[MPlayer-dev-eng] [PATCH] dvdread - missing bounds checking in UDFFileEntry
Nico Sabbi
nicola.sabbi at poste.it
Thu Mar 4 10:43:49 CET 2010
Il giovedì 4 marzo 2010 10:24:47 Jindrich Makovicka ha scritto:
> Hi,
>
> UDFFileEntry function currently doesn't check that the lengths
> specified in the file entry are valid, which can lead to segfaults
> when probing badly mastered DVDs. This patch adds a check that the
> total length doesn't exceed the logical block length.
>
> Index: dvd_udf.c
> ===================================================================
> --- dvd_udf.c (revision 1189)
> +++ dvd_udf.c (working copy)
> @@ -443,6 +443,10 @@
>
> L_EA = GETN4( 168 );
> L_AD = GETN4( 172 );
> +
> + if (176 + L_EA + L_AD > DVD_VIDEO_LB_LEN)
> + return 0;
> +
> p = 176 + L_EA;
> while( p < 176 + L_EA + L_AD ) {
> switch( flags & 0x0007 ) {
>
>
please, commit it to the dvdnav tree
More information about the MPlayer-dev-eng
mailing list