How to report a bunch of mplayer bugs

Tue Dec 22 21:32:52 UTC 2015

Hi Gustavo,

On 22.12.2015 16:15, Gustavo Grieco wrote:
> I'm the main developer and maintainer of QuickFuzz, a free and open-source experimental
> grammar fuzzer. I recently made a quick test of Mplayer version shipped with Ubuntu 14.04
> and found a few interesting crashes trying to play malformed wav files. These crashes are
> de-duplicated by Honggfuzz, so they should be more or less independent (although, some are
> definitely related).

Thanks for your effort!

> The list is here:
> 
> SIGBUS.PC.5704be.STACK.5c9a551.CODE.128.ADDR.(nil).INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGFPE.PC.432d0e.STACK.18b3c0fcd4.CODE.1.ADDR.0x432d0e.INSTR.idivl__0x560ca8(%rip)________#_0x0000000000560cae.fuzz
> SIGFPE.PC.4bf2c3.STACK.1bca543b66.CODE.1.ADDR.0x4bf2c3.INSTR.divl___0x80(%rsi).fuzz
> SIGFPE.PC.7ffff3ceed83.STACK.d7d8808dd.CODE.1.ADDR.0x7ffff3ceed83.INSTR.idiv___%r8d.fuzz
> SIGSEGV.PC.4bd833.STACK.18b2dd10ac.CODE.1.ADDR.0xa.INSTR.movzwl_0xa(%rax),%ecx.fuzz
> SIGSEGV.PC.4be46b.STACK.1aba63653d.CODE.1.ADDR.(nil).INSTR.movzbl_(%rcx,%rdx,1),%ecx.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7ffffaaf0e08.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7ffffefcecd8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff48eff8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff54e258.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60c128.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60d498.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60d4a8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60daa8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff60db58.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5704be.STACK.5c9a551.CODE.1.ADDR.0x7fffff6429a8.INSTR.callq__0xfffffffffff3c6e2.fuzz
> SIGSEGV.PC.5947b5.STACK.1b0df30f87.CODE.1.ADDR.(nil).INSTR.movzbl_(%rcx,%rdx,1),%ecx.fuzz
> SIGSEGV.PC.7fffefe7314e.STACK.18f3cc3594.CODE.1.ADDR.(nil).INSTR.movdqu_%xmm8,(%rdi,%rcx,1).fuzz

This list is not very useful. Please provide at least backtraces (with the necessary -dbg
packages installed).

> I think some of them can be security issues (that's why they are not linked in this email).
> I want to handle such test cases to some trusted maintainers of Mplayer and avoid spamming the
> bug tracker. I already ask upstream (http://permalink.gmane.org/gmane.comp.video.mplayer.devel/64515)
> and they told me that mplayer 1.1 is unsupported, so i'm re-testing for the last cve revision. 

I suspect that most the the issues you found are not even bugs in mplayer, but rather Libav,
which is used in Ubuntu 14.04.
We've switched back to FFmpeg recently and I suspect most/all of the issues you found
don't affect it.

Please test your samples with mplayer/ffmpeg from Debian unstable/testing or Ubuntu xenial.

Best regards,
Andreas