[DVDnav-discuss] r1018 - in trunk/libdvdnav/src: navigation.c vm/vm.c
Erik Hovland
erik at hovland.org
Tue Apr 22 00:34:11 CEST 2008
On Sun, Apr 20, 2008 at 10:29:03AM +0200, nicodvb wrote:
> Author: nicodvb
> Date: Sun Apr 20 10:29:02 2008
> New Revision: 1018
>
> Log:
> in get_PGCIT() check the validity of vm->vtsi before risking to
> dereference NULL; also change dvdnav_get_current_menu() accordingly
> patch by Erik Hovland - erik hovland org
The navigation.c catch is very good.
I think the fix is incomplete though. Because the current source has:
int vm_get_current_menu(vm_t *vm, int *menuid) {
pgcit_t* pgcit;
int pgcn;
pgcn = (vm->state).pgcN;
pgcit = get_PGCIT(vm);
*menuid = pgcit->pgci_srp[pgcn - 1].entry_id & 0xf ;
return 1;
}
While my original patch added the line:
int vm_get_current_menu(vm_t *vm, int *menuid) {
pgcit_t* pgcit;
int pgcn;
pgcn = (vm->state).pgcN;
pgcit = get_PGCIT(vm);
if (pgcit == NULL) return 0;
*menuid = pgcit->pgci_srp[pgcn - 1].entry_id & 0xf ;
return 1;
}
Without the if clause to return 0, then vm_get_current_menu will cause
any program that uses that function to segfault on the next line with
the NULL pgcit is dereferenced.
Let me know if I am totally off of my rocker.
E
src/vm/vm.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/vm/vm.c b/src/vm/vm.c
index 129b330..996f0ea 100644
--- a/src/vm/vm.c
+++ b/src/vm/vm.c
@@ -612,6 +612,7 @@ int vm_get_current_menu(vm_t *vm, int *menuid) {
int pgcn;
pgcn = (vm->state).pgcN;
pgcit = get_PGCIT(vm);
+ if (pgcit == NULL) return 0;
*menuid = pgcit->pgci_srp[pgcn - 1].entry_id & 0xf ;
return 1;
}
--
Erik Hovland
mail: erik at hovland.org
web: http://hovland.org/
PGP/GPG public key available on request
More information about the DVDnav-discuss
mailing list