Bug#775983: oggenc: low --resample rate -> double free or corruption

Fri Sep 25 20:58:21 UTC 2015

* Petter Reinholdtsen <pere at hungry.com>, 2015-09-25, 18:34:
>Can you run oggenc using valgrind (just install valgrind and add it in 
>front of the command), and let us know what the output is?

Valgrind log attached.

-- 
Jakub Wilk
-------------- next part --------------
==1012== Memcheck, a memory error detector
==1012== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1012== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==1012== Command: oggenc --resample=500 test.wav
==1012== Parent PID: 847
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40E8A84: bark_noise_hybridmp (psy.c:622)
==1012==    by 0x40EA759: _vp_noisemask (psy.c:706)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Invalid read of size 4
==1012==    at 0x40E8AAE: bark_noise_hybridmp (psy.c:605)
==1012==    by 0x40EA759: _vp_noisemask (psy.c:706)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012==  Address 0x437b5c8 is 0 bytes after a block of size 1,024 alloc'd
==1012==    at 0x402A1DC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1012==    by 0x40E9FEA: _vp_psy_init (psy.c:282)
==1012==    by 0x40E52FD: _vds_shared_init (block.c:225)
==1012==    by 0x40E54DA: vorbis_analysis_init (block.c:298)
==1012==    by 0x804E1AB: oe_encode (encode.c:357)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Invalid write of size 4
==1012==    at 0x40E8B6C: bark_noise_hybridmp (psy.c:643)
==1012==    by 0x40EA759: _vp_noisemask (psy.c:706)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012==  Address 0x43a4f30 is 0 bytes after a block of size 1,024 alloc'd
==1012==    at 0x402A1DC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1012==    by 0x40E4A90: _vorbis_block_alloc (block.c:126)
==1012==    by 0x40F20DE: mapping0_forward (mapping0.c:371)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Invalid read of size 4
==1012==    at 0x40E8B80: bark_noise_hybridmp (psy.c:627)
==1012==    by 0x40EA759: _vp_noisemask (psy.c:706)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012==  Address 0x437b5cc is 4 bytes after a block of size 1,024 alloc'd
==1012==    at 0x402A1DC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1012==    by 0x40E9FEA: _vp_psy_init (psy.c:282)
==1012==    by 0x40E52FD: _vds_shared_init (block.c:225)
==1012==    by 0x40E54DA: vorbis_analysis_init (block.c:298)
==1012==    by 0x804E1AB: oe_encode (encode.c:357)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40E8917: bark_noise_hybridmp (psy.c:554)
==1012==    by 0x40EA7BB: _vp_noisemask (psy.c:711)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40E8987: bark_noise_hybridmp (psy.c:585)
==1012==    by 0x40EA7BB: _vp_noisemask (psy.c:711)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40E8A84: bark_noise_hybridmp (psy.c:622)
==1012==    by 0x40EA7BB: _vp_noisemask (psy.c:711)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Invalid read of size 4
==1012==    at 0x40E8AAE: bark_noise_hybridmp (psy.c:605)
==1012==    by 0x40EA7BB: _vp_noisemask (psy.c:711)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012==  Address 0x437b5c8 is 0 bytes after a block of size 1,024 alloc'd
==1012==    at 0x402A1DC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1012==    by 0x40E9FEA: _vp_psy_init (psy.c:282)
==1012==    by 0x40E52FD: _vds_shared_init (block.c:225)
==1012==    by 0x40E54DA: vorbis_analysis_init (block.c:298)
==1012==    by 0x804E1AB: oe_encode (encode.c:357)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Invalid write of size 4
==1012==    at 0x40E8B6C: bark_noise_hybridmp (psy.c:643)
==1012==    by 0x40EA7BB: _vp_noisemask (psy.c:711)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012==  Address 0x43a4f30 is 0 bytes after a block of size 1,024 alloc'd
==1012==    at 0x402A1DC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1012==    by 0x40E4A90: _vorbis_block_alloc (block.c:126)
==1012==    by 0x40F20DE: mapping0_forward (mapping0.c:371)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Invalid read of size 4
==1012==    at 0x40E8B80: bark_noise_hybridmp (psy.c:627)
==1012==    by 0x40EA7BB: _vp_noisemask (psy.c:711)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012==  Address 0x437b5cc is 4 bytes after a block of size 1,024 alloc'd
==1012==    at 0x402A1DC: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1012==    by 0x40E9FEA: _vp_psy_init (psy.c:282)
==1012==    by 0x40E52FD: _vds_shared_init (block.c:225)
==1012==    by 0x40E54DA: vorbis_analysis_init (block.c:298)
==1012==    by 0x804E1AB: oe_encode (encode.c:357)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40EA832: _vp_noisemask (psy.c:740)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Use of uninitialised value of size 4
==1012==    at 0x40EA80C: _vp_noisemask (psy.c:742)
==1012==    by 0x40F21D6: mapping0_forward (mapping0.c:425)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40EADB1: _vp_offset_and_mix (psy.c:787)
==1012==    by 0x40F220C: mapping0_forward (mapping0.c:471)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40EADCC: _vp_offset_and_mix (psy.c:788)
==1012==    by 0x40F220C: mapping0_forward (mapping0.c:471)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40EADF6: _vp_offset_and_mix (psy.c:804)
==1012==    by 0x40F220C: mapping0_forward (mapping0.c:471)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== Conditional jump or move depends on uninitialised value(s)
==1012==    at 0x40EAE07: _vp_offset_and_mix (psy.c:814)
==1012==    by 0x40F220C: mapping0_forward (mapping0.c:471)
==1012==    by 0x40E81E2: vorbis_analysis (analysis.c:47)
==1012==    by 0x804E468: oe_encode (encode.c:554)
==1012==    by 0x804A8EC: main (oggenc.c:440)
==1012== 
==1012== 
==1012== HEAP SUMMARY:
==1012==     in use at exit: 0 bytes in 0 blocks
==1012==   total heap usage: 613 allocs, 613 frees, 227,508 bytes allocated
==1012== 
==1012== All heap blocks were freed -- no leaks are possible
==1012== 
==1012== For counts of detected and suppressed errors, rerun with: -v
==1012== Use --track-origins=yes to see where uninitialised values come from
==1012== ERROR SUMMARY: 2326 errors from 16 contexts (suppressed: 0 from 0)