[issue537] Valgrind reports use of uninitialised value of size 4 at wma_decode_block() (bitstream.h:856) & conditional jump or move depends on uninitialised value(s) at wma_decode_block() (wmadec.c:380)

Nga Chung Wed, 16 Jul 2008 10:45:28 -0700

New submission from Nga Chung <[EMAIL PROTECTED]>:

I am trying to transcode from a wma to an mp3 format. Valgrind reports use of
uninitialised value of size 4 at wma_decode_block (bitstream.h:856) and
conditional jump or move depends on uninitialised value(s) at wma_decode_block
(wmadec.c:380).


I confirmed that this bug is reproducible in the latest subversion of FFmpeg,
SVN-r14255.

I uploaded the test file via ftp upload.mplayerhq.hu in the directory
/MPlayer/incoming/ngatestcase2/9-twins.wma

My System Information:
OS: Linux Debian x32
kernel: Linux debian 2.6.18-6-486 #1 Fri Jun 6 21:47:01 UTC 2008 i686 GNU/Linux
gcc version 4.1.2 20061115
ld version 2.17

My Hardware Information:
32-bit Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Multimedia audio controller: Ensoniq ES1371 [AudioPCI-97] (rev 02)

To reproduce:
valgrind ./ffmpeg/ffmpeg_g -i 9-twins.wma test.mp3

The following is the output from Valgrind:

==13950== Memcheck, a memory error detector.
==13950== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==13950== Using LibVEX rev 1854, a library for dynamic binary translation.
==13950== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==13950== Using valgrind-3.3.1, a dynamic binary instrumentation framework.
==13950== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==13950== For more details, rerun with: -v
==13950==
FFmpeg version SVN-r14255, Copyright (c) 2000-2008 Fabrice Bellard, et al.
  configuration:
  libavutil version: 49.7.0
  libavcodec version: 51.60.0
  libavformat version: 52.17.0
  libavdevice version: 52.0.0
  built on Jul 16 2008 19:23:26, gcc: 4.1.2 20061115 (prerelease) (Debian 
4.1.1-21)
Input #0, asf, from '9-twins.wma':
  Duration: 00:03:15.67, start: 1.579000, bitrate: 2 kb/s
    Stream #0.0: Audio: wmav2, 44100 Hz, stereo, 64 kb/s
Output #0, mp2, to 'test.mp3':
    Stream #0.0: Audio: mp2, 44100 Hz, stereo, 64 kb/s
Stream mapping:
  Stream #0.0 -> #0.0
Press [q] to stop encoding
==13950== Use of uninitialised value of size 4s
==13950== Stack hash: 137945098
==13950==    at 0x838E00A: wma_decode_block (bitstream.h:856)
==13950==
==13950== Conditional jump or move depends on uninitialised value(s)
==13950== Stack hash: 137945009
==13950==    at 0x838DFB1: wma_decode_block (wmadec.c:521)
overflow in spectral RLE, ignoring
==13950==
==13950== Conditional jump or move depends on uninitialised value(s)
==13950== Stack hash: 137939987
==13950==    at 0x838CC13: wma_decode_block (wmadec.c:380)
==13950==
==13950== Conditional jump or move depends on uninitialised value(s)
==13950== Stack hash: 137940212
==13950==    at 0x838CCF4: wma_decode_block (wmadec.c:409)
==13950==
==13950== Conditional jump or move depends on uninitialised value(s)
==13950== Stack hash: 137941561
==13950==    at 0x838D239: wma_decode_block (wmadec.c:689)
==13950==
==13950== Conditional jump or move depends on uninitialised value(s)
==13950== Stack hash: 137938589
==13950==    at 0x838C69D: wma_window (wmadec.c:325)
==13950==
==13950== Conditional jump or move depends on uninitialised value(s)
==13950== Stack hash: 137941510
==13950==    at 0x838D206: wma_decode_block (wmadec.c:701)
size=      46kB time=5.85 bitrate=  64.0kbits/s
video:0kB audio:46kB global headers:0kB muxing overhead 0.000000%
==13950==
==13950== ERROR SUMMARY: 78 errors from 7 contexts (suppressed: 17 from 1)
==13950== malloc/free: in use at exit: 999,004 bytes in 19 blocks.
==13950== malloc/free: 578 allocs, 559 frees, 2,463,714 bytes allocated.
==13950== For counts of detected errors, rerun with: -v
==13950== searching for pointers to 19 not-freed blocks.
==13950== checked 2,637,644 bytes.
==13950==
==13950== LEAK SUMMARY:
==13950==    definitely lost: 30 bytes in 3 blocks.
==13950==      possibly lost: 0 bytes in 0 blocks.
==13950==    still reachable: 998,974 bytes in 16 blocks.
==13950==         suppressed: 0 bytes in 0 blocks.
==13950== Rerun with --leak-check=full to see details of leaked memory.

This bug was found using the catchconv fuzzer.

This bug was found as part of the SUPERB-TRUST 2008 project; see
http://www.truststc.org/superb/

Please let me know if you need more information.

----------
messages: 2489
nosy: thiennga
priority: normal
status: new
substatus: new
title: Valgrind reports use of uninitialised value of size 4 at 
wma_decode_block() (bitstream.h:856) & conditional jump or move depends on 
uninitialised value(s) at wma_decode_block() (wmadec.c:380)
type: bug

______________________________________________________
FFmpeg issue tracker <[EMAIL PROTECTED]>
<https://roundup.mplayerhq.hu/roundup/ffmpeg/issue537>
______________________________________________________

[issue537] Valgrind reports use of uninitialised value of size 4 at wma_decode_block() (bitstream.h:856) & conditional jump or move depends on uninitialised value(s) at wma_decode_block() (wmadec.c:380)

Reply via email to