On 07/08/2011 03:41 PM, John Stebbins wrote:
Region 1 True Grit is an example of this. The PTT that is allocated and read is smaller than what gets referenced.
The data is byte-swapped in place which results in writes to memory locations outside the allocated region.
Remove an unnecessary and incorrect part of the patch. There's some code may lead to future invalid references, but I
read the code wrong and applied an incorrect fix. Since I don't have a disc that actually provokes this case, it is
probably best to just leave it alone till such a disc surfaces.
Index: ifo_read.c
===================================================================
--- libdvdread.orig/src/ifo_read.c 2009-10-29 09:11:32.066743831 -0700
+++ libdvdread/src/ifo_read.c 2009-11-13 10:27:49.293174360 -0800
@@ -1138,6 +1127,14 @@
return 0;
}
+ if(vts_ptt_srpt->nr_of_srpts * sizeof(uint32_t) > info_length) {
+ fprintf(stderr, "libdvdread: PTT search table too small.\n");
+ free(vts_ptt_srpt);
+ free(data);
+ ifofile->vts_ptt_srpt = 0;
+ return 0;
+ }
+
for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) {
B2N_32(data[i]);
/* assert(data[i] + sizeof(ptt_info_t) <= vts_ptt_srpt->last_byte + 1);
_______________________________________________
DVDnav-discuss mailing list
[email protected]
https://lists.mplayerhq.hu/mailman/listinfo/dvdnav-discuss
