Opened 3 years ago
Closed 2 years ago
#9695 closed defect (invalid)
Crash in libavformat/mov.c while playing a simple mp4 file
Reported by: | dlin | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avformat |
Version: | git-master | Keywords: | mov.c |
Cc: | dlin | Blocked By: | |
Blocking: | Reproduced by developer: | yes | |
Analyzed by developer: | yes |
Description
Summary of the bug:
How to reproduce:
./configure --cc=clang-12 --cxx=clang++-12 --disable-shared --extra-cflags="-O1 -g" --extra-cxxflags="-O1 -g" --pkg-config-flags="--static" --disable-stripping --toolchain=clang-msan gdb ./ffmpeg_g GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./ffmpeg_g...done. (gdb) set args -y -i POC (gdb) b __sanitizer::Die Breakpoint 1 at 0x66f6d0 (gdb) r Starting program: /home/dlin/aflplusplus/oss/tmp/FFmpeg/ffmpeg_g -y -i POC [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". ffmpeg version N-106378-gfa989df1c6 Copyright (c) 2000-2022 the FFmpeg developers built with Ubuntu clang version 12.0.1-++20211102090516+fed41342a82f-1~exp1~20211102211019.11 configuration: --cc=clang-12 --cxx=clang++-12 --disable-shared --extra-cflags=' -O1 -g' --extra-cxxflags='-O1 -g' --pkg-config-flags=--static --toolchain=clang-msan libavutil 57. 24.101 / 57. 24.101 libavcodec 59. 25.100 / 59. 25.100 libavformat 59. 20.101 / 59. 20.101 libavdevice 59. 6.100 / 59. 6.100 libavfilter 8. 29.100 / 8. 29.100 libswscale 6. 6.100 / 6. 6.100 libswresample 4. 6.100 / 4. 6.100 ==25828==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x171af53 in av_bswap32 /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavutil/x86/bswap.h:73:5 #1 0x171af53 in get_bits /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavcodec/get_bits.h:404:5 #2 0x171af53 in get_bits_long /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavcodec/get_bits.h:564:22 #3 0x171af53 in mov_read_stsz /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:2930:31 #4 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23 #5 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23 #6 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23 #7 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23 #8 0x171f6c7 in mov_read_trak /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:4416:16 #9 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23 #10 0x171349d in mov_read_moov /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:1177:16 #11 0x16f5941 in mov_read_default /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:7628:23 #12 0x16f6af7 in mov_read_header /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/mov.c:8178:20 #13 0x154c688 in avformat_open_input /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavformat/demux.c:310:20 #14 0x6dd8f8 in open_input_file /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg_opt.c:1173:11 #15 0x6dbc53 in open_files /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg_opt.c:3432:15 #16 0x6db4d4 in ffmpeg_parse_options /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg_opt.c:3472:11 #17 0x746f4f in main /home/dlin/aflplusplus/oss/tmp/FFmpeg/fftools/ffmpeg.c:4873:11 #18 0x7ffff532fbf6 in __libc_start_main /build/glibc-S9d2JN/glibc-2.27/csu/../csu/libc-start.c:310 #19 0x65ed29 in _start (/home/dlin/aflplusplus/oss/tmp/FFmpeg/ffmpeg_g+0x65ed29) Uninitialized value was created by a heap allocation #0 0x685fa5 in posix_memalign (/home/dlin/aflplusplus/oss/tmp/FFmpeg/ffmpeg_g+0x685fa5) #1 0x524cc5a in av_malloc /home/dlin/aflplusplus/oss/tmp/FFmpeg/libavutil/mem.c:105:9 SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/dlin/aflplusplus/oss/tmp/FFmpeg/./libavutil/x86/bswap.h:73:5 in av_bswap32 Exiting Breakpoint 1, 0x000000000066f6d0 in __sanitizer::Die() () (gdb) bt #0 0x000000000066f6d0 in __sanitizer::Die() () #1 0x0000000000680ce3 in __msan_warning_with_origin_noreturn () #2 0x000000000171af54 in av_bswap32 (x=<optimized out>) at ./libavutil/x86/bswap.h:73 #3 get_bits (s=<optimized out>, n=16) at ./libavcodec/get_bits.h:404 #4 get_bits_long (s=<optimized out>, n=32) at ./libavcodec/get_bits.h:564 #5 mov_read_stsz (c=<optimized out>, pb=<optimized out>, atom=...) at libavformat/mov.c:2930 #6 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...) at libavformat/mov.c:7628 #7 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...) at libavformat/mov.c:7628 #8 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...) at libavformat/mov.c:7628 #9 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, pb@entry=0x711000000000, atom=...) at libavformat/mov.c:7628 #10 0x000000000171f6c8 in mov_read_trak (c=<optimized out>, pb=0x7fffffffb0e0, atom=...) at libavformat/mov.c:4416 #11 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, pb=<optimized out>, atom=...) at libavformat/mov.c:7628 #12 0x000000000171349e in mov_read_moov (c=0x7fffffffb0e0, pb=0x5, atom=...) at libavformat/mov.c:1177 #13 0x00000000016f5942 in mov_read_default (c=0x7fffffffb0e0, c@entry=0x713000000000, pb=<optimized out>, pb@entry=0x711000000000, atom=...) at libavformat/mov.c:7628 #14 0x00000000016f6af8 in mov_read_header (s=0x715000000000) at libavformat/mov.c:8178 #15 0x000000000154c689 in avformat_open_input (ps=ps@entry=0x7fffffffd060, filename=0x215000000008 "", filename@entry=0x7fffffffe196 "POC", fmt=<optimized out>, ---Type <return> to continue, or q <return> to quit--- fmt@entry=0x0, options=0x704000000068) at libavformat/demux.c:310 #16 0x00000000006dd8f9 in open_input_file (o=<optimized out>, filename=0x7fffffffe196 "POC") at fftools/ffmpeg_opt.c:1173 #17 0x00000000006dbc54 in open_files (l=<optimized out>, inout=0x54b1cbc "input", open_file=0x6dbf80 <open_input_file>) at fftools/ffmpeg_opt.c:3432 #18 0x00000000006db4d5 in ffmpeg_parse_options (argc=<optimized out>, argc@entry=4, argv=<optimized out>, argv@entry=0x7fffffffdda8) at fftools/ffmpeg_opt.c:3472 #19 0x0000000000746f50 in main (argc=4, argv=0x7fffffffdda8) at fftools/ffmpeg.c:4873 (gdb) disass $pc-32,$pc+32 Dump of assembler code from 0x66f6b0 to 0x66f6f0: 0x000000000066f6b0 <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+144>: movq $0x0,0x560ee95(%rip) # 0x5c7e550 <_ZN11__sanitizerL20InternalDieCallbacksE+32> 0x000000000066f6bb <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+155>: mov $0x1,%al 0x000000000066f6bd <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+157>: pop %rcx 0x000000000066f6be <_ZN11__sanitizer17RemoveDieCallbackEPFvvE+158>: retq 0x000000000066f6bf: nop 0x000000000066f6c0 <_ZN11__sanitizer18SetUserDieCallbackEPFvvE+0>: mov %rdi,0x560ee91(%rip) # 0x5c7e558 <_ZN11__sanitizerL15UserDieCallbackE> 0x000000000066f6c7 <_ZN11__sanitizer18SetUserDieCallbackEPFvvE+7>: retq 0x000000000066f6c8: nopl 0x0(%rax,%rax,1) => 0x000000000066f6d0 <_ZN11__sanitizer3DieEv+0>: push %rax 0x000000000066f6d1 <_ZN11__sanitizer3DieEv+1>: mov 0x560ee80(%rip),%rax # 0x5c7e558 <_ZN11__sanitizerL15UserDieCallbackE> 0x000000000066f6d8 <_ZN11__sanitizer3DieEv+8>: test %rax,%rax 0x000000000066f6db <_ZN11__sanitizer3DieEv+11>: jne 0x66f734 <_ZN11__sanitizer3DieEv+100> 0x000000000066f6dd <_ZN11__sanitizer3DieEv+13>: mov 0x560ee6c(%rip),%rax # 0x5c7e550 <_ZN11__sanitizerL20InternalDieCallbacksE+32> 0x000000000066f6e4 <_ZN11__sanitizer3DieEv+20>: test %rax,%rax 0x000000000066f6e7 <_ZN11__sanitizer3DieEv+23>: jne 0x66f742 <_ZN11__sanitizer3DieEv+114> 0x000000000066f6e9 <_ZN11__sanitizer3DieEv+25>: mov 0x560ee58(%rip),%rax # 0x5c7e548 <_ZN11__sanitizerL20InternalDieCallbacksE+24> End of assembler dump. (gdb) info all-registers rax 0x5c7e308 96985864 rbx 0x188 392 rcx 0x0 0 rdx 0x8 8 rsi 0x7fffffffb0e0 140737488335072 rdi 0x7fffffffb0e0 140737488335072 rbp 0x7fffffffb360 0x7fffffffb360 rsp 0x7fffffffb358 0x7fffffffb358 r8 0x5beda00 96393728 r9 0x5 5 r10 0x5395d3e 87645502 r11 0x206 518 r12 0x170 368 r13 0xfffffffffffff300 -3328 r14 0x0 0 r15 0xb 11 rip 0x66f6d0 0x66f6d0 <__sanitizer::Die()> eflags 0x202 [ IF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 st0 0 (raw 0x00000000000000000000) ---Type <return> to continue, or q <return> to quit--- st1 0 (raw 0x00000000000000000000) st2 0 (raw 0x00000000000000000000) st3 0 (raw 0x00000000000000000000) st4 0 (raw 0x00000000000000000000) st5 0 (raw 0x00000000000000000000) st6 0 (raw 0x00000000000000000000) st7 0 (raw 0x00000000000000000000) fctrl 0xffff 65535 fstat 0xffff 65535 ftag 0xaaaa 43690 fiseg 0x1 1 fioff 0x0 0 foseg 0x5638 22072 fooff 0xa 10 fop 0x7ff 2047 mxcsr 0x1fa0 [ PE IM DM ZM OM UM PM ] bndcfgu {raw = 0x0, config = {base = 0x0, reserved = 0x0, preserved = 0x0, enabled = 0x0}} {raw = 0x0, config = {base = 0, reserved = 0, preserved = 0, enabled = 0}} bndstatus {raw = 0x0, status = {bde = 0x0, error = 0x0}} {raw = 0x0, status = {bde = 0, error = 0}} ymm0 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x8, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x60, 0xb3, 0xff, 0xff, 0xff, 0x7f, 0x0 <repeats 18 times>}, v16_int16 = {0x8, 0x0, 0x30, 0x0, 0xb360, 0xffff, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x8, 0x30, 0xffffb360, 0x7fff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x3000000008, 0x7fffffffb360, 0x0, 0x0}, v2_int128 = {0x7fffffffb3600000003000000008, 0x0}} ymm1 {v8_float = {0xffffffff, 0xffffffff, 0xffffffff, 0x2bdc, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x7fffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0}, v32_int8 = {0x75, 0x73, 0x70, 0x6c, 0x75, 0x73, 0x2f, 0x6f, 0x73, 0x73, 0x2f, 0x74, 0x6d, 0x70, 0x2f, 0x46, 0x0 <repeats 16 times>}, v16_int16 = {0x7375, 0x6c70, 0x7375, 0x6f2f, 0x7373, 0x742f, 0x706d, 0x462f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x6c707375, 0x6f2f7375, 0x742f7373, 0x462f706d, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x6f2f73756c707375, 0x462f706d742f7373, 0x0, 0x0}, v2_int128 = { 0x462f706d742f73736f2f73756c707375, 0x0}} ---Type <return> to continue, or q <return> to quit--- ymm2 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm3 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xed, 0x65, 0x0 <repeats 21 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x0, 0xed00, 0x65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0x0, 0x0, 0x65ed00, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x65ed00, 0x0, 0x0}, v2_int128 = {0x65ed000000000000000000, 0x0}} ymm4 {v8_float = {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x2, 0x0, 0x0, 0x0}, v32_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0 <repeats 24 times>}, v16_int16 = {0x0, 0x0, 0x0, 0x4000, 0x0 <repeats 12 times>}, v8_int32 = {0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x4000000000000000, 0x0, 0x0, 0x0}, v2_int128 = {0x4000000000000000, 0x0}} ymm5 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm6 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm7 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0xb0, 0xdc, 0xff, 0xff, 0xff, 0x7f, 0x0, 0x0, 0xb8, 0xdc, 0xff, 0xff, 0xff, 0x7f, 0x0 <repeats 18 times>}, v16_int16 = {0xdcb0, 0xffff, 0x7fff, 0x0, 0xdcb8, 0xffff, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v8_int32 = {0xffffdcb0, 0x7fff, 0xffffdcb8, 0x7fff, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x7fffffffdcb0, 0x7fffffffdcb8, 0x0, 0x0}, v2_int128 = {0x7fffffffdcb800007fffffffdcb0, 0x0}} ymm8 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm9 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm10 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm11 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm12 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm13 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, ---Type <return> to continue, or q <return> to quit--- 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm14 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} ymm15 {v8_float = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_double = {0x0, 0x0, 0x0, 0x0}, v32_int8 = {0x0 <repeats 32 times>}, v16_int16 = {0x0 <repeats 16 times>}, v8_int32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, v4_int64 = {0x0, 0x0, 0x0, 0x0}, v2_int128 = {0x0, 0x0}} bnd0 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 bnd1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 bnd2 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 bnd3 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1 {lbound = 0x0, ubound = 0xffffffffffffffff} : size -1
Attachments (1)
Change History (2)
by , 3 years ago
comment:1 by , 2 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This is not a crash but only read of uninitialized value.
This is the allocated data:
Only num_bytes are filled in the buffer, but the bitstream reader used on buf is allowed to overread, that is why extra padding is allocated. So the code is safe and uninitialized value is ignored later on.