Opened 2 years ago
Closed 21 months ago
#9695 closed defect (invalid)
Crash in libavformat/mov.c while playing a simple mp4 file
| Reported by: | dlin | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | avformat |
| Version: | git-master | Keywords: | mov.c |
| Cc: | dlin | Blocked By: | |
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | yes |
Description
Summary of the bug:
How to reproduce:
./configure --cc=clang-12 --cxx=clang++-12 --disable-shared
--extra-cflags="-O1 -g" --extra-cxxflags="-O1 -g"
--pkg-config-flags="--static" --disable-stripping --toolchain=clang-msan
gdb ./ffmpeg_g
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./ffmpeg_g...done.
(gdb) set args -y -i POC
(gdb) b __sanitizer::Die
Breakpoint 1 at 0x66f6d0
(gdb) r
Starting program: /home/dlin/aflplusplus/oss/tmp/FFmpeg/ffmpeg_g -y -i POC
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
ffmpeg version N-106378-gfa989df1c6 Copyright (c) 2000-2022 the FFmpeg developers
built with Ubuntu clang version 12.0.1-++20211102090516+fed41342a82f-1~exp1~20211102211019.11
configuration: --cc=clang-12 --cxx=clang++-12 --disable-shared --extra-cflags=' -O1 -g' --extra-cxxflags='-O1 -g' --pkg-config-flags=--static --toolchain=clang-msan
libavutil 57. 24.101 / 57. 24.101
libavcodec 59. 25.100 / 59. 25.100
libavformat 59. 20.101 / 59. 20.101
libavdevice 59. 6.100 / 59. 6.100
libavfilter 8. 29.100 / 8. 29.100
libswscale 6. 6.100 / 6. 6.100
libswresample 4. 6.100 / 4. 6.100
==25828==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x171af53 in av_bswap32 /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavutil/x86/bswap.h:73:5
#1 0x171af53 in get_bits /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavcodec/get_bits.h:404:5
#2 0x171af53 in get_bits_long /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavcodec/get_bits.h:564:22
#3 0x171af53 in mov_read_stsz /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:2930:31
#4 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23
#5 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23
#6 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23
#7 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23
#8 0x171f6c7 in mov_read_trak /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:4416:16
#9 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23
#10 0x171349d in mov_read_moov /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:1177:16
#11 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23
#12 0x16f6af7 in mov_read_header /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:8178:20
#13 0x154c688 in avformat_open_input /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/demux.c:310:20
#14 0x6dd8f8 in open_input_file /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg_opt.c:1173:11
#15 0x6dbc53 in open_files /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg_opt.c:3432:15
#16 0x6db4d4 in ffmpeg_parse_options /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg_opt.c:3472:11
#17 0x746f4f in main /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg.c:4873:11
#18 0x7ffff532fbf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310
#19 0x65ed29 in _start (/home/dlin/aflplusplus/oss/tmp/FFmpeg/ffmpeg_g+0x65ed29)
Uninitialized value was created by a heap allocation
#0 0x685fa5 in posix_memalign (/home/dlin/aflplusplus/oss/tmp/FFmpeg/ffmpeg_g+0x685fa5)
#1 0x524cc5a in av_malloc /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavutil/mem.c:105:9
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavutil/x86/bswap.h:73:5 in av_bswap32
Exiting
Breakpoint 1, 0x000000000066f6d0 in __sanitizer::Die() ()
(gdb) bt
#0 0x000000000066f6d0 in __sanitizer::Die() ()
#1 0x0000000000680ce3 in __msan_warning_with_origin_noreturn ()
#2 0x000000000171af54 in av_bswap32 (x=<optimized out>) at ./libavutil/x86/bswap.h:73
#3 get_bits (s=<optimized out>, n=16) at ./libavcodec/get_bits.h:404
#4 get_bits_long (s=<optimized out>, n=32) at ./libavcodec/get_bits.h:564
#5 mov_read_stsz (c=<optimized out>, pb=<optimized out>, atom=...) at libavformat/mov.c:2930
#6 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...)
at libavformat/mov.c:7628
#7 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...)
at libavformat/mov.c:7628
#8 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...)
at libavformat/mov.c:7628
#9 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>,
pb@entry=0x711000000000, atom=...) at libavformat/mov.c:7628
#10 0x000000000171f6c8 in mov_read_trak (c=<optimized out>, pb=0x7fffffffb0e0, atom=...)
at libavformat/mov.c:4416
#11 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...)
at libavformat/mov.c:7628
#12 0x000000000171349e in mov_read_moov (c=0x7fffffffb0e0, pb=0x5, atom=...)
at libavformat/mov.c:1177
#13 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, c@entry=0x713000000000,
pb=<optimized out>, pb@entry=0x711000000000, atom=...) at libavformat/mov.c:7628
#14 0x00000000016f6af8 in mov_read_header (s=0x715000000000) at libavformat/mov.c:8178
#15 0x000000000154c689 in avformat_open_input (ps=ps@entry=0x7fffffffd060,
filename=0x215000000008 "", filename@entry=0x7fffffffe196 "POC", fmt=<optimized out>,
---Type <return> to continue, or q <return> to quit---
fmt@entry=0x0, options=0x704000000068) at libavformat/demux.c:310
#16 0x00000000006dd8f9 in open_input_file (o=<optimized out>, filename=0x7fffffffe196 "POC")
at fftools/ffmpeg_opt.c:1173
#17 0x00000000006dbc54 in open_files (l=<optimized out>, inout=0x54b1cbc "input",
open_file=0x6dbf80 <open_input_file>) at fftools/ffmpeg_opt.c:3432
#18 0x00000000006db4d5 in ffmpeg_parse_options (argc=<optimized out>, argc@entry=4,
argv=<optimized out>, argv@entry=0x7fffffffdda8) at fftools/ffmpeg_opt.c:3472
#19 0x0000000000746f50 in main (argc=4, argv=0x7fffffffdda8) at fftools/ffmpeg.c:4873
(gdb) disass $pc-32,$pc+32
Dump of assembler code from 0x66f6b0 to 0x66f6f0:
0x000000000066f6b0 <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+144>: movq $0x0,0x560ee95(%rip) # 0x5c7e550 <_ZN11__sanitizerL20InternalDieCallbacksE+32>
0x000000000066f6bb <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+155>: mov $0x1,%al
0x000000000066f6bd <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+157>: pop %rcx
0x000000000066f6be <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+158>: retq
0x000000000066f6bf: nop
0x000000000066f6c0 <_ZN11__sanitizer18SetUserDieCallbackEPFvvE+0>: mov %rdi,0x560ee91(%rip) # 0x5c7e558 <_ZN11__sanitizerL15UserDieCallbackE>
0x000000000066f6c7 <_ZN11__sanitizer18SetUserDieCallbackEPFvvE+7>: retq
0x000000000066f6c8: nopl 0x0(%rax,%rax,1)
=> 0x000000000066f6d0 <_ZN11__sanitizer3DieEv+0>: push %rax
0x000000000066f6d1 <_ZN11__sanitizer3DieEv+1>: mov 0x560ee80(%rip),%rax # 0x5c7e558 <_ZN11__sanitizerL15UserDieCallbackE>
0x000000000066f6d8 <_ZN11__sanitizer3DieEv+8>: test %rax,%rax
0x000000000066f6db <_ZN11__sanitizer3DieEv+11>: jne 0x66f734 <_ZN11__sanitizer3DieEv+100>
0x000000000066f6dd <_ZN11__sanitizer3DieEv+13>: mov 0x560ee6c(%rip),%rax # 0x5c7e550 <_ZN11__sanitizerL20InternalDieCallbacksE+32>
0x000000000066f6e4 <_ZN11__sanitizer3DieEv+20>: test %rax,%rax
0x000000000066f6e7 <_ZN11__sanitizer3DieEv+23>: jne 0x66f742 <_ZN11__sanitizer3DieEv+114>
0x000000000066f6e9 <_ZN11__sanitizer3DieEv+25>: mov 0x560ee58(%rip),%rax # 0x5c7e548 <_ZN11__sanitizerL20InternalDieCallbacksE+24>
End of assembler dump.
(gdb) info all-registers
rax 0x5c7e308 96985864
rbx 0x188 392
rcx 0x0 0
rdx 0x8 8
rsi 0x7fffffffb0e0 140737488335072
rdi 0x7fffffffb0e0 140737488335072
rbp 0x7fffffffb360 0x7fffffffb360
rsp 0x7fffffffb358 0x7fffffffb358
r8 0x5beda00 96393728
r9 0x5 5
r10 0x5395d3e 87645502
r11 0x206 518
r12 0x170 368
r13 0xfffffffffffff300 -3328
r14 0x0 0
r15 0xb 11
rip 0x66f6d0 0x66f6d0 <__sanitizer::Die()>
eflags 0x202 [ IF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
st0 0 (raw 0x00000000000000000000)
---Type <return> to continue, or q <return> to quit---
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0xffff 65535
fstat 0xffff 65535
ftag 0xaaaa 43690
fiseg 0x1 1
fioff 0x0 0
foseg 0x5638 22072
fooff 0xa 10
fop 0x7ff 2047
mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ]
bndcfgu {raw = 0x0, config = {base = 0x0, reserved = 0x0, preserved = 0x0, enabled = 0x0}} {raw = 0x0, config = {base = 0, reserved = 0, preserved = 0, enabled = 0}}
bndstatus {raw = 0x0, status = {bde = 0x0, error = 0x0}} {raw = 0x0, status = {bde = 0, error = 0}}
ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x8, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x60, 0xb3, 0xff, 0xff, 0xff, 0x7f,
0x0 <repeats 18 times>}, v16_int16 = {0x8, 0x0, 0x30, 0x0, 0xb360, 0xffff, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x8, 0x30, 0xffffb360, 0x7fff, 0x0, 0x0, 0x0, 0x0},
v4_int64 = {0x3000000008, 0x7fffffffb360, 0x0, 0x0}, v2_int128 = {0x7fffffffb3600000003000000008, 0x0}}
ymm1 {v8_float = {0xffffffff, 0xffffffff, 0xffffffff, 0x2bdc, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x7fffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0}, v32_int8 = {0x75, 0x73, 0x70, 0x6c, 0x75,
0x73, 0x2f, 0x6f, 0x73, 0x73, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x46, 0x0 <repeats 16 times>}, v16_int16 = {0x7375, 0x6c70, 0x7375, 0x6f2f, 0x7373, 0x742f, 0x706d, 0x462f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0}, v8_int32 = {0x6c707375, 0x6f2f7375, 0x742f7373, 0x462f706d, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x6f2f73756c707375, 0x462f706d742f7373, 0x0, 0x0}, v2_int128 = {
0x462f706d742f73736f2f73756c707375, 0x0}}
---Type <return> to continue, or q <return> to quit---
ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xed, 0x65, 0x0 <repeats 21 times>},
v16_int16 = {0x0, 0x0, 0x0, 0x0, 0xed00, 0x65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0x65ed00, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x65ed00, 0x0, 0x0},
v2_int128 = {0x65ed000000000000000000, 0x0}}
ymm4 {v8_float = {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x2, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0 <repeats 24 times>}, v16_int16 = {0x0,
0x0, 0x0, 0x4000, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4000000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x4000000000000000, 0x0}}
ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xb0, 0xdc, 0xff, 0xff, 0xff, 0x7f, 0x0, 0x0, 0xb8, 0xdc, 0xff, 0xff, 0xff, 0x7f,
0x0 <repeats 18 times>}, v16_int16 = {0xdcb0, 0xffff, 0x7fff, 0x0, 0xdcb8, 0xffff, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffdcb0, 0x7fff, 0xffffdcb8, 0x7fff, 0x0, 0x0,
0x0, 0x0}, v4_int64 = {0x7fffffffdcb0, 0x7fffffffdcb8, 0x0, 0x0}, v2_int128 = {0x7fffffffdcb800007fffffffdcb0, 0x0}}
ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
---Type <return> to continue, or q <return> to quit---
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}}
bnd0 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1
bnd1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1
bnd2 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1
bnd3 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1
Attachments (1)
Change History (2)
by , 2 years ago
comment:1 by , 21 months ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This is not a crash but only read of uninitialized value.
This is the allocated data:
Only num_bytes are filled in the buffer, but the bitstream reader used on buf is allowed to overread, that is why extra padding is allocated. So the code is safe and uninitialized value is ignored later on.