← Back to branch summary

~vibhavp/ubuntu/saucy/libdvdread/merge-from-debian

~vibhavp/ubuntu/saucy/libdvdread/merge-from-debian

« back to all changes in this revision

Viewing changes to debian/patches/08-array.patch

Committer: Package Import Robot
Author(s): Daniel Baumann
Date: 2012-06-29 23:01:44 UTC
mto: This revision was merged to the branch mainline in revision 35.
Revision ID: package-import@ubuntu.com-20120629230144-pawc4v4zwuwgwuxx

Tags: 4.2.0+20120521-2

http://bugs.debian.org/651926

http://bugs.debian.org/653516

http://bugs.debian.org/677493

http://bugs.debian.org/663512

http://bugs.debian.org/281186

http://bugs.debian.org/649790

* Correcting some editorial mistakes in copyright file.
* Updating GPL boilerplate in copyright file.
* Switching to xz compression.
* Correcting hurd.patch, thanks to Jan Schmidt
  <jan.schmidt@oracle.com> (Closes: #651926, #653516, #677493).
* Adding patch from Mario Holbe <mario.holbe@tu-ilmenau.de> to work
  with file system descriptors located at the end of the disk rather
  than at the beginning (Closes: #663512).
* Adding patch from Bryce Harrington <bryce@ubuntu.com> to stifle the
  'Please send bug report - no VTS_TMAPT ??' message (Closes: #281186,
  #281575, #316926, #541723).
* Adding patch from Doug Springer <gpib@rickyrockrat.net> to fix
  read/write beyond end of an array due to using a length value taken
  from the DVD, which can exceed the allocated size, causing a
  segmentation fault (Closes: #649790).

files added:
.pc/.quilt_patches

.pc/.quilt_series

.pc/06-descriptor.patch

.pc/06-descriptor.patch/src

.pc/06-descriptor.patch/src/dvd_udf.c

.pc/07-vts-tmapt.patch

.pc/07-vts-tmapt.patch/src

.pc/07-vts-tmapt.patch/src/ifo_read.c

.pc/08-array.patch

.pc/08-array.patch/src

.pc/08-array.patch/src/ifo_read.c

debian/patches/06-descriptor.patch

debian/patches/07-vts-tmapt.patch

debian/patches/08-array.patch

files modified:
.pc/applied-patches

debian/changelog

debian/copyright

debian/patches/05-hurd.patch

debian/patches/series

debian/rules

debian/source/options

src/dvd_reader.c

src/dvd_udf.c

src/ifo_read.c

Show diffs side-by-side

added added

removed removed

debian/patches/08-array.patch

1

Author: Doug Springer <gpib@rickyrockrat.net>

2

Description:

3

In the file ifo_read.c, function ifoRead_TT_SRPT, where a structure array is

4

allocated, but another variable, extracted from the DVD info determines the

5

lenght of the array, resulting in read/writes beyond the array. I truncate

6

the read, but perhaps a better solution would be to expand the malloc to

7

include the data off the DVD. I believe that, however could lead to out of

8

memory errors if the DVD data was bad/invalid.

9

.

10

With the applied patch, dvdbackup no longer segfaults (Closes: #649790).

11

12

diff -Naurp libdvdread.orig/src/ifo_read.c libdvdread/src/ifo_read.c

13

--- libdvdread.orig/src/ifo_read.c 2012-06-29 22:38:13.234838450 +0200

14

+++ libdvdread/src/ifo_read.c 2012-06-29 22:43:05.753445000 +0200

15

@@ -1081,6 +1081,12 @@ int ifoRead_TT_SRPT(ifo_handle_t *ifofil

16

return 0;

17

}

18

19

+ if(tt_srpt->nr_of_srpts>info_length/sizeof(title_info_t)){

20

+ fprintf(stderr,"libdvdread: data mismatch: info_length (%ld)!= nr_of_srpts (%d). Truncating.\n",

21

+ info_length/sizeof(title_info_t),tt_srpt->nr_of_srpts);

22

+ tt_srpt->nr_of_srpts=info_length/sizeof(title_info_t);

23

+ }

24

+

25

for(i = 0; i < tt_srpt->nr_of_srpts; i++) {

26

B2N_16(tt_srpt->title[i].nr_of_ptts);

27

B2N_16(tt_srpt->title[i].parental_id);

Older »