[DVDnav-discuss] [PATCH] libdvdread: segfault and patch to fix it (again)

Frédéric Marchal fmarchal at perso.be
Sat Oct 16 11:21:39 CEST 2010


Hello,

On July 11th, Morten Sjøgren reported a segfault due to the
double free of a buffer in ifoFree_PTL_MAIT and provided
a patch:

http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2010-July/066025.html

The patch was taken into account by Dominik 'Rathann' Mierzejewski
on September 2nd:

http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2010-September/066033.html

The patch is incomplete as ifoRead_PTL_MAIT can still return without
resetting the pointer in ifofile->ptl_mait. In my case, I have two
DVDs failing due an invalid seek offset passed to DVDFileSeek_().

The following patch set ifofile->ptl_mait to NULL (not 0 as in the
original patch) before every return statement.

Moreover, if the seek offset is obviously out of range, the loop over
the countries is interrupted and the nr_of_countries is set to the
index of the highest country that could be read. I'm not sure it is
the proper action but without a test case to disprove it, it sound
sensible as nr_of_countries doesn't seem to be used.

Frederic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libdvdread_double_free.patch
Type: text/x-patch
Size: 3995 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/dvdnav-discuss/attachments/20101016/481e2175/attachment.bin>


More information about the DVDnav-discuss mailing list