[DVDnav-discuss] [PATCH] Check for out-of-bounds values for pgcn.
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Tue Nov 12 01:49:35 CET 2013
Hello Bryce,
On Monday, 06 May 2013 at 22:09, Bryce Harrington wrote:
> Admittedly, this just papers over the real issue, and I'd appreciate
> advice on better ways to fix this. There is a sample IFO on the
> referenced bug report that reproduces the crash. Essentially, we're
> seeing pgcn values in the 30,000-32,000 range which is outside the
> bounds of the ifo->vts_pgcit->pgci_srp array, and thus crashes. I
> haven't found where these large values come from... suggestions for
> further study would be welcomed.
Could you try this patch instead? pgcn is unsigned, so checking
for < 0 doesn't make sense.
Index: libdvdnav/src/searching.c
===================================================================
--- libdvdnav/src/searching.c (revision 1279)
+++ libdvdnav/src/searching.c (working copy)
@@ -616,6 +616,10 @@
length = 0;
for(i=0; i<parts; i++) {
uint32_t cellnr, endcellnr;
+ if (ptt[i].pgcn == 0 || ptt[i].pgcn > ifo->vts_pgcit->nr_of_pgci_srp) {
+ printerr("PGCN out of bounds.");
+ continue;
+ }
if (ifo->vts_pgcit->pgci_srp[ptt[i].pgcn-1].pgc_start_byte >= ifo->vts_pgcit->last_byte) {
printerr("PGC start out of bounds");
continue;
Regards,
Dominik
--
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
More information about the DVDnav-discuss
mailing list