New submission from Nga Chung <[EMAIL PROTECTED]>: I am trying to transcode from a wma to an mp3 format. Valgrind reports use of uninitialised value of size 4 at wma_decode_block (bitstream.h:856) and conditional jump or move depends on uninitialised value(s) at wma_decode_block (wmadec.c:380).
I confirmed that this bug is reproducible in the latest subversion of FFmpeg, SVN-r14255. I uploaded the test file via ftp upload.mplayerhq.hu in the directory /MPlayer/incoming/ngatestcase2/9-twins.wma My System Information: OS: Linux Debian x32 kernel: Linux debian 2.6.18-6-486 #1 Fri Jun 6 21:47:01 UTC 2008 i686 GNU/Linux gcc version 4.1.2 20061115 ld version 2.17 My Hardware Information: 32-bit Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz Multimedia audio controller: Ensoniq ES1371 [AudioPCI-97] (rev 02) To reproduce: valgrind ./ffmpeg/ffmpeg_g -i 9-twins.wma test.mp3 The following is the output from Valgrind: ==13950== Memcheck, a memory error detector. ==13950== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==13950== Using LibVEX rev 1854, a library for dynamic binary translation. ==13950== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==13950== Using valgrind-3.3.1, a dynamic binary instrumentation framework. ==13950== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==13950== For more details, rerun with: -v ==13950== FFmpeg version SVN-r14255, Copyright (c) 2000-2008 Fabrice Bellard, et al. configuration: libavutil version: 49.7.0 libavcodec version: 51.60.0 libavformat version: 52.17.0 libavdevice version: 52.0.0 built on Jul 16 2008 19:23:26, gcc: 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) Input #0, asf, from '9-twins.wma': Duration: 00:03:15.67, start: 1.579000, bitrate: 2 kb/s Stream #0.0: Audio: wmav2, 44100 Hz, stereo, 64 kb/s Output #0, mp2, to 'test.mp3': Stream #0.0: Audio: mp2, 44100 Hz, stereo, 64 kb/s Stream mapping: Stream #0.0 -> #0.0 Press [q] to stop encoding ==13950== Use of uninitialised value of size 4s ==13950== Stack hash: 137945098 ==13950== at 0x838E00A: wma_decode_block (bitstream.h:856) ==13950== ==13950== Conditional jump or move depends on uninitialised value(s) ==13950== Stack hash: 137945009 ==13950== at 0x838DFB1: wma_decode_block (wmadec.c:521) overflow in spectral RLE, ignoring ==13950== ==13950== Conditional jump or move depends on uninitialised value(s) ==13950== Stack hash: 137939987 ==13950== at 0x838CC13: wma_decode_block (wmadec.c:380) ==13950== ==13950== Conditional jump or move depends on uninitialised value(s) ==13950== Stack hash: 137940212 ==13950== at 0x838CCF4: wma_decode_block (wmadec.c:409) ==13950== ==13950== Conditional jump or move depends on uninitialised value(s) ==13950== Stack hash: 137941561 ==13950== at 0x838D239: wma_decode_block (wmadec.c:689) ==13950== ==13950== Conditional jump or move depends on uninitialised value(s) ==13950== Stack hash: 137938589 ==13950== at 0x838C69D: wma_window (wmadec.c:325) ==13950== ==13950== Conditional jump or move depends on uninitialised value(s) ==13950== Stack hash: 137941510 ==13950== at 0x838D206: wma_decode_block (wmadec.c:701) size= 46kB time=5.85 bitrate= 64.0kbits/s video:0kB audio:46kB global headers:0kB muxing overhead 0.000000% ==13950== ==13950== ERROR SUMMARY: 78 errors from 7 contexts (suppressed: 17 from 1) ==13950== malloc/free: in use at exit: 999,004 bytes in 19 blocks. ==13950== malloc/free: 578 allocs, 559 frees, 2,463,714 bytes allocated. ==13950== For counts of detected errors, rerun with: -v ==13950== searching for pointers to 19 not-freed blocks. ==13950== checked 2,637,644 bytes. ==13950== ==13950== LEAK SUMMARY: ==13950== definitely lost: 30 bytes in 3 blocks. ==13950== possibly lost: 0 bytes in 0 blocks. ==13950== still reachable: 998,974 bytes in 16 blocks. ==13950== suppressed: 0 bytes in 0 blocks. ==13950== Rerun with --leak-check=full to see details of leaked memory. This bug was found using the catchconv fuzzer. This bug was found as part of the SUPERB-TRUST 2008 project; see http://www.truststc.org/superb/ Please let me know if you need more information. ---------- messages: 2489 nosy: thiennga priority: normal status: new substatus: new title: Valgrind reports use of uninitialised value of size 4 at wma_decode_block() (bitstream.h:856) & conditional jump or move depends on uninitialised value(s) at wma_decode_block() (wmadec.c:380) type: bug ______________________________________________________ FFmpeg issue tracker <[EMAIL PROTECTED]> <https://roundup.mplayerhq.hu/roundup/ffmpeg/issue537> ______________________________________________________