[DVDnav-discuss] [PATCH] Check for out-of-bounds values for pgcn.
Bryce Harrington
bryce at canonical.com
Mon May 6 22:09:31 CEST 2013
Admittedly, this just papers over the real issue, and I'd appreciate
advice on better ways to fix this. There is a sample IFO on the
referenced bug report that reproduces the crash. Essentially, we're
seeing pgcn values in the 30,000-32,000 range which is outside the
bounds of the ifo->vts_pgcit->pgci_srp array, and thus crashes. I
haven't found where these large values come from... suggestions for
further study would be welcomed.
Bryce
On Mon, May 06, 2013 at 12:43:59PM -0700, Bryce Harrington wrote:
> Fixes a crash in dvdnav_describe_title_chapters() with vlc, lsdvd, and
> other video players caused by an invalid value for pgcn. This occurs
> with the "Inside Man" DVD.
>
> Ref: https://bugs.launchpad.net/ubuntu/+source/libdvdnav/+bug/1094499
>
> Signed-off-by: Bryce Harrington <bryce at canonical.com>
> ---
> src/searching.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/searching.c b/src/searching.c
> index a9b4dc9..86d4d97 100644
> --- a/src/searching.c
> +++ b/src/searching.c
> @@ -641,6 +641,11 @@ uint32_t dvdnav_describe_title_chapters(dvdnav_t *this, int32_t title, uint64_t
> length = 0;
> for(i=0; i<parts; i++) {
> uint32_t cellnr, endcellnr;
> + /* This mimics pgcn checks in ifoRead_VTS_PTT_SRPT() */
> + if (ptt[i].pgcn > 1000 || ptt[i].pgcn < 0) {
> + printerr("PGCN out of bounds.");
> + continue;
> + }
> if (ifo->vts_pgcit->pgci_srp[ptt[i].pgcn-1].pgc_start_byte >= ifo->vts_pgcit->last_byte) {
> printerr("PGC start out of bounds");
> continue;
> --
> 1.7.9.5
----- End forwarded message -----
More information about the DVDnav-discuss
mailing list