[DVDnav-discuss] [PATCH] libdvdread: segfault and patch to fix it (again)
Frédéric Marchal
fmarchal at perso.be
Thu Oct 6 16:23:05 CEST 2011
On Thursday 06 October 2011, Dominik 'Rathann' Mierzejewski wrote:
> Hi,
>
> On Saturday, 16 October 2010 at 11:21, Frédéric Marchal wrote:
> > Hello,
> >
> > On July 11th, Morten Sjøgren reported a segfault due to the
> > double free of a buffer in ifoFree_PTL_MAIT and provided
> > a patch:
> >
> > http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2010-July/066025.html
> >
> > The patch was taken into account by Dominik 'Rathann' Mierzejewski
> > on September 2nd:
> >
> > http://lists.mplayerhq.hu/pipermail/mplayer-dev-eng/2010-September/066033
> > .html
> >
> > The patch is incomplete as ifoRead_PTL_MAIT can still return without
> > resetting the pointer in ifofile->ptl_mait. In my case, I have two
> > DVDs failing due an invalid seek offset passed to DVDFileSeek_().
> >
> > The following patch set ifofile->ptl_mait to NULL (not 0 as in the
> > original patch) before every return statement.
> >
> > Moreover, if the seek offset is obviously out of range, the loop over
> > the countries is interrupted and the nr_of_countries is set to the
> > index of the highest country that could be read. I'm not sure it is
> > the proper action but without a test case to disprove it, it sound
> > sensible as nr_of_countries doesn't seem to be used.
>
> I think this has been at least partially applied. If there are still
> any issues that this patch fixes, could you resend a patch against
> current SVN?
The part with the ifofile->ptl_mait is fixed. Note that on a purely cosmetic
point of view, some ifofile->ptl_mait are reset to 0 (zero) and others to
NULL.
The second patch with the capping of nr_of_countries was never applied as I
couldn't remember, two months after submitting it, which dvd displayed the
problem the patch was supposed to address.
Frederic
More information about the DVDnav-discuss
mailing list