0x4000C3D: (within /lib/ld-2.7.so)
==5323==    by 0x4000816: (within /lib/ld-2.7.so)
==5323== 
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 3629006124
==5323==    at 0x400A542: (within /lib/ld-2.7.so)
==5323==    by 0x4003383: (within /lib/ld-2.7.so)
==5323==    by 0x40138EC: (within /lib/ld-2.7.so)
==5323==    by 0x4000C3D: (within /lib/ld-2.7.so)
==5323==    by 0x4000816: (within /lib/ld-2.7.so)
==5323== 
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 3643999412
==5323==    at 0x400A54A: (within /lib/ld-2.7.so)
==5323==    by 0x4003383: (within /lib/ld-2.7.so)
==5323==    by 0x40138EC: (within /lib/ld-2.7.so)
==5323==    by 0x4000C3D: (within /lib/ld-2.7.so)
==5323==    by 0x4000816: (within /lib/ld-2.7.so)
==5323== 
==5323== Conditional jump or move depends on uninitialised value(s)
==5323== Stack hash: 4258724220
==5323==    at 0x400A692: (within /lib/ld-2.7.so)
==5323==    by 0x4003383: (within /lib/ld-2.7.so)
==5323==    by 0x40138EC: (within /lib/ld-2.7.so)
==5323==    by 0x4000C3D: (within /lib/ld-2.7.so)
==5323==    by 0x4000816: (within /lib/ld-2.7.so)
==5323== 
==5323== Invalid read of size 4
==5323== Stack hash: 1364543850
==5323==    at 0x417FBC4: (within /lib/libc-2.7.so)
==5323==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==5323== 
==5323== Process terminating with default action of signal 11 (SIGSEGV)
==5323==  Access not within mapped region at address 0x10
==5323== Stack hash: 1364543850
==5323==    at 0x417FBC4: (within /lib/libc-2.7.so)
==5323== 
==5323== ERROR SUMMARY: 20 errors from 7 contexts (suppressed: 0 from 0)
==5323== malloc/free: in use at exit: 33,644 bytes in 21 blocks.
==5323== malloc/free: 3,379 allocs, 3,358 frees, 1,598,202 bytes allocated.
==5323== For counts of detected errors, rerun with: -v
==5323== searching for pointers to 21 not-freed blocks.
==5323== checked 2,952,256 bytes.
==5323== 
==5323== LEAK SUMMARY:
==5323==    definitely lost: 0 bytes in 0 blocks.
==5323==      possibly lost: 0 bytes in 0 blocks.
==5323==    still reachable: 33,644 bytes in 21 blocks.
==5323==         suppressed: 0 bytes in 0 blocks.
==5323== Reachable blocks (those to which a pointer was found) are not shown.
==5323== To see them, rerun with: --leak-check=full --show-reachable=yes


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1234] New: [Crash]For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition, and Mplayer crashe.

From: <bug...@bu...> - 2008-08-06 10:05:02

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1234

           Summary: [Crash]For this .mp3 file, valgrind reports InvalidRead,
                    UninitValue, UninitCondition, and Mplayer crashe.
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/378068-32-1292935739-
                    SyscallParam.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the metafuzz project, see http://www.metafuzz.com

[Crash]For this .mp3 file, valgrind reports InvalidRead, UninitValue,
UninitCondition, and Mplayer crashe.

System Info: 

MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 32-in_the_end.mp3.

##############################################################

to reproduce:
wget http://www.metafuzz.com/testcases/378068-32-1292935739-SyscallParam.tgz
tar xzf 378068-32-1292935739-SyscallParam.tgz
valgrind mplayer 32-in_the_end.mp3

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==4342== Memcheck, a memory error detector.
==4342== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==4342== Using LibVEX rev 1715, a library for dynamic binary translation.
==4342== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==4342== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==4342== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==4342== For more details, rerun with: -v
==4342== 
==4342== My PID = 4342, parent PID = 4341.  Prog and args are:
==4342==    mplayer
==4342==    32-in_the_end.mp3
==4342== 
==4342== Conditional jump or move depends on uninitialised value(s)
==4342== Stack hash: 4126823808
==4342==    at 0x400A65C: (within /lib/ld-2.7.so)
==4342==    by 0x4003125: (within /lib/ld-2.7.so)
==4342==    by 0x40138EC: (within /lib/ld-2.7.so)
==4342==    by 0x4000C3D: (within /lib/ld-2.7.so)
==4342==    by 0x4000816: (within /lib/ld-2.7.so)
==4342== 
==4342== Conditional jump or move depends on uninitialised value(s)
==4342== Stack hash: 4228028502
==4342==    at 0x400A692: (within /lib/ld-2.7.so)
==4342==    by 0x4003125: (within /lib/ld-2.7.so)
==4342==    by 0x40138EC: (within /lib/ld-2.7.so)
==4342==    by 0x4000C3D: (within /lib/ld-2.7.so)
==4342==    by 0x4000816: (within /lib/ld-2.7.so)
==4342== 
==4342== Conditional jump or move depends on uninitialised value(s)
==4342== Stack hash: 936347057
==4342==    at 0x400B19D: (within /lib/ld-2.7.so)
==4342==    by 0x4003125: (within /lib/ld-2.7.so)
==4342==    by 0x40138EC: (within /lib/ld-2.7.so)
==4342==    by 0x4000C3D: (within /lib/ld-2.7.so)
==4342==    by 0x4000816: (within /lib/ld-2.7.so)
==4342== 
==4342== Conditional jump or move depends on uninitialised value(s)
==4342== Stack hash: 3629006124
==4342==    at 0x400A542: (within /lib/ld-2.7.so)
==4342==    by 0x4003383: (within /lib/ld-2.7.so)
==4342==    by 0x40138EC: (within /lib/ld-2.7.so)
==4342==    by 0x4000C3D: (within /lib/ld-2.7.so)
==4342==    by 0x4000816: (within /lib/ld-2.7.so)
==4342== 
==4342== Conditional jump or move depends on uninitialised value(s)
==4342== Stack hash: 3643999412
==4342==    at 0x400A54A: (within /lib/ld-2.7.so)
==4342==    by 0x4003383: (within /lib/ld-2.7.so)
==4342==    by 0x40138EC: (within /lib/ld-2.7.so)
==4342==    by 0x4000C3D: (within /lib/ld-2.7.so)
==4342==    by 0x4000816: (within /lib/ld-2.7.so)
==4342== 
==4342== Conditional jump or move depends on uninitialised value(s)
==4342== Stack hash: 4258724220
==4342==    at 0x400A692: (within /lib/ld-2.7.so)
==4342==    by 0x4003383: (within /lib/ld-2.7.so)
==4342==    by 0x40138EC: (within /lib/ld-2.7.so)
==4342==    by 0x4000C3D: (within /lib/ld-2.7.so)
==4342==    by 0x4000816: (within /lib/ld-2.7.so)
==4342== 
==4342== Use of uninitialised value of size 4
==4342== Stack hash: 2621627734
==4342==    at 0x81E57A6: MP3_DecodeFrame (layer2.c:167)
==4342==    by 0x80DA2F8: decode_audio (dec_audio.c:383)
==4342==    by 0x80798C8: main (mplayer.c:2044)
==4342== 
==4342== Use of uninitialised value of size 4
==4342== Stack hash: 2620462715
==4342==    at 0x81E5453: MP3_DecodeFrame (layer2.c:178)
==4342==    by 0x80DA2F8: decode_audio (dec_audio.c:383)
==4342==    by 0x80798C8: main (mplayer.c:2044)
==4342== 
==4342== Use of uninitialised value of size 4
==4342== Stack hash: 2620491464
==4342==    at 0x81E5468: MP3_DecodeFrame (layer2.c:179)
==4342==    by 0x80DA2F8: decode_audio (dec_audio.c:383)
==4342==    by 0x80798C8: main (mplayer.c:2044)
==4342== 
==4342== Use of uninitialised value of size 4
==4342== Stack hash: 2620516106
==4342==    at 0x81E547A: MP3_DecodeFrame (layer2.c:180)
==4342==    by 0x80DA2F8: decode_audio (dec_audio.c:383)
==4342==    by 0x80798C8: main (mplayer.c:2044)
==4342== 
==4342== Invalid read of size 4
==4342== Stack hash: 880003731
==4342==    at 0x81E339A: do_layer3 (layer3.c:1157)
==4342==    by 0x8165551: demux_open_vqf (demux_vqf.c:38)
==4342==  Address 0xBE963000 is not stack'd, malloc'd or (recently) free'd
==4342== 
==4342== Invalid read of size 4
==4342== Stack hash: 897284585
==4342==    at 0x417FBC4: (within /lib/libc-2.7.so)
==4342==    by 0x417F806: (within /lib/libc-2.7.so)
==4342==    by 0x4180023: __libc_freeres (in /lib/libc-2.7.so)
==4342==    by 0x401D1F6: _vgnU_freeres (vg_preloaded.c:60)
==4342==    by 0x40ADBC7: exit (in /lib/libc-2.7.so)
==4342==    by 0x80768F3: exit_sighandler (mplayer.c:816)
==4342==    by 0x40AAE37: (within /lib/libc-2.7.so)
==4342==    by 0x8165551: demux_open_vqf (demux_vqf.c:38)
==4342==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==4342== 
==4342== Process terminating with default action of signal 11 (SIGSEGV)
==4342==  Access not within mapped region at address 0x10
==4342== Stack hash: 897284585
==4342==    at 0x417FBC4: (within /lib/libc-2.7.so)
==4342==    by 0x417F806: (within /lib/libc-2.7.so)
==4342==    by 0x4180023: __libc_freeres (in /lib/libc-2.7.so)
==4342==    by 0x401D1F6: _vgnU_freeres (vg_preloaded.c:60)
==4342==    by 0x40ADBC7: exit (in /lib/libc-2.7.so)
==4342==    by 0x80768F3: exit_sighandler (mplayer.c:816)
==4342==    by 0x40AAE37: (within /lib/libc-2.7.so)
==4342==    by 0x8165551: demux_open_vqf (demux_vqf.c:38)
==4342== 
==4342== ERROR SUMMARY: 249 errors from 12 contexts (suppressed: 0 from 0)
==4342== malloc/free: in use at exit: 205,105 bytes in 2,217 blocks.
==4342== malloc/free: 22,972 allocs, 20,755 frees, 6,719,429 bytes allocated.
==4342== For counts of detected errors, rerun with: -v
==4342== searching for pointers to 2,217 not-freed blocks.
==4342== checked 3,129,932 bytes.
==4342== 
==4342== LEAK SUMMARY:
==4342==    definitely lost: 0 bytes in 0 blocks.
==4342==      possibly lost: 0 bytes in 0 blocks.
==4342==    still reachable: 205,105 bytes in 2,217 blocks.
==4342==         suppressed: 0 bytes in 0 blocks.
==4342== Reachable blocks (those to which a pointer was found) are not shown.
==4342== To see them, rerun with: --leak-check=full --show-reachable=yes
MPlayer interrupted by signal 11 in module: decode_audio
- MPlayer crashed by bad usage of CPU/FPU/RAM.
  Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and
  disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen.
  It can be a bug in the MPlayer code _or_ in your drivers _or_ in your
  gcc version. If you think it's MPlayer's fault, please read
  DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and
  won't help unless you provide this information when reporting a possible bug.
_________________________________________________________________

gdb Backtrace

/home/user/bug_report/core: No such file or directory.
[Thread debugging using libthread_db enabled]
MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Dual-Core AMD Opteron(tm) Processor 2218 HE (Family: 15, Model: 65,
Stepping: 3)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
get_path('codecs.conf') -> '/root/.mplayer/codecs.conf'
Reading /root/.mplayer/codecs.conf: Can't open '/root/.mplayer/codecs.conf': No
such file or directory
Reading /usr/local/etc/mplayer/codecs.conf: Can't open
'/usr/local/etc/mplayer/codecs.conf': No such file or directory
Using built-in default codecs.conf.
Configuration: --enable-debug=3
CommandLine: '-v' '32-in_the_end.mp3'
get_path('font/font.desc') -> '/root/.mplayer/font/font.desc'
font: can't open file: /root/.mplayer/font/font.desc
font: can't open file: /usr/local/share/mplayer/font/font.desc
Using MMX (with tiny bit MMX2) Optimized OnScreenDisplay
Using nanosleep() timing
get_path('input.conf') -> '/root/.mplayer/input.conf'
Can't open input config file /root/.mplayer/input.conf: No such file or
directory
Can't open input config file /usr/local/etc/mplayer/input.conf: No such file or
directory
Falling back on default (hardcoded) input config
get_path('32-in_the_end.mp3.conf') -> '/root/.mplayer/32-in_the_end.mp3.conf'

Playing 32-in_the_end.mp3.
get_path('sub/') -> '/root/.mplayer/sub/'
[file] File size is 3460830 bytes
STREAM: [file] 32-in_the_end.mp3
STREAM: Description: File
STREAM: Author: Albeu
STREAM: Comment: based on the code from ??? (probably Arpi)
LAVF_check: MPEG audio
Checking for YUV4MPEG2
ASF_check: not ASF guid!
Checking for NuppelVideo
Checking for REAL
Checking for SMJPEG
Searching demuxer type for filename 32-in_the_end.mp3 ext: .mp3
Trying demuxer 17 based on filename extension
==> Found audio stream: 0
demux_audio: seeking from 0x34CEDE to start pos 0x0
demux_audio: audio data 0x0 - 0x34CE5E  
Audio only file format detected.
Clip info:
 Title: In The nd
 Artist: [Linkin Park]
 Album: 
 Year: 
 Comment: 
 Genre: Unknown
==========================================================================
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
dec_audio: Allocating 4608 + 65536 = 70144 bytes for output buffer.
mp3lib: using 3DNow!Ex optimized decore!
MP3lib: init layer2&3 finished, tables done

MPEG 1.0, Layer III, 44100 Hz 128 kbit Joint-Stereo, BPF: 417
Channels: 2, copyright: Yes, original: Yes, CRC: No, emphasis: 0
AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16000->176400)
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
Building audio filter chain for 44100Hz/2ch/s16le -> 0Hz/0ch/??...
[libaf] Adding filter dummy 
[dummy] Was reinitialized: 44100Hz/2ch/s16le
[dummy] Was reinitialized: 44100Hz/2ch/s16le
Trying every known audio driver...
ao2: 44100 Hz  2 chans  s16le
audio_setup: using '/dev/dsp' dsp device
audio_setup: using '/dev/mixer' mixer device
audio_setup: using 'pcm' mixer device
[AO OSS] audio_setup: Can't open audio device /dev/dsp: No such device or
address
DVB card number must be between 1 and 4
AO: [null] 44100Hz 2ch s16le (2 bytes per sample)
AO: Description: Null audio output
AO: Author: Tobias Diedrich <ran...@td...>
Building audio filter chain for 44100Hz/2ch/s16le -> 44100Hz/2ch/s16le...
[dummy] Was reinitialized: 44100Hz/2ch/s16le
[dummy] Was reinitialized: 44100Hz/2ch/s16le
Video: no video
Freeing 0 unused video chunks.
Starting playback...
Increasing filtered audio buffer size from 0 to 37888
A: 125.5 (02:05.4) of 216.0 (03:36.0)  0.4%                                     
Program received signal SIGSEGV, Segmentation fault.
0x081e339a in do_layer3 (fr=0x87591a0, single=-1) at mp3lib/layer3.c:1157
1157             register real bu = *--xr2,bd = *xr1;
#0  0x081e339a in do_layer3 (fr=0x87591a0, single=-1) at mp3lib/layer3.c:1157
#1  0x08165552 in demux_open_vqf (demuxer=0x0) at libmpdemux/demux_vqf.c:38
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Dump of assembler code from 0x81e337a to 0x81e33ba:
0x081e337a <do_layer3+2330>:    fdivr  %st(7),%st
0x081e337c <do_layer3+2332>:    decl   0xf484041(%ebx)
0x081e3382 <do_layer3+2338>:    test   %al,%bh
0x081e3384 <do_layer3+2340>:    add    (%eax),%al
0x081e3386 <do_layer3+2342>:    add    %cl,-0x272763(%ebx)
0x081e338c <do_layer3+2348>:    decl   -0x7626763a(%ecx)
0x081e3392 <do_layer3+2354>:    fidivl (%ecx)
0x081e3394 <do_layer3+2356>:    rolb   shxd9,0x2d904ea(%ebx)
0x081e339b <do_layer3+2363>:    add    %ebx,%ecx
0x081e339d <do_layer3+2365>:    add    shx85,%al
0x081e339f <do_layer3+2367>:    pusha  
0x081e33a0 <do_layer3+2368>:    sub    shxcad80876,%eax
0x081e33a5 <do_layer3+2373>:    flds   0x8762d40(,%eax,4)
0x081e33ac <do_layer3+2380>:    fmul   %st(2),%st
0x081e33ae <do_layer3+2382>:    fsubrp %st,%st(1)
0x081e33b0 <do_layer3+2384>:    fstps  (%edx)
0x081e33b2 <do_layer3+2386>:    fmuls  0x8762d60(,%eax,4)
0x081e33b9 <do_layer3+2393>:    fxch   %st(1)
End of assembler dump.
eax            0x6      6
ecx            0xbfffd000       -1073754112
edx            0xbfffcfcc       -1073754164
ebx            0xbfffcfe8       -1073754136
esp            0xbfff7910       0xbfff7910
ebp            0xbfffa128       0xbfffa128
esi            0xffffff0f       -241
edi            0x0      0
eip            0x81e339a        0x81e339a <do_layer3+2362>
eflags         0x210296 [ PF AF SF IF RF ID ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            9.3241867560323044017422944307327271e-09 (raw
0x3fe4a030350000000000)
st1            -nan(0x8001800180018001) (raw 0xffff8001800180018001)
st2            -nan(0x7fff7fff7fff7fff) (raw 0xffff7fff7fff7fff7fff)
st3            -nan(0xc20fe000126980)   (raw 0xffff00c20fe000126980)
st4            -nan(0x22ea00b003d03e90) (raw 0xffff22ea00b003d03e90)
st5            -0       (raw 0x80000000000000000000)
st6            13109.035698911757208406925201416016     (raw
0x400cccd4248e416a0000)
st7            -537.47045153413637308403849601745605    (raw
0xc008865e1be0c05e0000)
fctrl          0x37f    895
fstat          0x3832   14386
ftag           0x3fff   16383
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
xmm0           {v4_float = {0x0, 0x0, 0x0, 0xc2960000}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0xfd, 0xa3, 0xb6, 0xed, 0x77, 0xff, 0xfb, 
    0x92, 0x6c, 0x83, 0x1, 0x4, 0x4b, 0x61, 0xd9, 0x53}, v8_int16 = {0xa3fd,
0xedb6, 0xff77, 0x92fb, 0x836c, 0x401, 0x614b, 0x53d9}, v4_int32 = {
    0xedb6a3fd, 0x92fbff77, 0x401836c, 0x53d9614b}, v2_int64 =
{0x92fbff77edb6a3fd, 0x53d9614b0401836c}, uint128 =
0x53d9614b0401836c92fbff77edb6a3fd}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0xc, 0x33, 0x26, 0x35, 0x61, 0xfb, 0x4d, 0x2f, 0x2, 0x22, 0x8f, 
    0x15, 0x6d, 0x61, 0x4c, 0x30}, v8_int16 = {0x330c, 0x3526, 0xfb61, 0x2f4d,
0x2202, 0x158f, 0x616d, 0x304c}, v4_int32 = {0x3526330c, 0x2f4dfb61, 
    0x158f2202, 0x304c616d}, v2_int64 = {0x2f4dfb613526330c,
0x304c616d158f2202}, uint128 = 0x304c616d158f22022f4dfb613526330c}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
0x8000000000000000}, v16_int8 = {0x4d, 0x90, 0xac, 0xa, 0xac, 0xe8, 0xf6, 0x14,
0xca, 
    0xc, 0x2d, 0x9f, 0xe9, 0x1c, 0x60, 0x73}, v8_int16 = {0x904d, 0xaac,
0xe8ac, 0x14f6, 0xcca, 0x9f2d, 0x1ce9, 0x7360}, v4_int32 = {0xaac904d, 
    0x14f6e8ac, 0x9f2d0cca, 0x73601ce9}, v2_int64 = {0x14f6e8ac0aac904d,
0x73601ce99f2d0cca}, uint128 = 0x73601ce99f2d0cca14f6e8ac0aac904d}
xmm3           {v4_float = {0x55351e8, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x3d, 0x6a, 0xaa, 0x4c, 0xd2, 0x18, 0xa0, 0x23, 0xa1, 0xa6, 
    0x30, 0xa6, 0xe, 0x3a, 0x81, 0x95}, v8_int16 = {0x6a3d, 0x4caa, 0x18d2,
0x23a0, 0xa6a1, 0xa630, 0x3a0e, 0x9581}, v4_int32 = {0x4caa6a3d, 0x23a018d2, 
    0xa630a6a1, 0x95813a0e}, v2_int64 = {0x23a018d24caa6a3d,
0x95813a0ea630a6a1}, uint128 = 0x95813a0ea630a6a123a018d24caa6a3d}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128
= 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128
= 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128
= 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
    0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128
= 0x00000000000000000000000000000000}
mxcsr          0x1fa0   [ PE IM DM ZM OM UM PM ]
mm0            {uint64 = 0x865e1be0c05e0000, v2_int32 = {0xc05e0000,
0x865e1be0}, v4_int16 = {0x0, 0xc05e, 0x1be0, 0x865e}, v8_int8 = {0x0, 0x0,
0x5e, 
    0xc0, 0xe0, 0x1b, 0x5e, 0x86}}
mm1            {uint64 = 0xa030350000000000, v2_int32 = {0x0, 0xa0303500},
v4_int16 = {0x0, 0x0, 0x3500, 0xa030}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 
    0x35, 0x30, 0xa0}}
mm2            {uint64 = 0x8001800180018001, v2_int32 = {0x80018001,
0x80018001}, v4_int16 = {0x8001, 0x8001, 0x8001, 0x8001}, v8_int8 = {0x1, 0x80,
0x1, 
    0x80, 0x1, 0x80, 0x1, 0x80}}
mm3            {uint64 = 0x7fff7fff7fff7fff, v2_int32 = {0x7fff7fff,
0x7fff7fff}, v4_int16 = {0x7fff, 0x7fff, 0x7fff, 0x7fff}, v8_int8 = {0xff,
0x7f, 
    0xff, 0x7f, 0xff, 0x7f, 0xff, 0x7f}}
mm4            {uint64 = 0xc20fe000126980, v2_int32 = {0x126980, 0xc20fe0},
v4_int16 = {0x6980, 0x12, 0xfe0, 0xc2}, v8_int8 = {0x80, 0x69, 0x12, 0x0, 
    0xe0, 0xf, 0xc2, 0x0}}
mm5            {uint64 = 0x22ea00b003d03e90, v2_int32 = {0x3d03e90,
0x22ea00b0}, v4_int16 = {0x3e90, 0x3d0, 0xb0, 0x22ea}, v8_int8 = {0x90, 0x3e,
0xd0, 
    0x3, 0xb0, 0x0, 0xea, 0x22}}
mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0,
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7            {uint64 = 0xccd4248e416a0000, v2_int32 = {0x416a0000,
0xccd4248e}, v4_int16 = {0x0, 0x416a, 0x248e, 0xccd4}, v8_int8 = {0x0, 0x0,
0x6a, 
    0x41, 0x8e, 0x24, 0xd4, 0xcc}}
The program is running.  Quit anyway (and kill it)? (y or n) [answered Y; input
not from terminal]


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1233] New: For this .spx file, valgrind reports InvalidRead, UninitCondition,

From: <bug...@bu...> - 2008-08-06 07:51:48

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1233

           Summary: For this .spx file, valgrind reports InvalidRead,
                    UninitCondition,
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/110690-0-3627122432-
                    result32512.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the SUPERB-TRUST 2008 project, see
http://www.truststc.org/superb/

For this .spx file, valgrind reports InvalidRead, UninitCondition, 

System Info: 

MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing meh.spx.

##############################################################

to reproduce:
wget http://www.metafuzz.com/testcases/110690-0-3627122432-result32512.tgz
tar xzf 110690-0-3627122432-result32512.tgz
valgrind mplayer meh.spx

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==13148== Memcheck, a memory error detector.
==13148== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==13148== Using LibVEX rev 1715, a library for dynamic binary translation.
==13148== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==13148== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==13148== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==13148== For more details, rerun with: -v
==13148== 
==13148== My PID = 13148, parent PID = 13147.  Prog and args are:
==13148==    mplayer
==13148==    meh.spx
==13148== 
==13148== Conditional jump or move depends on uninitialised value(s)
==13148== Stack hash: 4126823808
==13148==    at 0x400A65C: (within /lib/ld-2.7.so)
==13148==    by 0x4003125: (within /lib/ld-2.7.so)
==13148==    by 0x40138EC: (within /lib/ld-2.7.so)
==13148==    by 0x4000C3D: (within /lib/ld-2.7.so)
==13148==    by 0x4000816: (within /lib/ld-2.7.so)
==13148== 
==13148== Conditional jump or move depends on uninitialised value(s)
==13148== Stack hash: 4228028502
==13148==    at 0x400A692: (within /lib/ld-2.7.so)
==13148==    by 0x4003125: (within /lib/ld-2.7.so)
==13148==    by 0x40138EC: (within /lib/ld-2.7.so)
==13148==    by 0x4000C3D: (within /lib/ld-2.7.so)
==13148==    by 0x4000816: (within /lib/ld-2.7.so)
==13148== 
==13148== Conditional jump or move depends on uninitialised value(s)
==13148== Stack hash: 936347057
==13148==    at 0x400B19D: (within /lib/ld-2.7.so)
==13148==    by 0x4003125: (within /lib/ld-2.7.so)
==13148==    by 0x40138EC: (within /lib/ld-2.7.so)
==13148==    by 0x4000C3D: (within /lib/ld-2.7.so)
==13148==    by 0x4000816: (within /lib/ld-2.7.so)
==13148== 
==13148== Conditional jump or move depends on uninitialised value(s)
==13148== Stack hash: 3629006124
==13148==    at 0x400A542: (within /lib/ld-2.7.so)
==13148==    by 0x4003383: (within /lib/ld-2.7.so)
==13148==    by 0x40138EC: (within /lib/ld-2.7.so)
==13148==    by 0x4000C3D: (within /lib/ld-2.7.so)
==13148==    by 0x4000816: (within /lib/ld-2.7.so)
==13148== 
==13148== Conditional jump or move depends on uninitialised value(s)
==13148== Stack hash: 3643999412
==13148==    at 0x400A54A: (within /lib/ld-2.7.so)
==13148==    by 0x4003383: (within /lib/ld-2.7.so)
==13148==    by 0x40138EC: (within /lib/ld-2.7.so)
==13148==    by 0x4000C3D: (within /lib/ld-2.7.so)
==13148==    by 0x4000816: (within /lib/ld-2.7.so)
==13148== 
==13148== Conditional jump or move depends on uninitialised value(s)
==13148== Stack hash: 4258724220
==13148==    at 0x400A692: (within /lib/ld-2.7.so)
==13148==    by 0x4003383: (within /lib/ld-2.7.so)
==13148==    by 0x40138EC: (within /lib/ld-2.7.so)
==13148==    by 0x4000C3D: (within /lib/ld-2.7.so)
==13148==    by 0x4000816: (within /lib/ld-2.7.so)
==13148== 
==13148== Invalid read of size 4
==13148== Stack hash: 1364543850
==13148==    at 0x417FBC4: (within /lib/libc-2.7.so)
==13148==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==13148== 
==13148== Process terminating with default action of signal 11 (SIGSEGV)
==13148==  Access not within mapped region at address 0x10
==13148== Stack hash: 1364543850
==13148==    at 0x417FBC4: (within /lib/libc-2.7.so)
==13148== 
==13148== ERROR SUMMARY: 20 errors from 7 contexts (suppressed: 0 from 0)
==13148== malloc/free: in use at exit: 33,636 bytes in 20 blocks.
==13148== malloc/free: 2,321 allocs, 2,301 frees, 1,272,114 bytes allocated.
==13148== For counts of detected errors, rerun with: -v
==13148== searching for pointers to 20 not-freed blocks.
==13148== checked 2,951,952 bytes.
==13148== 
==13148== LEAK SUMMARY:
==13148==    definitely lost: 0 bytes in 0 blocks.
==13148==      possibly lost: 0 bytes in 0 blocks.
==13148==    still reachable: 33,636 bytes in 20 blocks.
==13148==         suppressed: 0 bytes in 0 blocks.
==13148== Reachable blocks (those to which a pointer was found) are not shown.
==13148== To see them, rerun with: --leak-check=full --show-reachable=yes


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1232] New: For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition,

From: <bug...@bu...> - 2008-08-06 07:22:22

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1232

           Summary: For this .mp3 file, valgrind reports InvalidRead,
                    UninitValue, UninitCondition,
           Product: MPlayer
           Version: HEAD
          Platform: Other
               URL: http://www.metafuzz.com/testcases/664852-199-311034112-
                    result256.tgz
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: xue...@be...
                CC: cat...@li...


This bug was found as part of the SUPERB-TRUST 2008 project, see
http://www.truststc.org/superb/

For this .mp3 file, valgrind reports InvalidRead, UninitValue, UninitCondition, 

System Info: 

MPlayer dev-SVN-r27418-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel Pentium 4/Celeron 4 Northwood. Pentium 4 EE/Xeon Prestonia,Gallatin
(Family: 15, Model: 2, Stepping: 7)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2

Playing 199-song0004.mp3.

##############################################################

to reproduce:
wget http://www.metafuzz.com/testcases/664852-199-311034112-result256.tgz
tar xzf 664852-199-311034112-result256.tgz
valgrind mplayer 199-song0004.mp3

::::::::::::::::::::Valgrind result:::::::::::::::::::::::::::::

==6930== Memcheck, a memory error detector.
==6930== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==6930== Using LibVEX rev 1715, a library for dynamic binary translation.
==6930== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==6930== Using valgrind-3.2.2, a dynamic binary instrumentation framework.
==6930== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==6930== For more details, rerun with: -v
==6930== 
==6930== My PID = 6930, parent PID = 6929.  Prog and args are:
==6930==    mplayer
==6930==    199-song0004.mp3
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 4126823808
==6930==    at 0x400A65C: (within /lib/ld-2.7.so)
==6930==    by 0x4003125: (within /lib/ld-2.7.so)
==6930==    by 0x40138EC: (within /lib/ld-2.7.so)
==6930==    by 0x4000C3D: (within /lib/ld-2.7.so)
==6930==    by 0x4000816: (within /lib/ld-2.7.so)
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 4228028502
==6930==    at 0x400A692: (within /lib/ld-2.7.so)
==6930==    by 0x4003125: (within /lib/ld-2.7.so)
==6930==    by 0x40138EC: (within /lib/ld-2.7.so)
==6930==    by 0x4000C3D: (within /lib/ld-2.7.so)
==6930==    by 0x4000816: (within /lib/ld-2.7.so)
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 936347057
==6930==    at 0x400B19D: (within /lib/ld-2.7.so)
==6930==    by 0x4003125: (within /lib/ld-2.7.so)
==6930==    by 0x40138EC: (within /lib/ld-2.7.so)
==6930==    by 0x4000C3D: (within /lib/ld-2.7.so)
==6930==    by 0x4000816: (within /lib/ld-2.7.so)
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 3629006124
==6930==    at 0x400A542: (within /lib/ld-2.7.so)
==6930==    by 0x4003383: (within /lib/ld-2.7.so)
==6930==    by 0x40138EC: (within /lib/ld-2.7.so)
==6930==    by 0x4000C3D: (within /lib/ld-2.7.so)
==6930==    by 0x4000816: (within /lib/ld-2.7.so)
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 3643999412
==6930==    at 0x400A54A: (within /lib/ld-2.7.so)
==6930==    by 0x4003383: (within /lib/ld-2.7.so)
==6930==    by 0x40138EC: (within /lib/ld-2.7.so)
==6930==    by 0x4000C3D: (within /lib/ld-2.7.so)
==6930==    by 0x4000816: (within /lib/ld-2.7.so)
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 4258724220
==6930==    at 0x400A692: (within /lib/ld-2.7.so)
==6930==    by 0x4003383: (within /lib/ld-2.7.so)
==6930==    by 0x40138EC: (within /lib/ld-2.7.so)
==6930==    by 0x4000C3D: (within /lib/ld-2.7.so)
==6930==    by 0x4000816: (within /lib/ld-2.7.so)
==6930== 
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 1861723244
==6930==    at 0x84691C6: huffman_decode (mpegaudiodec.c:1558)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 3015908747
==6930==    at 0x8469219: huffman_decode (mpegaudiodec.c:1568)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 4046632117
==6930==    at 0x84695BB: huffman_decode (mpegaudiodec.c:231)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 2022362712
==6930==    at 0x84695C2: huffman_decode (mpegaudiodec.c:232)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 3566332850
==6930==    at 0x84695D4: huffman_decode (mpegaudiodec.c:235)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 3541217440
==6930==    at 0x846956A: huffman_decode (mpegaudiodec.c:231)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 1516948035
==6930==    at 0x8469571: huffman_decode (mpegaudiodec.c:232)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Conditional jump or move depends on uninitialised value(s)
==6930== Stack hash: 1438991108
==6930==    at 0x846957E: huffman_decode (mpegaudiodec.c:235)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Use of uninitialised value of size 4
==6930== Stack hash: 674590240
==6930==    at 0x84694EA: huffman_decode (mpegaudiodec.c:1581)
==6930==    by 0x8469F2D: mp_decode_layer3 (mpegaudiodec.c:2280)
==6930==    by 0x846B951: mp_decode_frame (mpegaudiodec.c:2336)
==6930==    by 0x846D8B8: decode_frame (mpegaudiodec.c:2432)
==6930==    by 0x82E503A: avcodec_decode_audio2 (utils.c:945)
==6930==    by 0x82601D0: av_find_stream_info (utils.c:1830)
==6930==    by 0x81A0A26: demux_open_lavf (demux_lavf.c:466)
==6930==    by 0x811C84C: demux_open_stream (demuxer.c:871)
==6930==    by 0x811CB04: demux_open (demuxer.c:998)
==6930==    by 0x8078D8C: main (mplayer.c:3237)
==6930== 
==6930== Invalid read of size 4
==6930== Stack hash: 1364543850
==6930==    at 0x417FBC4: (within /lib/libc-2.7.so)
==6930==  Address 0x10 is not stack'd, malloc'd or (recently) free'd
==6930== 
==6930== Process terminating with default action of signal 11 (SIGSEGV)
==6930==  Access not within mapped region at address 0x10
==6930== Stack hash: 1364543850
==6930==    at 0x417FBC4: (within /lib/libc-2.7.so)
==6930== 
==6930== ERROR SUMMARY: 442 errors from 16 contexts (suppressed: 0 from 0)
==6930== malloc/free: in use at exit: 33,644 bytes in 21 blocks.
==6930== malloc/free: 6,297 allocs, 6,276 frees, 4,225,284 bytes allocated.
==6930== For counts of detected errors, rerun with: -v
==6930== searching for pointers to 21 not-freed blocks.
==6930== checked 2,952,272 bytes.
==6930== 
==6930== LEAK SUMMARY:
==6930==    definitely lost: 0 bytes in 0 blocks.
==6930==      possibly lost: 0 bytes in 0 blocks.
==6930==    still reachable: 33,644 bytes in 21 blocks.
==6930==         suppressed: 0 bytes in 0 blocks.
==6930== Reachable blocks (those to which a pointer was found) are not shown.
==6930== To see them, rerun with: --leak-check=full --show-reachable=yes


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1211] New: Too many Use of uninitialised and Conditional jump bugs

From: <bug...@bu...> - 2008-07-18 20:35:53

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1211

           Summary: Too many  Use of uninitialised and Conditional jump bugs
           Product: MPlayer
           Version: HEAD
          Platform: PC (x86)
               URL: http://www.cs.berkeley.edu/~ethiodad/zuf_enate22.wma
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: core
        AssignedTo: Rei...@st...
        ReportedBy: eth...@gm...
                CC: cat...@li...


Valgrind reported millions of uninitailized and conditional jump bugs  while
playing the followinf link. 
http://www.cs.berkeley.edu/~ethiodad/zuf_enate22.wma
  Even thought i have seen similar bug reports that are uninitialized and
conditional jump, these bugs that i found playing .wma file seem serious bugs
that need attention.  these bugs are reproducable in mplayer version
SVN-r27327-4.1.2.

 Here is the report from Valgrind:

 MPlayer dev-SVN-r27327-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 CPU          6600  @ 2.40GHz (Family: 6, Model: 15,
Stepping: 6)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2

Playing zuf_enate22.wma.
ASF file format detected.
[asfheader] Audio stream found, -aid 1
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 2567684456
==11686==    at 0x851A929: adpcm_decode_frame (adpcm.c:711)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x8198A96: init (ad_ffmpeg.c:109)
==11686==    by 0x80DB022: init_audio (dec_audio.c:95)
==11686==    by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686==    by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686==    by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 2075487956
==11686==    at 0x851A945: adpcm_decode_frame (adpcm.c:720)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x8198A96: init (ad_ffmpeg.c:109)
==11686==    by 0x80DB022: init_audio (dec_audio.c:95)
==11686==    by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686==    by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686==    by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686==
Stack hash: 1402692663
==11686==    at 0x851A974: adpcm_decode_frame (common.h:224)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x8198A96: init (ad_ffmpeg.c:109)
==11686==    by 0x80DB022: init_audio (dec_audio.c:95)
==11686==    by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686==    by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686==    by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1094897246
==11686==    at 0x851A877: adpcm_decode_frame (adpcm.c:711)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x8198A96: init (ad_ffmpeg.c:109)
==11686==    by 0x80DB022: init_audio (dec_audio.c:95)
==11686==    by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686==    by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686==    by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 602700746
==11686==    at 0x851A893: adpcm_decode_frame (adpcm.c:720)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x8198A96: init (ad_ffmpeg.c:109)
==11686==    by 0x80DB022: init_audio (dec_audio.c:95)
==11686==    by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686==    by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686==    by 0x8078131: main (mplayer.c:3583)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686==
Stack hash: 372502074
==11686==    at 0x851A8C3: adpcm_decode_frame (common.h:224)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x8198A96: init (ad_ffmpeg.c:109)
==11686==    by 0x80DB022: init_audio (dec_audio.c:95)
==11686==    by 0x80DB418: init_best_audio_codec (dec_audio.c:270)
==11686==    by 0x8076788: reinit_audio_chain (mplayer.c:1585)
==11686==    by 0x8078131: main (mplayer.c:3583)
AUDIO: 44100 Hz, 2 ch, s16le, 128.0 kbit/9.07% (ratio: 16002->176400)
Selected audio codec: [ffadpcmimadk4] afm: ffmpeg (FFmpeg DK4 IMA ADPCM audio)
==========================================================================
AO: [oss] 44100Hz 2ch s16le (2 bytes per sample)
Video: no video
Starting playback...
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1757386080
==11686==    at 0x851A929: adpcm_decode_frame (adpcm.c:711)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x80DA984: decode_audio (dec_audio.c:383)
==11686==    by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1809862588
==11686==    at 0x851A945: adpcm_decode_frame (adpcm.c:720)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x80DA984: decode_audio (dec_audio.c:383)
==11686==    by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686==
Stack hash: 1897948155
==11686==    at 0x851A974: adpcm_decode_frame (common.h:224)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x80DA984: decode_audio (dec_audio.c:383)
==11686==    by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1423785422
==11686==    at 0x851A877: adpcm_decode_frame (adpcm.c:711)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x80DA984: decode_audio (dec_audio.c:383)
==11686==    by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Use of uninitialised value of size 4
==11686== Stack hash: 1476261930
==11686==    at 0x851A893: adpcm_decode_frame (adpcm.c:720)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x80DA984: decode_audio (dec_audio.c:383)
==11686==    by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Conditional jump or move depends on uninitialised value(s)==11686==
Stack hash: 1566221658
==11686==    at 0x851A8C3: adpcm_decode_frame (common.h:224)
==11686==    by 0x82ECD5A: avcodec_decode_audio2 (utils.c:928)
==11686==    by 0x8198748: decode_audio (ad_ffmpeg.c:161)
==11686==    by 0x80DA984: decode_audio (dec_audio.c:383)
==11686==    by 0x80784F9: main (mplayer.c:2044)
==11686==
==11686== Syscall param write(buf) points to uninitialised byte(s)
==11686== Stack hash: 2550802113
==11686==    at 0x4000792: (within /lib/ld-2.3.6.so)
==11686==  Address 0x433fb90 is 0 bytes inside a block of size 65,536 alloc'd
==11686== Stack hash: 2167153555
==11686==    at 0x401D898: malloc (vg_replace_malloc.c:207)
==11686==    by 0x401D9DC: realloc (vg_replace_malloc.c:429)
==11686==    by 0x80DAA6E: decode_audio (dec_audio.c:401)
==11686==    by 0x80784F9: main (mplayer.c:2044)
A:  16.0 (16.0) of 331.0 (05:31.0) 33.7%

MPlayer interrupted by signal 2 in module: play_audio
A:  16.9 (16.9) of 331.0 (05:31.0) 34.5%
Exiting... (Quit)
==11686==
==11686== ERROR SUMMARY: 1282478 errors from 13 contexts (suppressed: 19 from
1)
==11686== malloc/free: in use at exit: 39,029 bytes in 17 blocks.
==11686== malloc/free: 2,480 allocs, 2,463 frees, 1,995,146 bytes allocated.
==11686== For counts of detected errors, rerun with: -v
==11686== searching for pointers to 17 not-freed blocks.
==11686== checked 2,898,920 bytes.
==11686==
==11686== LEAK SUMMARY:
==11686==    definitely lost: 5,976 bytes in 1 blocks.
==11686==      possibly lost: 0 bytes in 0 blocks.
==11686==    still reachable: 33,053 bytes in 16 blocks.
==11686==         suppressed: 0 bytes in 0 blocks.
==11686== Rerun with --leak-check=full to see details of leaked memo

  The Bugs were found doing summer Research for SUBERB-TRUST 2008.


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] send me your info! =)

From: Nichole S. <nst...@mi...> - 2008-07-17 23:13:54

Hi guys,

I just wanted to check and see if anyone had collected any data on their or other people's bugs as far as what kind it is, what fuzzer found it, how it was handled by the developers,etc.
Jason and I are working on an excel spreadsheet that will list all this so if you already have any part of it done and would like to email that to me at nst...@ee... it would be pretty awesome. =)
Otherwise, no worries and just ignore this email. ;)
Thanks!

~Nichole

[Catchconv-bugreports] [Bug 1210] New: Demuxer: Conditional jump or move depends on uninitialised value(s)

From: <bug...@bu...> - 2008-07-17 21:49:51

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1210

           Summary: Demuxer: Conditional jump or move depends on
                    uninitialised value(s)
           Product: MPlayer
           Version: HEAD
          Platform: PC (x86)
               URL: http://www.eecs.berkeley.edu/~sckhan/36-p6.mp4
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: demuxer
        AssignedTo: r_...@ti...
        ReportedBy: sc...@ee...
                CC: cat...@li...


The following report is for the SUPERB-TRUST 2008, the cyber security project. 

#Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) 
valgrind report the Invalid Read.


#The test case is "36-p6.mp4" can be found at the URL 

*http://www.eecs.berkeley.edu/~sckhan/36-p6.mp4

#Reproducible with the following command

*valgrind mplayer 

Can also be run as: 

*valgrind --log-file=log33 mplayer 36-p6.mp4

#OS: Debian Etch Linux

#Valgrind output:

==25952== Memcheck, a memory error detector.
==25952== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==25952== Using LibVEX rev 1854, a library for dynamic binary translation.
==25952== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==25952== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==25952== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==25952== For more details, rerun with: -v
==25952== 
==25952== My PID = 25952, parent PID = 3261.  Prog and args are:
==25952==    mplayer
==25952==    36-p6.mp4
==25952== 
==25952== Warning: set address range perms: large range 268436356 (undefined)
==25952== Warning: set address range perms: large range 268436364 (undefined)
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 4138916608
==25952==    at 0x81376E2: gen_sh_video (demux_mov.c:1011)
==25952==    by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952==    by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952==    by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952==    by 0x811E511: demux_open (demuxer.c:991)
==25952==    by 0x80779AE: main (mplayer.c:3238)
==25952== 
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 1577548237
==25952==    at 0x81376FB: gen_sh_video (demux_mov.c:1013)
==25952==    by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952==    by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952==    by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952==    by 0x811E511: demux_open (demuxer.c:991)
==25952==    by 0x80779AE: main (mplayer.c:3238)
==25952== 
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 1993611979
==25952==    at 0x8137701: gen_sh_video (demux_mov.c:1013)
==25952==    by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952==    by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952==    by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952==    by 0x811E511: demux_open (demuxer.c:991)
==25952==    by 0x80779AE: main (mplayer.c:3238)
==25952== 
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 1841849951
==25952==    at 0x8137645: gen_sh_video (demux_mov.c:1013)
==25952==    by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952==    by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952==    by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952==    by 0x811E511: demux_open (demuxer.c:991)
==25952==    by 0x80779AE: main (mplayer.c:3238)
==25952== 
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 2604633478
==25952==    at 0x8137650: gen_sh_video (demux_mov.c:1013)
==25952==    by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952==    by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952==    by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952==    by 0x811E511: demux_open (demuxer.c:991)
==25952==    by 0x80779AE: main (mplayer.c:3238)
==25952== 
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 3159385134
==25952==    at 0x8137658: gen_sh_video (demux_mov.c:1013)
==25952==    by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952==    by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952==    by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952==    by 0x811E511: demux_open (demuxer.c:991)
==25952==    by 0x80779AE: main (mplayer.c:3238)
==25952== 
==25952== Conditional jump or move depends on uninitialised value(s)
==25952== Stack hash: 879750629
==25952==    at 0x81376B3: gen_sh_video (demux_mov.c:1106)
==25952==    by 0x813B7D4: lschunks (demux_mov.c:1326)
==25952==    by 0x813C1E5: mov_read_header (demux_mov.c:1934)
==25952==    by 0x811E23E: demux_open_stream (demuxer.c:864)
==25952==    by 0x811E511: demux_open (demuxer.c:991)
==25952==    by 0x80779AE: main (mplayer.c:3238)
==25952== Warning: set address range perms: large range 268436388 (noaccess)
==25952== Warning: set address range perms: large range 268436396 (noaccess)
==25952== 
==25952== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 19 from 1)
==25952== malloc/free: in use at exit: 81,597 bytes in 19 blocks.
==25952== malloc/free: 2,343 allocs, 2,324 frees, 538,294,607 bytes allocated.
==25952== For counts of detected errors, rerun with: -v
==25952== searching for pointers to 19 not-freed blocks.
==25952== checked 2,898,776 bytes.
==25952== 
==25952== LEAK SUMMARY:
==25952==    definitely lost: 48,697 bytes in 8 blocks.
==25952==      possibly lost: 0 bytes in 0 blocks.
==25952==    still reachable: 32,900 bytes in 11 blocks.
==25952==         suppressed: 0 bytes in 0 blocks.
==25952== Rerun with --leak-check=full to see details of leaked memory.

*This report to inform the error found in Mplayer using the test case:
36-p6.mp4 with Stack hash: 879750629 and back-trace at: gen_sh_video
(demux_mov.c:1106). 

#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.

*URL at: metafuzz.com


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1152] Invalid read at bitstream.h:658

From: <bug...@bu...> - 2008-07-17 20:48:36

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1152





------- Comment #5 from zl...@gm...  2008-07-17 22:47 CEST -------
I realized that I put different links in the URL field and the Description
field. The correct URL should be:

http://www.eecs.berkeley.edu/~zhl210/545634-1659-52280140-InvalidRead.tgz

Sorry about that!


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] Fwd: [ faac-Bugs-2020278 ] Mplayer Crashed: Invalid Read

From: Nichole A. E. <nic...@gm...> - 2008-07-17 05:56:07

---------- Forwarded message ----------
From: SourceForge.net <no...@so...>
Date: Wed, Jul 16, 2008 at 10:52 PM
Subject: [ faac-Bugs-2020278 ] Mplayer Crashed: Invalid Read
To: no...@so...


Bugs item #2020278, was opened at 2008-07-16 22:52
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100704&aid=2020278&group_id=704

Please note that this message will contain a full copy of the comment
thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nichole Alvarez (nalvarez)
Assigned to: Nobody/Anonymous (nobody)
Summary: Mplayer Crashed: Invalid Read

Initial Comment:
I worked in the lab as part of the SUPERB-TRUST 2008 for the security
project
and found these bugs in the file 8-3.wav. The errors are Crash and 2 Invalid
Read. You can download the file with the following links and can run the
command below:

You can find this bug in:
www.metafuzz.com
wget http://www.metafuzz.com/testcases/854652-8-3592192390-InvalidRead.tgz
tar xzfv 854652-8-3592192390-InvalidRead.tgz
http://www.cs.berkeley.edu/~nalvarez/8-3.wav<http://www.cs.berkeley.edu/%7Enalvarez/8-3.wav>

I have this version :

MPlayer dev-SVN-r27185-4.1.2 (C) 2000-2008 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz (Family: 6, Model: 15,
Stepping: 13)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 SSE SSE2


AO: [oss] 96000Hz 1ch s16le (2 bytes per sample)
Video: no video
Starting playback...
FAAD: error: Maximum number of scalefactor bands exceeded, trying to resync!
FAAD: error: Gain control not yet implemented, trying to resync!
FAAD: error: Invalid number of channels, trying to resync!
FAAD: error: Maximum number of scalefactor bands exceeded, trying to resync!
FAAD: error: Gain control not yet implemented, trying to resync!
FAAD: error: Gain control not yet implemented, trying to resync!

MPlayer interrupted by signal 11 in module: decode_audio
- MPlayer crashed by bad usage of CPU/FPU/RAM.
 Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and
 disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen.
 It can be a bug in the MPlayer code _or_ in your drivers _or_ in your
 gcc version. If you think it's MPlayer's fault, please read
 DOCS/HTML/en/bugreports.html and follow the instructions there. We can't
and
won't help unless you provide this information when reporting a possible bug

==3511== My PID = 3511, parent PID = 3417.  Prog and args are:
==3511==    mplayer
==3511==    8-3.wav
==3511==
==3511== Invalid read of size 2
==3511== Stack hash: 3454906702
==3511==    at 0x81AFF85: ic_prediction (ic_predict.c:92)
==3511==    by 0x81C45B8: reconstruct_single_channel (specrec.c:879)
==3511==    by 0x81CA4B5: decode_sce_lfe (syntax.c:597)
==3511==    by 0x81CACE8: raw_data_block (syntax.c:434)
==3511==    by 0x81AB749: aac_frame_decode (decoder.c:872)
==3511==    by 0x818B432: decode_audio (ad_faad.c:235)
==3511==    by 0x80DA9D4: decode_audio (dec_audio.c:383)
==3511==    by 0x8078409: main (mplayer.c:2044)
==3511==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==3511==
==3511== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==3511== malloc/free: in use at exit: 237,601 bytes in 2,206 blocks.
==3511== malloc/free: 2,474 allocs, 268 frees, 1,524,479 bytes allocated.
==3511== For counts of detected errors, rerun with: -v
==3511== searching for pointers to 2,206 not-freed blocks.
==3511== checked 2,973,992 bytes.
==3511==
==3511== LEAK SUMMARY:
==3511==    definitely lost: 0 bytes in 0 blocks.
==3511==      possibly lost: 0 bytes in 0 blocks.
==3511==    still reachable: 237,601 bytes in 2,206 blocks.
==3511==         suppressed: 0 bytes in 0 blocks.
==3511== Rerun with --leak-check=full to see details of leaked memory.


------- Comment #1 From nichole 2008-07-11 00:49:38 CEST [reply] -------

I tried same input file with  version MPlayer dev-SVN-r27249-4.1.2 still
crashes. Here is Gdb outputs:

AUDIO PAYLOAD: d3 2d c6 f0
AUDIO PAYLOAD: 2d c6 f0 20
AUDIO PAYLOAD: c6 f0 20 23
AUDIO PAYLOAD: f0 20 23 d1
AUDIO PAYLOAD: 20 23 d1 5b
AUDIO PAYLOAD: 23 d1 5b 0
AUDIO PAYLOAD: d1 5b 0 dc
AUDIO PAYLOAD: 5b 0 dc 40
AUDIO PAYLOAD: 0 dc 40 d0
AUDIO PAYLOAD: dc 40 d0 70
AUDIO PAYLOAD: 40 d0 70 0
AUDIO PAYLOAD: d0 70 0 ed
AUDIO PAYLOAD: 70 0 ed 4e
AUDIO PAYLOAD: 0 ed 4e cf
AUDIO PAYLOAD: ed 4e cf d0
AUDIO PAYLOAD: 4e cf d0 f
AUDIO PAYLOAD: cf d0 f f0
AUDIO PAYLOAD: d0 f f0 ae
AUDIO PAYLOAD: f f0 ae 0
AUDIO PAYLOAD: f0 ae 0 a1
AUDIO PAYLOAD: ae 0 a1 ee
AUDIO PAYLOAD: 0 a1 ee 3
AUDIO PAYLOAD: a1 ee 3 80
AUDIO PAYLOAD: ee 3 80 2f
AUDIO PAYLOAD: 3 80 2f 1
AUDIO PAYLOAD: 80 2f 1 0
AUDIO PAYLOAD: 2f 1 0 1e
AUDIO PAYLOAD: 1 0 1e 24
AUDIO PAYLOAD: 0 1e 24 fd
AUDIO PAYLOAD: 1e 24 fd 5f
AUDIO PAYLOAD: 24 fd 5f f2
AUDIO PAYLOAD: fd 5f f2 fe
AUDIO PAYLOAD: 5f f2 fe 37
AUDIO PAYLOAD: f2 fe 37 3e
AUDIO PAYLOAD: fe 37 3e c0
AUDIO PAYLOAD: 37 3e c0 3e
AUDIO PAYLOAD: 3e c0 3e 1
AUDIO PAYLOAD: c0 3e 1 42
AUDIO PAYLOAD: 3e 1 42 f0
AUDIO PAYLOAD: 1 42 f0 73
AUDIO PAYLOAD: 42 f0 73 f2
AUDIO PAYLOAD: f0 73 f2 3
AUDIO PAYLOAD: 73 f2 3 d
AUDIO PAYLOAD: f2 3 d 37
AUDIO PAYLOAD: 3 d 37 31
AUDIO PAYLOAD: d 37 31 30
AUDIO PAYLOAD: 37 31 30 51
AUDIO PAYLOAD: 31 30 51 22
AUDIO PAYLOAD: 30 51 22 26
AUDIO PAYLOAD: 51 22 26 f
AUDIO PAYLOAD: 22 26 f c
AUDIO PAYLOAD: 26 f c 1f
AUDIO PAYLOAD: f c 1f 8f
AUDIO PAYLOAD: c 1f 8f d
AUDIO PAYLOAD: 1f 8f d ef
AUDIO PAYLOAD: 8f d ef e0
AUDIO PAYLOAD: d ef e0 3
AUDIO PAYLOAD: ef e0 3 d
AUDIO PAYLOAD: e0 3 d b0
AUDIO PAYLOAD: 3 d b0 a
AUDIO PAYLOAD: d b0 a e
AUDIO PAYLOAD: b0 a e ff
AUDIO PAYLOAD: a e ff e8
AUDIO PAYLOAD: e ff e8 e
AUDIO PAYLOAD: ff e8 e 3
AUDIO PAYLOAD: e8 e 3 0
AUDIO PAYLOAD: e 3 0 11
AUDIO PAYLOAD: 3 0 11 f1
AUDIO PAYLOAD: 0 11 f1 20
AUDIO PAYLOAD: 11 f1 20 2
AUDIO PAYLOAD: f1 20 2 d4
AUDIO PAYLOAD: 20 2 d4 e
AUDIO PAYLOAD: 2 d4 e 20
AUDIO PAYLOAD: d4 e 20 60
AUDIO PAYLOAD: e 20 60 14
AUDIO PAYLOAD: 20 60 14 fe
AUDIO PAYLOAD: 60 14 fe 13
AUDIO PAYLOAD: 14 fe 13 73
AUDIO PAYLOAD: fe 13 73 1f
AUDIO PAYLOAD: 13 73 1f f5
AUDIO PAYLOAD: 73 1f f5 0
AUDIO PAYLOAD: 1f f5 0 30
AUDIO PAYLOAD: f5 0 30 47
AUDIO PAYLOAD: 0 30 47 1e
AUDIO PAYLOAD: 30 47 1e f3
AUDIO PAYLOAD: 47 1e f3 0
AUDIO PAYLOAD: 1e f3 0 5f
AUDIO PAYLOAD: f3 0 5f 2
AUDIO PAYLOAD: 0 5f 2 2f
AUDIO PAYLOAD: 5f 2 2f f3
AUDIO PAYLOAD: 2 2f f3 cc
AUDIO PAYLOAD: 2f f3 cc 43
AUDIO PAYLOAD: f3 cc 43 bf
AUDIO PAYLOAD: cc 43 bf 20
AUDIO PAYLOAD: 43 bf 20 0
AUDIO PAYLOAD: bf 20 0 c0
AUDIO PAYLOAD: 20 0 c0 30
AUDIO PAYLOAD: 0 c0 30 a3
AUDIO PAYLOAD: c0 30 a3 b
AUDIO PAYLOAD: 30 a3 b 1f
AUDIO PAYLOAD: a3 b 1f c1
AUDIO PAYLOAD: b 1f c1 2d
AUDIO PAYLOAD: 1f c1 2d a1
AUDIO PAYLOAD: c1 2d a1 1c
AUDIO PAYLOAD: 2d a1 1c 4
AUDIO PAYLOAD: a1 1c 4 d
AUDIO PAYLOAD: 1c 4 d db
AUDIO PAYLOAD: 4 d db ee
AUDIO PAYLOAD: d db ee 11
AUDIO PAYLOAD: db ee 11 30
AUDIO PAYLOAD: ee 11 30 ec
AUDIO PAYLOAD: 11 30 ec 3f
AUDIO PAYLOAD: 30 ec 3f 0
AUDIO PAYLOAD: ec 3f 0 c4
AUDIO PAYLOAD: 3f 0 c4 40
AUDIO PAYLOAD: 0 c4 40 fc
AUDIO PAYLOAD: c4 40 fc d3
AUDIO PAYLOAD: 40 fc d3 51
AUDIO PAYLOAD: fc d3 51 31
AUDIO PAYLOAD: d3 51 31 3
AUDIO PAYLOAD: 51 31 3 1e
AUDIO PAYLOAD: 31 3 1e 20
AUDIO PAYLOAD: 3 1e 20 f4
AUDIO PAYLOAD: 1e 20 f4 32
AUDIO PAYLOAD: 20 f4 32 de
AUDIO PAYLOAD: f4 32 de 62
AUDIO PAYLOAD: 32 de 62 f
AUDIO PAYLOAD: de 62 f 2d
AUDIO PAYLOAD: 62 f 2d 47
AUDIO PAYLOAD: f 2d 47 30
AUDIO PAYLOAD: 2d 47 30 22
AUDIO PAYLOAD: 47 30 22 10
AUDIO PAYLOAD: 30 22 10 35
AUDIO PAYLOAD: 22 10 35 5
AUDIO PAYLOAD: 10 35 5 40
AUDIO PAYLOAD: 35 5 40 2
AUDIO PAYLOAD: 5 40 2 10
AUDIO PAYLOAD: 40 2 10 e0
AUDIO PAYLOAD: 2 10 e0 de
AUDIO PAYLOAD: 10 e0 de cb
AUDIO PAYLOAD: e0 de cb e0
AUDIO PAYLOAD: de cb e0 bc
AUDIO PAYLOAD: cb e0 bc fd
AUDIO PAYLOAD: e0 bc fd d2
AUDIO PAYLOAD: bc fd d2 2b
AUDIO PAYLOAD: fd d2 2b d2
AUDIO PAYLOAD: d2 2b d2 2c
AUDIO PAYLOAD: 2b d2 2c cd
AUDIO PAYLOAD: d2 2c cd b0
AUDIO PAYLOAD: 2c cd b0 f
AUDIO PAYLOAD: cd b0 f fa
AUDIO PAYLOAD: b0 f fa f
AUDIO PAYLOAD: f fa f f
AUDIO PAYLOAD: fa f f 12
AUDIO PAYLOAD: f f 12 2
AUDIO PAYLOAD: f 12 2 5f
AUDIO PAYLOAD: 12 2 5f e0
AUDIO PAYLOAD: 2 5f e0 25
AUDIO PAYLOAD: 5f e0 25 1
AUDIO PAYLOAD: e0 25 1 fc
AUDIO PAYLOAD: 25 1 fc 2
AUDIO PAYLOAD: 1 fc 2 1
AUDIO PAYLOAD: fc 2 1 72
AUDIO PAYLOAD: 2 1 72 1f
AUDIO PAYLOAD: 1 72 1f 13
AUDIO PAYLOAD: 72 1f 13 f
AUDIO PAYLOAD: 1f 13 f 37
AUDIO PAYLOAD: 13 f 37 21
AUDIO PAYLOAD: f 37 21 e
AUDIO PAYLOAD: 37 21 e 17
AUDIO PAYLOAD: 21 e 17 6f
AUDIO PAYLOAD: e 17 6f f0
AUDIO PAYLOAD: 17 6f f0 10
AUDIO PAYLOAD: 6f f0 10 1
AUDIO PAYLOAD: f0 10 1 10
AUDIO PAYLOAD: 10 1 10 0
AUDIO PAYLOAD: 1 10 0 fe
AUDIO PAYLOAD: 10 0 fe 3
AUDIO PAYLOAD: 0 fe 3 23
AUDIO PAYLOAD: fe 3 23 30
AUDIO PAYLOAD: 3 23 30 4
AUDIO PAYLOAD: 23 30 4 8
AUDIO PAYLOAD: 30 4 8 0
AUDIO PAYLOAD: 4 8 0 20
AUDIO PAYLOAD: 8 0 20 fc
AUDIO PAYLOAD: 0 20 fc ee
AUDIO PAYLOAD: 20 fc ee ee
AUDIO PAYLOAD: fc ee ee 2
AUDIO PAYLOAD: ee ee 2 1a
AUDIO PAYLOAD: ee 2 1a 1f
AUDIO PAYLOAD: 2 1a 1f d0
AUDIO PAYLOAD: 1a 1f d0 cc
AUDIO PAYLOAD: 1f d0 cc 11
AUDIO PAYLOAD: d0 cc 11 d0
AUDIO PAYLOAD: cc 11 d0 f
AUDIO PAYLOAD: 11 d0 f 8e
AUDIO PAYLOAD: d0 f 8e 0
AUDIO PAYLOAD: f 8e 0 80
AUDIO PAYLOAD: 8e 0 80 20
AUDIO PAYLOAD: 0 80 20 1
AUDIO PAYLOAD: 80 20 1 fe
AUDIO PAYLOAD: 20 1 fe 40
AUDIO PAYLOAD: 1 fe 40 f0
AUDIO PAYLOAD: fe 40 f0 e
AUDIO PAYLOAD: 40 f0 e 22
AUDIO PAYLOAD: f0 e 22 d3
AUDIO PAYLOAD: e 22 d3 2b
AUDIO PAYLOAD: 22 d3 2b 27
AUDIO PAYLOAD: d3 2b 27 e0
AUDIO PAYLOAD: 2b 27 e0 30
AUDIO PAYLOAD: 27 e0 30 7
AUDIO PAYLOAD: e0 30 7 e
AUDIO PAYLOAD: 30 7 e 0
AUDIO PAYLOAD: 7 e 0 e0
AUDIO PAYLOAD: e 0 e0 32
AUDIO PAYLOAD: 0 e0 32 3
AUDIO PAYLOAD: e0 32 3 20
AUDIO PAYLOAD: 32 3 20 d3
AUDIO PAYLOAD: 3 20 d3 54
AUDIO PAYLOAD: 20 d3 54 24
AUDIO PAYLOAD: d3 54 24 3
AUDIO PAYLOAD: 54 24 3 d2
AUDIO PAYLOAD: 24 3 d2 7f
AUDIO PAYLOAD: 3 d2 7f 16
AUDIO PAYLOAD: d2 7f 16 0
AUDIO PAYLOAD: 7f 16 0 20
AUDIO PAYLOAD: 16 0 20 1f
AUDIO PAYLOAD: 0 20 1f d2
AUDIO PAYLOAD: 20 1f d2 e
AUDIO PAYLOAD: 1f d2 e 8b
AUDIO PAYLOAD: d2 e 8b 0
AUDIO PAYLOAD: e 8b 0 fe
AUDIO PAYLOAD: 8b 0 fe ff
AUDIO PAYLOAD: 0 fe ff f0
AUDIO PAYLOAD: fe ff f0 ec

AAC_PROBE: ret 4264

AAC SYNC AFTER 4264 bytes
FAAD: error: Gain control not yet implemented, trying to resync!

AAC_PROBE: 4608 bytes
AUDIO PAYLOAD: f0 ec 50 ed
AUDIO PAYLOAD: ec 50 ed 1b
AUDIO PAYLOAD: 50 ed 1b f1
AUDIO PAYLOAD: ed 1b f1 c2
AUDIO PAYLOAD: 1b f1 c2 1f
AUDIO PAYLOAD: f1 c2 1f 1
AUDIO PAYLOAD: c2 1f 1 11
AUDIO PAYLOAD: 1f 1 11 0
AUDIO PAYLOAD: 1 11 0 af
AUDIO PAYLOAD: 11 0 af 8
AUDIO PAYLOAD: 0 af 8 32
AUDIO PAYLOAD: af 8 32 b
AUDIO PAYLOAD: 8 32 b 71
AUDIO PAYLOAD: 32 b 71 f0
AUDIO PAYLOAD: b 71 f0 1
AUDIO PAYLOAD: 71 f0 1 11
AUDIO PAYLOAD: f0 1 11 dc
AUDIO PAYLOAD: 1 11 dc 1
AUDIO PAYLOAD: 11 dc 1 11
AUDIO PAYLOAD: dc 1 11 10
AUDIO PAYLOAD: 1 11 10 fe
AUDIO PAYLOAD: 11 10 fe 67
AUDIO PAYLOAD: 10 fe 67 0
AUDIO PAYLOAD: fe 67 0 0
AUDIO PAYLOAD: 67 0 0 21
AUDIO PAYLOAD: 0 0 21 f1
AUDIO PAYLOAD: 0 21 f1 30
AUDIO PAYLOAD: 21 f1 30 14
AUDIO PAYLOAD: f1 30 14 f0
AUDIO PAYLOAD: 30 14 f0 34
AUDIO PAYLOAD: 14 f0 34 61
AUDIO PAYLOAD: f0 34 61 e2
AUDIO PAYLOAD: 34 61 e2 10
AUDIO PAYLOAD: 61 e2 10 12
AUDIO PAYLOAD: e2 10 12 dd
AUDIO PAYLOAD: 10 12 dd 34
AUDIO PAYLOAD: 12 dd 34 c0
AUDIO PAYLOAD: dd 34 c0 e
AUDIO PAYLOAD: 34 c0 e 45
AUDIO PAYLOAD: c0 e 45 ef
AUDIO PAYLOAD: e 45 ef 0
AUDIO PAYLOAD: 45 ef 0 f0
AUDIO PAYLOAD: ef 0 f0 f1
AUDIO PAYLOAD: 0 f0 f1 2f
AUDIO PAYLOAD: f0 f1 2f a0
AUDIO PAYLOAD: f1 2f a0 1a
AUDIO PAYLOAD: 2f a0 1a 3
AUDIO PAYLOAD: a0 1a 3 dd
AUDIO PAYLOAD: 1a 3 dd 2d
AUDIO PAYLOAD: 3 dd 2d d4
AUDIO PAYLOAD: dd 2d d4 b
AUDIO PAYLOAD: 2d d4 b e0
AUDIO PAYLOAD: d4 b e0 c
AUDIO PAYLOAD: b e0 c 3e
AUDIO PAYLOAD: e0 c 3e ce
AUDIO PAYLOAD: c 3e ce b0
AUDIO PAYLOAD: 3e ce b0 0
AUDIO PAYLOAD: ce b0 0 e2
AUDIO PAYLOAD: b0 0 e2 15
AUDIO PAYLOAD: 0 e2 15 ef
AUDIO PAYLOAD: e2 15 ef d
AUDIO PAYLOAD: 15 ef d 16
AUDIO PAYLOAD: ef d 16 e
AUDIO PAYLOAD: d 16 e 0
AUDIO PAYLOAD: 16 e 0 34
AUDIO PAYLOAD: e 0 34 f2
AUDIO PAYLOAD: 0 34 f2 70
AUDIO PAYLOAD: 34 f2 70 21
AUDIO PAYLOAD: f2 70 21 fd
AUDIO PAYLOAD: 70 21 fd f0
AUDIO PAYLOAD: 21 fd f0 46
AUDIO PAYLOAD: fd f0 46 b
AUDIO PAYLOAD: f0 46 b 1
AUDIO PAYLOAD: 46 b 1 12
AUDIO PAYLOAD: b 1 12 30
AUDIO PAYLOAD: 1 12 30 d1
AUDIO PAYLOAD: 12 30 d1 1b
AUDIO PAYLOAD: 30 d1 1b e7
AUDIO PAYLOAD: d1 1b e7 1
AUDIO PAYLOAD: 1b e7 1 21
AUDIO PAYLOAD: e7 1 21 6
AUDIO PAYLOAD: 1 21 6 fe
AUDIO PAYLOAD: 21 6 fe 33
AUDIO PAYLOAD: 6 fe 33 12
AUDIO PAYLOAD: fe 33 12 4d
AUDIO PAYLOAD: 33 12 4d 32
AUDIO PAYLOAD: 12 4d 32 bf
AUDIO PAYLOAD: 4d 32 bf 50
AUDIO PAYLOAD: 32 bf 50 df
AUDIO PAYLOAD: bf 50 df f8
AUDIO PAYLOAD: 50 df f8 0
AUDIO PAYLOAD: df f8 0 ef
AUDIO PAYLOAD: f8 0 ef fd
AUDIO PAYLOAD: 0 ef fd 0
AUDIO PAYLOAD: ef fd 0 0
AUDIO PAYLOAD: fd 0 0 1d
AUDIO PAYLOAD: 0 0 1d e3
AUDIO PAYLOAD: 0 1d e3 da
AUDIO PAYLOAD: 1d e3 da bf
AUDIO PAYLOAD: e3 da bf 1
AUDIO PAYLOAD: da bf 1 d0
AUDIO PAYLOAD: bf 1 d0 0
AUDIO PAYLOAD: 1 d0 0 13
AUDIO PAYLOAD: d0 0 13 f1
AUDIO PAYLOAD: 0 13 f1 73
AUDIO PAYLOAD: 13 f1 73 e1
AUDIO PAYLOAD: f1 73 e1 3d
AUDIO PAYLOAD: 73 e1 3d ef
AUDIO PAYLOAD: e1 3d ef ff
AUDIO PAYLOAD: 3d ef ff f0
AUDIO PAYLOAD: ef ff f0 12

AAC_PROBE: ret 111

AAC SYNC AFTER 111 bytes

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209816864 (LWP 13456)]
ic_prediction (ics=0xbff5d258, spec=0xbff5c210, state=0x0,
   frame_len=1024, sf_index=0 '\0') at libfaad2/ic_predict.c:92
92          r[0] = inv_quant_pred(state->r[0]);
(gdb) bt
#0  ic_prediction (ics=0xbff5d258, spec=0xbff5c210, state=0x0,
   frame_len=1024, sf_index=0 '\0') at libfaad2/ic_predict.c:92
#1  0x081c4599 in reconstruct_single_channel (hDecoder=0x89c4ec8,
   ics=0xbff5d258, sce=0xbff5d252, spec_data=0xbff623fc)
   at libfaad2/specrec.c:879
#2  0x081ca496 in decode_sce_lfe (hDecoder=0x89c4ec8,
   hInfo=0x8714620, ld=0xbff62c80, id_syn_ele=0 '\0')
   at libfaad2/syntax.c:597
#3  0x081cacc9 in raw_data_block (hDecoder=0x89c4ec8,
   hInfo=0x8714620, ld=0xbff62c80, pce=0x89c5539, drc=0x89c5818)
   at libfaad2/syntax.c:434
#4  0x081ab72a in aac_frame_decode (hDecoder=0x89c4ec8,
   hInfo=0x8714620, buffer=<value optimized out>, buffer_size=4497,
   sample_buffer2=0x0, sample_buffer_size=0)
   at libfaad2/decoder.c:872
#5  0x0818b423 in decode_audio (sh=0x89a7b80, buf=0x89a8eb0 "",
   minlen=65536, maxlen=114688) at libmpcodecs/ad_faad.c:235
#6  0x080daa75 in decode_audio (sh_audio=0x89a7b80, minlen=65536)
   at libmpcodecs/dec_audio.c:383
#7  0x080784ea in main (argc=3, argv=0xbff64034) at mplayer.c:2044
(gdb) disass $pc-32 $pc+32
Dump of assembler code from 0x81aff45 to 0x81aff85:
0x081aff45 <ic_prediction+549>: mov    0xffffff9c(%ebp),%edx
0x081aff48 <ic_prediction+552>: cmpb   $0x0,0x27ed(%edx,%eax,1)
0x081aff50 <ic_prediction+560>: setne  0xffffffd3(%ebp)
0x081aff54 <ic_prediction+564>: mov    0xc(%ebp),%eax
0x081aff57 <ic_prediction+567>: mov    0x10(%ebp),%edx
0x081aff5a <ic_prediction+570>: lea    (%eax,%edi,4),%esi
0x081aff5d <ic_prediction+573>: lea    (%edi,%edi,2),%eax
0x081aff60 <ic_prediction+576>: flds   (%esi)
0x081aff62 <ic_prediction+578>: lea    (%edx,%eax,4),%ebx
0x081aff65 <ic_prediction+581>: movswl (%ebx),%eax
0x081aff68 <ic_prediction+584>: fstps  0xffffffb0(%ebp)
0x081aff6b <ic_prediction+587>: call   0x81afb80 <inv_quant_pred>
0x081aff70 <ic_prediction+592>: movswl 0x2(%ebx),%eax
0x081aff74 <ic_prediction+596>: fstps  0xffffffb8(%ebp)
0x081aff77 <ic_prediction+599>: call   0x81afb80 <inv_quant_pred>
0x081aff7c <ic_prediction+604>: movswl 0x4(%ebx),%eax
0x081aff80 <ic_prediction+608>: fstps  0xffffffb4(%ebp)
0x081aff83 <ic_prediction+611>: call   0x81afb80 <inv_quant_pred>
End of assembler dump.
(gdb) info all-registers
eax            0x0      0
ecx            0xbff5d252       -1074408878
edx            0x0      0
ebx            0x0      0
esp            0xbff5c120       0xbff5c120
ebp            0xbff5c1a8       0xbff5c1a8
esi            0xbff5c210       -1074413040
edi            0x0      0
eip            0x81aff65        0x81aff65 <ic_prediction+581>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51
st0            -1.8923294931028067367151379585266113e-07        (raw
0xbfe8cb2ff50000000000)
st1            0        (raw 0x00000000000000000000)
st2            0        (raw 0x00000000000000000000)
st3            0        (raw 0x00000000000000000000)
st4            0        (raw 0x00000000000000000000)
st5            0        (raw 0x00000000000000000000)
---Type <return> to continue, or q <return> to quit---
st6            0        (raw 0x00000000000000000000)
st7            2.98023223876953125e-08  (raw 0x3fe68000000000000000)
fctrl          0x37f    895
fstat          0x3820   14368
ftag           0x3fff   16383
fiseg          0x73     115
fioff          0x81aff60        135987040
foseg          0x7b     123
fooff          0xbff5c210       -1074413040
fop            0x106    262
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
---Type <return> to continue, or q <return> to quit---
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0,
   0x0}, v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int32 = {0x0, 0x0, 0x0, 0x0},
 v2_int64 = {0x0, 0x0}, uint128 = 0x00000000000000000000000000000000}
mxcsr          0x1f80   [ IM DM ZM OM UM PM ]
mm0            {uint64 = 0x8000000000000000, v2_int32 = {0x0,
   0x80000000}, v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0,
   0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}
---Type <return> to continue, or q <return> to quit---
mm1            {uint64 = 0xcb2ff50000000000, v2_int32 = {0x0,
   0xcb2ff500}, v4_int16 = {0x0, 0x0, 0xf500, 0xcb2f}, v8_int8 = {
   0x0, 0x0, 0x0, 0x0, 0x0, 0xf5, 0x2f, 0xcb}}
mm2            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
   0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
   0x0}}
mm3            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
   0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
   0x0}}
mm4            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
   0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
   0x0}}
mm5            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
   0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
   0x0}}
mm6            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
   0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
   0x0}}
mm7            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0,
   0x0, 0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
   0x0}}


//This bug has been reported to Mplayer developers and been mentioned that
the problems is in libfaad2.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100704&aid=2020278&group_id=704

[Catchconv-bugreports] [Bug 1134] Mplayer Crashed: Invalid Read

From: <bug...@bu...> - 2008-07-17 05:41:40

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1134


nic...@gm... changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|InvalidRead                 |Mplayer Crashed: Invalid
                   |                            |Read




------- Comment #3 from nic...@gm...  2008-07-17 07:40 CEST -------
*Summary has been added*
 -----------------------------
|Mplayer Crashed: Invalid Read|
 -----------------------------


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1209] New: Error in Video Decoding: Mplayer Crashed: Invalid Write and Invalid Read

From: <bug...@bu...> - 2008-07-17 02:55:23

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1209

           Summary: Error in Video Decoding: Mplayer Crashed: Invalid Write
                    and Invalid Read
           Product: MPlayer
           Version: HEAD
          Platform: PC (x86)
               URL: http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: vd
        AssignedTo: r_...@ti...
        ReportedBy: sc...@ee...
                CC: cat...@li...


The following report is for the SUPERB-TRUST 2008, the cyber security project. 

#Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) 
valgrind report the Invalid Read.


#The test case is "72-innovation.mp4" can be found at the URL 

*http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4

#Reproducible with the following command

*valgrind mplayer 

Can also be run as: 

*valgrind --log-file=log31 mplayer 72-innovation.mp4


#OS: Debian Etch Linux

#Valgrind output:


==24434== Memcheck, a memory error detector.
==24434== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==24434== Using LibVEX rev 1854, a library for dynamic binary translation.
==24434== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==24434== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==24434== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==24434== For more details, rerun with: -v
==24434== 
==24434== My PID = 24434, parent PID = 23665.  Prog and args are:
==24434==    mplayer
==24434==    72-innovation.mp4
==24434== 
==24434== Warning: set address range perms: large range 268435464 (undefined)
==24434== Invalid read of size 1
==24434== Stack hash: 1392381560
==24434==    at 0x8434F24: fill_caches (h264.c:221)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 1803710756
==24434==    at 0x8434F40: fill_caches (h264.c:222)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 3106009430
==24434==    at 0x8434F5A: fill_caches (h264.c:223)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid write of size 4
==24434== Stack hash: 34571318
==24434==    at 0x843E4B4: decode_mb_skip (h264.c:4492)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 4089718473
==24434==    at 0x843E4C3: decode_mb_skip (h264.c:4493)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a38236 is 0 bytes after a block of size 6 alloc'd
==24434== Stack hash: 1195100994
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341DD3: alloc_picture (mpegvideo.c:211)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 3849898332
==24434==    at 0x843E4D2: decode_mb_skip (h264.c:4494)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 3455090548
==24434==    at 0x844B620: hl_decode_mb (h264.c:2732)
==24434==    by 0x84550CE: decode_slice (h264.c:6868)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 2235960050
==24434==    at 0x8448E1E: hl_motion (h264.c:1875)
==24434==    by 0x844C138: hl_decode_mb (h264.c:2608)
==24434==    by 0x84550CE: decode_slice (h264.c:6868)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid write of size 4
==24434== Stack hash: 3080996705
==24434==    at 0x843E13B: decode_mb_skip (h264.c:4465)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x456f580 is 0 bytes after a block of size 128 alloc'd
==24434== Stack hash: 4143647095
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843A9F4: alloc_tables (h264.c:2102)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid write of size 4
==24434== Stack hash: 408088271
==24434==    at 0x843E141: decode_mb_skip (h264.c:4465)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x456f584 is 4 bytes after a block of size 128 alloc'd
==24434== Stack hash: 4143647095
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843A9F4: alloc_tables (h264.c:2102)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid write of size 4
==24434== Stack hash: 3732146042
==24434==    at 0x843E148: decode_mb_skip (h264.c:4465)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x456f588 is 8 bytes after a block of size 128 alloc'd
==24434== Stack hash: 4143647095
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843A9F4: alloc_tables (h264.c:2102)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid write of size 4
==24434== Stack hash: 2761236517
==24434==    at 0x843E14F: decode_mb_skip (h264.c:4465)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x456f58c is 12 bytes after a block of size 128 alloc'd
==24434== Stack hash: 4143647095
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843A9F4: alloc_tables (h264.c:2102)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 3242631602
==24434==    at 0x8434EE6: fill_caches (h264.c:219)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 1872021842
==24434==    at 0x8434F06: fill_caches (h264.c:220)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 946237960
==24434==    at 0x84359F4: fill_caches (h264.c:220)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 454968717
==24434==    at 0x84359DD: fill_caches (h264.c:221)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4571800 is 4 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 774728905
==24434==    at 0x84359C9: fill_caches (h264.c:222)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4571800 is 4 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 283459662
==24434==    at 0x84359B2: fill_caches (h264.c:223)
==24434==    by 0x843E190: decode_mb_skip (h264.c:4485)
==24434==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==  Address 0x4571800 is 4 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 3162096898
==24434==    at 0x8450541: decode_mb_cavlc (h264.c:4572)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35b1f is 5 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 51897805
==24434==    at 0x8434EE6: fill_caches (h264.c:219)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35b1c is 2 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 85394487
==24434==    at 0x8435998: fill_caches (h264.c:219)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45729f0 is 4 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 2976255341
==24434==    at 0x8434F06: fill_caches (h264.c:220)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35b1d is 3 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 2050471459
==24434==    at 0x84359F4: fill_caches (h264.c:220)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45729f4 is 8 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 2496615059
==24434==    at 0x8434F24: fill_caches (h264.c:221)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 1559202216
==24434==    at 0x84359DD: fill_caches (h264.c:221)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 2907944255
==24434==    at 0x8434F40: fill_caches (h264.c:222)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 1878962404
==24434==    at 0x84359C9: fill_caches (h264.c:222)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid read of size 1
==24434== Stack hash: 4210242929
==24434==    at 0x8434F5A: fill_caches (h264.c:223)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd
==24434== Stack hash: 4192036247
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x843AA14: alloc_tables (h264.c:2103)
==24434==    by 0x844E17F: decode_slice_header (h264.c:3969)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434== 
==24434== Invalid read of size 4
==24434== Stack hash: 1387693161
==24434==    at 0x84359B2: fill_caches (h264.c:223)
==24434==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd
==24434== Stack hash: 2899467712
==24434==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==24434==    by 0x85490B4: av_malloc (mem.c:61)
==24434==    by 0x8549136: av_mallocz (mem.c:134)
==24434==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==24434==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==24434==    by 0x843ACA8: frame_start (h264.c:2227)
==24434==    by 0x844DD67: decode_slice_header (h264.c:4058)
==24434==    by 0x84574CC: decode_nal_units (h264.c:7573)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 525688319
==24434==    at 0x8452B26: decode_mb_cavlc (h264.c:555)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35ab0 is not stack'd, malloc'd or (recently) free'd
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 3583291791
==24434==    at 0x8452B36: decode_mb_cavlc (h264.c:556)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35ab1 is not stack'd, malloc'd or (recently) free'd
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 1463286360
==24434==    at 0x8452B47: decode_mb_cavlc (h264.c:557)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35ab2 is not stack'd, malloc'd or (recently) free'd
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 3638248225
==24434==    at 0x8452B58: decode_mb_cavlc (h264.c:558)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35ab3 is not stack'd, malloc'd or (recently) free'd
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 1518242794
==24434==    at 0x8452B69: decode_mb_cavlc (h264.c:559)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35ab4 is not stack'd, malloc'd or (recently) free'd
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 3693204659
==24434==    at 0x8452B7A: decode_mb_cavlc (h264.c:560)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35ab5 is not stack'd, malloc'd or (recently) free'd
==24434== 
==24434== Invalid write of size 1
==24434== Stack hash: 1573199228
==24434==    at 0x8452B8B: decode_mb_cavlc (h264.c:561)
==24434==    by 0x84550BF: decode_slice (h264.c:6866)
==24434==    by 0x845551B: execute_decode_slices (h264.c:7455)
==24434==    by 0x8457C31: decode_nal_units (h264.c:7641)
==24434==    by 0x8458834: decode_frame (h264.c:7772)
==24434==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==24434==    by 0x826355C: av_find_stream_info (utils.c:1820)
==24434==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==24434==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==24434==    by 0x811E511: demux_open (demuxer.c:991)
==24434==    by 0x80779AE: main (mplayer.c:3238)
==24434==  Address 0x4a35ab6 is not stack'd, malloc'd or (recently) free'd
==24434== Warning: set address range perms: large range 268435496 (noaccess)
==24434== 
==24434== ERROR SUMMARY: 85 errors from 36 contexts (suppressed: 19 from 1)
==24434== malloc/free: in use at exit: 73,692 bytes in 47 blocks.
==24434== malloc/free: 2,574 allocs, 2,527 frees, 287,835,648 bytes allocated.
==24434== For counts of detected errors, rerun with: -v
==24434== searching for pointers to 47 not-freed blocks.
==24434== checked 2,936,764 bytes.
==24434== 
==24434== LEAK SUMMARY:
==24434==    definitely lost: 30 bytes in 3 blocks.
==24434==      possibly lost: 0 bytes in 0 blocks.
==24434==    still reachable: 73,662 bytes in 44 blocks.
==24434==         suppressed: 0 bytes in 0 blocks.
==24434== Rerun with --leak-check=full to see details of leaked memory.

*This report to inform the error found in Mplayer where it crashes in running
test case: 72-innovation.mp4 with Stack hash: 1392381560 and error back-trace
at: fill_caches (h264.c:221).

***Mplayer Crashed Info***
The debugged info of crash can be seen at URL:
<http://www.eecs.berkeley.edu/~sckhan/crash6>

#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.

*URL at: metafuzz.com


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1208] New: Error in Video Decoding: Invalid Write and Invalid Read

From: <bug...@bu...> - 2008-07-17 01:13:53

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1208

           Summary: Error in Video Decoding: Invalid Write and Invalid Read
           Product: MPlayer
           Version: HEAD
          Platform: PC (x86)
               URL: http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: vd
        AssignedTo: r_...@ti...
        ReportedBy: sc...@ee...
                CC: cat...@li...


The following report is for the SUPERB-TRUST 2008, the cyber security project. 

#Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) 
valgrind report the Invalid Read.


#The test case is "72-innovation.mp4" can be found at the URL 

*http://www.eecs.berkeley.edu/~sckhan/72-innovation.mp4

#Reproducible with the following command

*valgrind mplayer 

Can also be run as: 

*valgrind --log-file=log29 mplayer 72-innovation.mp4

#OS: Debian Etch Linux

#Valgrind output:

==21324== Memcheck, a memory error detector.
==21324== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==21324== Using LibVEX rev 1854, a library for dynamic binary translation.
==21324== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==21324== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==21324== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==21324== For more details, rerun with: -v
==21324== 
==21324== My PID = 21324, parent PID = 3261.  Prog and args are:
==21324==    mplayer
==21324==    72-innovation.mp4
==21324== 
==21324== Warning: set address range perms: large range 268435464 (undefined)
==21324== Invalid read of size 1
==21324== Stack hash: 1392381560
==21324==    at 0x8434F24: fill_caches (h264.c:221)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 1803710756
==21324==    at 0x8434F40: fill_caches (h264.c:222)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 3106009430
==21324==    at 0x8434F5A: fill_caches (h264.c:223)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid write of size 4
==21324== Stack hash: 34571318
==21324==    at 0x843E4B4: decode_mb_skip (h264.c:4492)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 4089718473
==21324==    at 0x843E4C3: decode_mb_skip (h264.c:4493)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a38236 is 0 bytes after a block of size 6 alloc'd
==21324== Stack hash: 1195100994
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341DD3: alloc_picture (mpegvideo.c:211)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 3849898332
==21324==    at 0x843E4D2: decode_mb_skip (h264.c:4494)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 3455090548
==21324==    at 0x844B620: hl_decode_mb (h264.c:2732)
==21324==    by 0x84550CE: decode_slice (h264.c:6868)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 2235960050
==21324==    at 0x8448E1E: hl_motion (h264.c:1875)
==21324==    by 0x844C138: hl_decode_mb (h264.c:2608)
==21324==    by 0x84550CE: decode_slice (h264.c:6868)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid write of size 4
==21324== Stack hash: 3080996705
==21324==    at 0x843E13B: decode_mb_skip (h264.c:4465)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x456f580 is 0 bytes after a block of size 128 alloc'd
==21324== Stack hash: 4143647095
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843A9F4: alloc_tables (h264.c:2102)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid write of size 4
==21324== Stack hash: 408088271
==21324==    at 0x843E141: decode_mb_skip (h264.c:4465)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x456f584 is 4 bytes after a block of size 128 alloc'd
==21324== Stack hash: 4143647095
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843A9F4: alloc_tables (h264.c:2102)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid write of size 4
==21324== Stack hash: 3732146042
==21324==    at 0x843E148: decode_mb_skip (h264.c:4465)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x456f588 is 8 bytes after a block of size 128 alloc'd
==21324== Stack hash: 4143647095
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843A9F4: alloc_tables (h264.c:2102)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid write of size 4
==21324== Stack hash: 2761236517
==21324==    at 0x843E14F: decode_mb_skip (h264.c:4465)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x456f58c is 12 bytes after a block of size 128 alloc'd
==21324== Stack hash: 4143647095
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843A9F4: alloc_tables (h264.c:2102)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 3242631602
==21324==    at 0x8434EE6: fill_caches (h264.c:219)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4a35b1a is 0 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 1872021842
==21324==    at 0x8434F06: fill_caches (h264.c:220)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4a35b1b is 1 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 946237960
==21324==    at 0x84359F4: fill_caches (h264.c:220)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x45717fc is 0 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 454968717
==21324==    at 0x84359DD: fill_caches (h264.c:221)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4571800 is 4 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 774728905
==21324==    at 0x84359C9: fill_caches (h264.c:222)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4571800 is 4 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 283459662
==21324==    at 0x84359B2: fill_caches (h264.c:223)
==21324==    by 0x843E190: decode_mb_skip (h264.c:4485)
==21324==    by 0x8450411: decode_mb_cavlc (h264.c:4527)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==  Address 0x4571800 is 4 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 3162096898
==21324==    at 0x8450541: decode_mb_cavlc (h264.c:4572)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35b1f is 5 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 51897805
==21324==    at 0x8434EE6: fill_caches (h264.c:219)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35b1c is 2 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 85394487
==21324==    at 0x8435998: fill_caches (h264.c:219)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45729f0 is 4 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 2976255341
==21324==    at 0x8434F06: fill_caches (h264.c:220)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35b1d is 3 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 2050471459
==21324==    at 0x84359F4: fill_caches (h264.c:220)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45729f4 is 8 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 2496615059
==21324==    at 0x8434F24: fill_caches (h264.c:221)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 1559202216
==21324==    at 0x84359DD: fill_caches (h264.c:221)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 2907944255
==21324==    at 0x8434F40: fill_caches (h264.c:222)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 1878962404
==21324==    at 0x84359C9: fill_caches (h264.c:222)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid read of size 1
==21324== Stack hash: 4210242929
==21324==    at 0x8434F5A: fill_caches (h264.c:223)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35b1e is 4 bytes after a block of size 10 alloc'd
==21324== Stack hash: 4192036247
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x843AA14: alloc_tables (h264.c:2103)
==21324==    by 0x844E17F: decode_slice_header (h264.c:3969)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324== 
==21324== Invalid read of size 4
==21324== Stack hash: 1387693161
==21324==    at 0x84359B2: fill_caches (h264.c:223)
==21324==    by 0x8450826: decode_mb_cavlc (h264.c:4619)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x45729f8 is 12 bytes after a block of size 44 alloc'd
==21324== Stack hash: 2899467712
==21324==    at 0x401C882: memalign (vg_replace_malloc.c:460)
==21324==    by 0x85490B4: av_malloc (mem.c:61)
==21324==    by 0x8549136: av_mallocz (mem.c:134)
==21324==    by 0x8341E11: alloc_picture (mpegvideo.c:212)
==21324==    by 0x83422B0: MPV_frame_start (mpegvideo.c:868)
==21324==    by 0x843ACA8: frame_start (h264.c:2227)
==21324==    by 0x844DD67: decode_slice_header (h264.c:4058)
==21324==    by 0x84574CC: decode_nal_units (h264.c:7573)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 525688319
==21324==    at 0x8452B26: decode_mb_cavlc (h264.c:555)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35ab0 is not stack'd, malloc'd or (recently) free'd
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 3583291791
==21324==    at 0x8452B36: decode_mb_cavlc (h264.c:556)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35ab1 is not stack'd, malloc'd or (recently) free'd
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 1463286360
==21324==    at 0x8452B47: decode_mb_cavlc (h264.c:557)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35ab2 is not stack'd, malloc'd or (recently) free'd
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 3638248225
==21324==    at 0x8452B58: decode_mb_cavlc (h264.c:558)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35ab3 is not stack'd, malloc'd or (recently) free'd
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 1518242794
==21324==    at 0x8452B69: decode_mb_cavlc (h264.c:559)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35ab4 is not stack'd, malloc'd or (recently) free'd
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 3693204659
==21324==    at 0x8452B7A: decode_mb_cavlc (h264.c:560)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35ab5 is not stack'd, malloc'd or (recently) free'd
==21324== 
==21324== Invalid write of size 1
==21324== Stack hash: 1573199228
==21324==    at 0x8452B8B: decode_mb_cavlc (h264.c:561)
==21324==    by 0x84550BF: decode_slice (h264.c:6866)
==21324==    by 0x845551B: execute_decode_slices (h264.c:7455)
==21324==    by 0x8457C31: decode_nal_units (h264.c:7641)
==21324==    by 0x8458834: decode_frame (h264.c:7772)
==21324==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==21324==    by 0x826355C: av_find_stream_info (utils.c:1820)
==21324==    by 0x81A2FD5: demux_open_lavf (demux_lavf.c:466)
==21324==    by 0x811E11F: demux_open_stream (demuxer.c:811)
==21324==    by 0x811E511: demux_open (demuxer.c:991)
==21324==    by 0x80779AE: main (mplayer.c:3238)
==21324==  Address 0x4a35ab6 is not stack'd, malloc'd or (recently) free'd
==21324== Warning: set address range perms: large range 268435496 (noaccess)
==21324== 
==21324== ERROR SUMMARY: 85 errors from 36 contexts (suppressed: 19 from 1)
==21324== malloc/free: in use at exit: 73,692 bytes in 47 blocks.
==21324== malloc/free: 2,574 allocs, 2,527 frees, 287,835,670 bytes allocated.
==21324== For counts of detected errors, rerun with: -v
==21324== searching for pointers to 47 not-freed blocks.
==21324== checked 2,936,740 bytes.
==21324== 
==21324== LEAK SUMMARY:
==21324==    definitely lost: 30 bytes in 3 blocks.
==21324==      possibly lost: 0 bytes in 0 blocks.
==21324==    still reachable: 73,662 bytes in 44 blocks.
==21324==         suppressed: 0 bytes in 0 blocks.
==21324== Rerun with --leak-check=full to see details of leaked memory.

*This report to inform the error found in Mplayer using the test case:
72-innovation.mp4 with Stack hash: 1573199228 and back-trace
at: decode_mb_cavlc (h264.c:561). The Error is Invalid Write and Invalid Read
of different sizes.

#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.

*URL at: metafuzz.com


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1207] New: Error in Video Decoding: Conditional jump or move depends on uninitialised value(s)

From: <bug...@bu...> - 2008-07-17 00:53:11

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1207

           Summary: Error in Video Decoding: Conditional jump or move
                    depends on uninitialised value(s)
           Product: MPlayer
           Version: HEAD
          Platform: PC (x86)
               URL: http://www.eecs.berkeley.edu/~sckhan/innovation.mp4
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: normal
         Component: vd
        AssignedTo: r_...@ti...
        ReportedBy: sc...@ee...
                CC: cat...@li...


The following report is for the SUPERB-TRUST 2008, the cyber security project. 

#Error found at test case .mp4 file for mplayer version (dev-SVN-r27305-4.1.2) 
valgrind report the Invalid Read.


#The test case is "innovation.mp4" can be found at the URL 

*http://www.eecs.berkeley.edu/~sckhan/innovation.mp4

#Reproducible with the following command

*valgrind mplayer 

Can also be run as: 

*valgrind --log-file=log28 mplayer innovation.mp4

#OS: Debian Etch Linux

#Valgrind output:

==15631== Memcheck, a memory error detector.
==15631== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==15631== Using LibVEX rev 1854, a library for dynamic binary translation.
==15631== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==15631== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==15631== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==15631== For more details, rerun with: -v
==15631== 
==15631== My PID = 15631, parent PID = 2865.  Prog and args are:
==15631==    mplayer
==15631==    innovation.mp4
==15631== 
==15631== Conditional jump or move depends on uninitialised value(s)
==15631== Stack hash: 1277775230
==15631==    at 0x84534A3: decode_mb_cavlc (golomb.h:145)
==15631==    by 0x84550BF: decode_slice (h264.c:6866)
==15631==    by 0x845551B: execute_decode_slices (h264.c:7455)
==15631==    by 0x8457C31: decode_nal_units (h264.c:7641)
==15631==    by 0x8458834: decode_frame (h264.c:7772)
==15631==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==15631==    by 0x8199049: decode (vd_ffmpeg.c:781)
==15631==    by 0x80DB6CA: decode_video (dec_video.c:369)
==15631==    by 0x80786B6: main (mplayer.c:1761)
==15631== 
==15631== Conditional jump or move depends on uninitialised value(s)
==15631== Stack hash: 1358373215
==15631==    at 0x84515A4: decode_mb_cavlc (golomb.h:60)
==15631==    by 0x84550BF: decode_slice (h264.c:6866)
==15631==    by 0x845551B: execute_decode_slices (h264.c:7455)
==15631==    by 0x8457C31: decode_nal_units (h264.c:7641)
==15631==    by 0x8458834: decode_frame (h264.c:7772)
==15631==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==15631==    by 0x8199049: decode (vd_ffmpeg.c:781)
==15631==    by 0x80DB6CA: decode_video (dec_video.c:369)
==15631==    by 0x80786B6: main (mplayer.c:1761)
==15631== 
==15631== Conditional jump or move depends on uninitialised value(s)
==15631== Stack hash: 1482017514
==15631==    at 0x8450B8F: decode_mb_cavlc (golomb.h:60)
==15631==    by 0x84550BF: decode_slice (h264.c:6866)
==15631==    by 0x845551B: execute_decode_slices (h264.c:7455)
==15631==    by 0x8457C31: decode_nal_units (h264.c:7641)
==15631==    by 0x8458834: decode_frame (h264.c:7772)
==15631==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==15631==    by 0x8199049: decode (vd_ffmpeg.c:781)
==15631==    by 0x80DB6CA: decode_video (dec_video.c:369)
==15631==    by 0x80786B6: main (mplayer.c:1761)
==15631== 
==15631== Conditional jump or move depends on uninitialised value(s)
==15631== Stack hash: 911728638
==15631==    at 0x843C4AF: decode_residual (common.h:126)
==15631==    by 0x84529D8: decode_mb_cavlc (h264.c:4947)
==15631==    by 0x84550BF: decode_slice (h264.c:6866)
==15631==    by 0x845551B: execute_decode_slices (h264.c:7455)
==15631==    by 0x8457C31: decode_nal_units (h264.c:7641)
==15631==    by 0x8458834: decode_frame (h264.c:7772)
==15631==    by 0x82ECCEF: avcodec_decode_video (utils.c:897)
==15631==    by 0x8199049: decode (vd_ffmpeg.c:781)
==15631==    by 0x80DB6CA: decode_video (dec_video.c:369)
==15631==    by 0x80786B6: main (mplayer.c:1761)
==15631== 
==15631== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 19 from 1)
==15631== malloc/free: in use at exit: 73,692 bytes in 47 blocks.
==15631== malloc/free: 40,929 allocs, 40,882 frees, 19,431,243 bytes allocated.
==15631== For counts of detected errors, rerun with: -v
==15631== searching for pointers to 47 not-freed blocks.
==15631== checked 2,940,320 bytes.
==15631== 
==15631== LEAK SUMMARY:
==15631==    definitely lost: 30 bytes in 3 blocks.
==15631==      possibly lost: 0 bytes in 0 blocks.
==15631==    still reachable: 73,662 bytes in 44 blocks.
==15631==         suppressed: 0 bytes in 0 blocks.
==15631== Rerun with --leak-check=full to see details of leaked memory.

*This report to inform the error found in Mplayer using the test case:
innovation.mp4 with Stack hash: 911728638 and back-trace
at: decode_residual (common.h:126).

#The bug is found in making comparison of the fuzzing tools and is a part of
the metafuzz project.

*URL at: metafuzz.com


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Catchconv-bugreports] [Bug 1152] Invalid read at bitstream.h:658

From: <bug...@bu...> - 2008-07-17 00:24:13

http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1152





------- Comment #4 from zl...@gm...  2008-07-17 02:22 CEST -------
I have redirected the bug to FFmpeg, issue #538:
https://roundup.mplayerhq.hu/roundup/ffmpeg/issue538. 

Thank you. 


-- 
Configure bugmail: http://bugzilla.mplayerhq.hu/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

3 messages has been excluded from this view by a project administrator.

Flat | Threaded

1 2 3 .. 9 > >> (Page 1 of 9)

2008	Jan	Feb	Mar	Apr	May	Jun (15)	Jul (196)	Aug (8)	Sep (2)	Oct (3)	Nov	Dec
2009	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (1)	Oct	Nov (1)	Dec