[DVDnav-discuss] r1190 - trunk/libdvdread/src/dvd_udf.c
henry
subversion at mplayerhq.hu
Thu Mar 4 20:14:17 CET 2010
Author: henry
Date: Thu Mar 4 20:14:17 2010
New Revision: 1190
Log:
add bounds checking in UDFFileEntry
Some badly mastered DVDs can have set bogus lengths of the Allocation
Descriptors, causing a segfault. This check ensures that the total entry
length does not exceed DVD logical block size before processing the entry.
Modified:
trunk/libdvdread/src/dvd_udf.c
Modified: trunk/libdvdread/src/dvd_udf.c
==============================================================================
--- trunk/libdvdread/src/dvd_udf.c Sat Jan 30 16:15:23 2010 (r1189)
+++ trunk/libdvdread/src/dvd_udf.c Thu Mar 4 20:14:17 2010 (r1190)
@@ -443,6 +443,10 @@ static int UDFFileEntry( uint8_t *data,
L_EA = GETN4( 168 );
L_AD = GETN4( 172 );
+
+ if (176 + L_EA + L_AD > DVD_VIDEO_LB_LEN)
+ return 0;
+
p = 176 + L_EA;
while( p < 176 + L_EA + L_AD ) {
switch( flags & 0x0007 ) {
More information about the DVDnav-discuss
mailing list