I have encountered with a bug in mencoder. This is how it may be reproduced (i used mencoder built from sources checked out from subversion repository). expl.c (attached) - pseudo streaming server. It accepts the connection and then sends exploit data into it. So compile it and run. Then run mencoder with options "-o out.avi http://127.0.0.1:8050"; to see the crash. This is how all the reproducing steps look: user at machine:/space/iisaev/avalanche2/mplayer/inst/bin$ gcc -Wall expl.c -o expl user at machine:/space/iisaev/avalanche2/mplayer/inst/bin$ ./expl & [1] 30104 user at machine:/space/iisaev/avalanche2/mplayer/inst/bin$ gdb --args ./mencoder -o out.avi http://127.0.0.1:8050 GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu"... (gdb) run Starting program: /space/iisaev/avalanche2/mplayer/inst/bin/mencoder -o out.avi http://127.0.0.1:8050 [Thread debugging using libthread_db enabled] MEncoder SVN-r30947-4.3.3 (C) 2000-2010 MPlayer Team Resolving 127.0.0.1 for AF_INET6... Couldn't resolve name for AF_INET6: 127.0.0.1 Connecting to server 127.0.0.1[127.0.0.1]: 8050... Malformed answer. No space separator found. [New Thread 0x405f9b20 (LWP 30107)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x405f9b20 (LWP 30107)] 0x404aa656 in strcasecmp () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0x404aa656 in strcasecmp () from /lib/tls/i686/cmov/libc.so.6 #1 0x08213ae9 in http_streaming_start (stream=0x93d1608, file_format=0xbffd1754) at stream/http.c:796 #2 0x08214633 in open_s1 (stream=0x93d1608, mode=0, opts=0x0, file_format=0xbffd1754) at stream/http.c:945 #3 0x0816c9f5 in open_stream_full (filename=0x93bf380 "http://127.0.0.1:8050";, mode=0, options=0x0, file_format=0xbffd1754) at stream/stream.c:178 #4 0x0816bae9 in open_stream (filename=0x40590380 "??X@\200?X@??X@\200?X@??X@`?X@", options=0x0, file_format=0xbffd1754) at stream/open.c:63 #5 0x080892cb in main (argc=Cannot access memory at address 0x0 ) at mencoder.c:713 (gdb) up #1 0x08213ae9 in http_streaming_start (stream=0x93d1608, file_format=0xbffd1754) at stream/http.c:796 796 if( !strcasecmp(http_hdr->protocol, "ICY") || (gdb) p http_hdr->protocol $1 = 0x0 One can see that null pointer dereference occurs at stream/http.c:796 as http_hdr->protocol is equal to null. I hope this letter will help to fix it. Thanks, Ildar -------------- next part -------------- A non-text attachment was scrubbed... Name: expl.c Type: text/x-csrc Size: 9265 bytes Desc: not available URL: <http://lists.mplayerhq.hu/pipermail/mplayer-users/attachments/20100323/5a3fd793/attachment.c>
