[Bug 852345] Re: Libdvdread misses hidden files and causes segfaults to calling programs

Bryce Harrington 852345 at bugs.launchpad.net
Mon Sep 26 00:17:53 UTC 2011 

I've reviewed and experimented with the patch, and on natty have
reproduced both the original problem and fix.  Let me also express
gratitude to jim sixtyfive for the fix.

The patch is essentially scanning the upper of the two-byte code for
unicode16 strings  and if it has any non-zero value it blanks out the
remainder of the string.  In this particular case, this results in an
empty string, thus causing the garbage file to be ignored.

The patch also improves the existing coding style, by  using memcpy
instead of manual do {} while pointer copy.

However, some of the coding style in the patch seemed a bit sketchy to
me; for instance "data[-1]" feels like trouble waiting to happen; it
works as coded, but could bite some future maintainer if they're not
aware of it.  I've gone ahead and fixed this, and added some comments
and stuff to make the code clearer.  I've tested this both with a dvd
that expresses this bug, and one normal one, and both worked properly.

Here is a PPA with both natty and oneiric packages of this fix:

  https://launchpad.net/~bryce/+archive/lp852345

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/852345

Title:
  Libdvdread misses hidden files and causes segfaults to calling
  programs

Status in “libdvdread” package in Ubuntu:
  Triaged
Status in “libdvdread” source package in Natty:
  In Progress

Bug description:
  Package: libdvdread4
  Version: 4.1.x and others

  No error message, but symptoms are usually segfault when reading, for example the Movie DVD Thor.
  This results from a new anti-copy scheme where the real video_ts.ifo is hidden. Use of the decoy video_ts.ifo results in a unplayable DVD.

  Discussion is here:
  http://ubuntuforums.org/showthread.php?p=11257764

  Patch is here:

  diff -ru libdvdread-4.1.3/src/dvd_udf.c libdvdread-4.1.3.fixed/src/dvd_udf.c
  --- libdvdread-4.1.3/src/dvd_udf.c    2008-09-06 15:55:51.000000000 -0600
  +++ libdvdread-4.1.3.fixed/src/dvd_udf.c    2011-09-16 14:07:04.000000000 -0600
  @@ -331,21 +331,26 @@
   /* This is wrong with regard to endianess */
   #define GETN(p, n, target) memcpy(target,&data[p], n)

  -static int Unicodedecode( uint8_t *data, int len, char *target )
  +static int Unicodedecode(uint8_t *data, int len, char *target)
   {
  -    int p = 1, i = 0;
  +    len--;
  +    data++;
  +    if (data[-1] == 8 )
  +        memcpy(target, data, len);
  +    else if (data[-1] == 16) {
  +        int i;

  -    if( ( data[ 0 ] == 8 ) || ( data[ 0 ] == 16 ) ) do {
  -        if( data[ 0 ] == 16 ) p++;  /* Ignore MSB of unicode16 */
  -        if( p<  len ) {
  -            target[ i++ ] = data[ p++ ];
  +        for (i = 0; i<  len; i++) {
  +            if (data[i*2] == 0)
  +                target[i] = data[i*2+1];
  +            else
  +                target[i] = 0;
           }
  -    } while( p<  len );
  +    }
  +    target[len] = '\0';

  -    target[ i ] = '\0';
       return 0;
   }
  -
   static int UDFDescriptor( uint8_t *data, uint16_t *TagID )
   {
       *TagID = GETN2(0);

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/852345/+subscriptions

More information about the Ubuntu-sponsors mailing list