Bug#562900: mplayer: segfaults when given an empty playlist on stdin

Adrien Kunysz a_kunysz at yahoo.com
Mon Dec 28 22:58:14 UTC 2009 

Package: mplayer
Version: 1.0~rc2-17+lenny3
Severity: normal


$ mplayer -playlist - < /dev/null 
MPlayer 1.0rc2-4.3.2-DFSG-free (C) 2000-2007 MPlayer Team
CPU: Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz (Family: 6, Model:
15, Stepping: 13)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled with runtime CPU detection.
Reading from stdin...
Segmentation fault

$ gdb `which mplayer` core
[...]
Core was generated by `mplayer -playlist -'.
Program terminated with signal 11, Segmentation fault.
[New process 26638]
#0  0x00007f7858d72d90 in strncasecmp () from /lib/libc.so.6
(gdb) bt
#0  0x00007f7858d72d90 in strncasecmp () from /lib/libc.so.6
#1  0x00000000004776ff in parse_smil (p=0x238f580) at playtreeparser.c:462
#2  0x0000000000477ff6 in play_tree_parser_get_play_tree (p=0x238f580, forced=1) at playtreeparser.c:806
#3  0x00000000004789b7 in parse_playtree (stream=<value optimized out>, forced=1) at playtreeparser.c:664
#4  0x0000000000478af8 in parse_playlist_file (file=0x7fffd62a2900 "-") at playtreeparser.c:741
#5  0x0000000000464b05 in m_config_parse_mp_command_line (config=0x237df90, argc=3, argv=0x7fffd62a12c8) at parser-mpcmd.c:44
#6  0x000000000045e110 in main (argc=3, argv=0x7fffd62a12c8) at mplayer.c:2343
(gdb) up
#1  0x00000000004776ff in parse_smil (p=0x238f580) at playtreeparser.c:462
462       if (strncasecmp(line,"(smil-document",14)==0) {
(gdb) p line
$1 = 0x0
(gdb) list 450
445       // Check if smil
446       while((line = play_tree_parser_get_line(p)) != NULL) {
447         strstrip(line);
448         if(line[0] == '\0') // Ignore empties
449           continue;
450         if (strncasecmp(line,"<?xml",5)==0) // smil in xml
451           continue;
452         if (strncasecmp(line,"<smil",5)==0 || strncasecmp(line,"<?wpl",5)==0 ||
453           strncasecmp(line,"(smil-document",14)==0)
454           break; // smil header found
(gdb) l
455         else
456           return NULL; //line not smil exit
457       }
458
459       mp_msg(MSGT_PLAYTREE,MSGL_V,"Detected smil playlist format\n");
460       play_tree_parser_stop_keeping(p);
461
462       if (strncasecmp(line,"(smil-document",14)==0) {
463         mp_msg(MSGT_PLAYTREE,MSGL_V,"Special smil-over-realrtsp playlist header\n");
464         is_rmsmil = 1;

This has been fixed in upstream commit 24990:
$ svn diff -r24989:24990
Index: playtreeparser.c
===================================================================
--- playtreeparser.c    (revision 24989)
+++ playtreeparser.c    (revision 24990)
@@ -456,6 +456,7 @@
       return NULL; //line not smil exit
   }
 
+  if (!line) return NULL;
   mp_msg(MSGT_PLAYTREE,MSGL_V,"Detected smil playlist format\n");
   play_tree_parser_stop_keeping(p);
 
$ svn log -r24990
------------------------------------------------------------------------
r24990 | cehoyos | 2007-11-08 23:05:54 +0000 (Thu, 08 Nov 2007) | 1 line

Fix possible null-pointer-dereference in parse_smil().
------------------------------------------------------------------------

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mplayer depends on:
ii  debconf [debconf-2.0]  1.5.24            Debian configuration management sy
ii  libasound2             1.0.16-2          ALSA library
ii  libatk1.0-0            1.22.0-1          The ATK accessibility toolkit
ii  libaudiofile0          0.2.6-7           Open-source version of SGI's audio
ii  libavcodec51           0.svn20080206-18  ffmpeg codec library
ii  libavformat52          0.svn20080206-18  ffmpeg file format library
ii  libavutil49            0.svn20080206-18  ffmpeg utility library
ii  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libcaca0               0.99.beta14-1     colour ASCII art library
ii  libcairo2              1.6.4-7           The Cairo 2D vector graphics libra
ii  libcdparanoia0         3.10.2+debian-5   audio extraction tool for sampling
ii  libcucul0              0.99.beta14-1     low-level Unicode character drawin
ii  libdirectfb-1.0-0      1.0.1-11          direct frame buffer graphics - sha
ii  libesd0                0.2.36-3          Enlightened Sound Daemon - Shared 
ii  libfaad0               2.6.1-3.1         freeware Advanced Audio Decoder - 
ii  libfontconfig1         2.6.0-3           generic font configuration library
ii  libfreetype6           2.3.7-2+lenny1    FreeType 2 font engine, shared lib
ii  libfribidi0            0.10.9-1          Free Implementation of the Unicode
ii  libgcc1                1:4.3.2-1.1       GCC support library
ii  libgif4                4.1.6-6           library for GIF images (library)
ii  libgl1-mesa-glx [libgl 7.0.3-7           A free implementation of the OpenG
ii  libglib2.0-0           2.16.6-2          The GLib library of C routines
ii  libgtk2.0-0            2.12.12-1~lenny1  The GTK+ graphical user interface 
ii  libjack0               0.109.2-5         JACK Audio Connection Kit (librari
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  liblircclient0         0.8.3-3           infra-red remote control support -
ii  liblzo2-2              2.03-1            data compression library
ii  libmpcdec3             1.2.2-1           Musepack (MPC) format library
ii  libncurses5            5.7+20081213-1    shared libraries for terminal hand
ii  libogg0                1.1.3-4           Ogg Bitstream Library
ii  libopenal1             1:1.4.272-2       Software implementation of the Ope
ii  libpango1.0-0          1.20.5-5          Layout and rendering of internatio
ii  libpng12-0             1.2.27-2+lenny2   PNG library - runtime
ii  libpostproc51          0.svn20080206-18  ffmpeg video postprocessing librar
ii  libsdl1.2debian        1.2.13-2          Simple DirectMedia Layer
ii  libsmbclient           2:3.2.5-4lenny7   shared library that allows applica
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
ii  libstdc++6             4.3.2-1.1         The GNU Standard C++ Library v3
ii  libsvga1               1:1.4.3-27        console SVGA display libraries
ii  libswscale0            0.svn20080206-18  ffmpeg video scaling library
ii  libtheora0             1.0~beta3-1       The Theora Video Compression Codec
ii  libx11-6               2:1.1.5-2         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  libxinerama1           2:1.0.3-2         X11 Xinerama extension library
ii  libxv1                 2:1.0.4-1         X11 Video extension library
ii  libxvmc1               1:1.0.4-2         X11 Video extension library
ii  libxxf86dga1           2:1.0.2-1         X11 Direct Graphics Access extensi
ii  libxxf86vm1            1:1.0.2-1         X11 XFree86 video mode extension l
ii  mplayer-skin-blue [mpl 1.6-2             blue skin for mplayer
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

mplayer recommends no packages.

Versions of packages mplayer suggests:
ii  bzip2                         1.0.5-1    high-quality block-sorting file co
ii  fontconfig                    2.6.0-3    generic font configuration library
pn  mplayer-doc                   <none>     (no description available)
pn  netselect | fping             <none>     (no description available)
pn  ttf-freefont                  <none>     (no description available)

-- debconf information:
  mplayer/voutput: autodetect
  mplayer/ttfont: Sans
  mplayer/cfgnote:
  mplayer/replace-existing-files-bail:
  mplayer/replace-existing-files: false
  mplayer/no-ttfont:
  mplayer/install_codecs:
  mplayer/dvd_device: /dev/cdrom

More information about the pkg-multimedia-maintainers mailing list