[Bug 894170] Re: libdvdread core dumps with invalid next size

Wed May 16 12:40:39 UTC 2012

Thanks for the debdiff. I've prepared a package using it, with a few minor adjustments:
- You didn't specify the correct path for the patch in the changelog
- You didn't wrap lines in the changelog
- You applied the fix inline in addition to having it in the patch system.

I've uploaded the package to -proposed to await processing by the SRU
team.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/894170

Title:
  libdvdread core dumps with invalid next size

Status in “libdvdread” package in Ubuntu:
  Fix Released
Status in “libdvdread” source package in Natty:
  New
Status in “libdvdread” source package in Oneiric:
  Confirmed

Bug description:
  On 
  Description:    Ubuntu 11.04
  Release:        11.04

  When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
  *** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***

  Using Valgrind, I was able to track down the culprit, in the file
  ifo_read.c, function ifoRead_TT_SRPT, where a structure array is
  allocated, but another variable, extracted from the DVD info
  determines the lenght of the array, resulting in read/writes beyond
  the array. I truncate the read, but perhaps a better solution would be
  to expand the malloc to include the data off the DVD. I believe that,
  however could lead to out of memory errors if the DVD data was
  bad/invalid.

  With the applied patch, dvdbackup no longer segfaults.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+subscriptions