[Bug 894170] [NEW] libdvdread core dumps with invalid next size
Launchpad Bug Tracker
894170 at bugs.launchpad.net
Thu May 10 17:09:14 UTC 2012
You have been subscribed to a public bug by Vibhav Pant (vibhavp):
On
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file
ifo_read.c, function ifoRead_TT_SRPT, where a structure array is
allocated, but another variable, extracted from the DVD info determines
the lenght of the array, resulting in read/writes beyond the array. I
truncate the read, but perhaps a better solution would be to expand the
malloc to include the data off the DVD. I believe that, however could
lead to out of memory errors if the DVD data was bad/invalid.
With the applied patch, dvdbackup no longer segfaults.
** Affects: libdvdread (Ubuntu)
Importance: High
Status: Fix Released
** Affects: libdvdread (Ubuntu Natty)
Importance: Undecided
Status: New
** Affects: libdvdread (Ubuntu Oneiric)
Importance: Undecided
Assignee: Vibhav Pant (vibhavp)
Status: Incomplete
** Tags: patch
--
libdvdread core dumps with invalid next size
https://bugs.launchpad.net/bugs/894170
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list