[MPlayer-dev-eng] [PATCH] dvdread - missing bounds checking in UDFFileEntry

Jindrich Makovicka makovick at gmail.com
Thu Mar 4 10:24:47 CET 2010


Hi,

UDFFileEntry function currently doesn't check that the lengths
specified in the file entry are valid, which can lead to segfaults when
probing badly mastered DVDs. This patch adds a check that the total
length doesn't exceed the logical block length.

Index: dvd_udf.c
===================================================================
--- dvd_udf.c	(revision 1189)
+++ dvd_udf.c	(working copy)
@@ -443,6 +443,10 @@
 
   L_EA = GETN4( 168 );
   L_AD = GETN4( 172 );
+
+  if (176 + L_EA + L_AD > DVD_VIDEO_LB_LEN)
+    return 0;
+
   p = 176 + L_EA;
   while( p < 176 + L_EA + L_AD ) {
     switch( flags & 0x0007 ) {






More information about the MPlayer-dev-eng mailing list