Admittedly, this just papers over the real issue, and I'd appreciate advice on better ways to fix this. There is a sample IFO on the referenced bug report that reproduces the crash. Essentially, we're seeing pgcn values in the 30,000-32,000 range which is outside the bounds of the ifo->vts_pgcit->pgci_srp array, and thus crashes. I haven't found where these large values come from... suggestions for further study would be welcomed.
Bryce On Mon, May 06, 2013 at 12:43:59PM -0700, Bryce Harrington wrote: > Fixes a crash in dvdnav_describe_title_chapters() with vlc, lsdvd, and > other video players caused by an invalid value for pgcn. This occurs > with the "Inside Man" DVD. > > Ref: https://bugs.launchpad.net/ubuntu/+source/libdvdnav/+bug/1094499 > > Signed-off-by: Bryce Harrington <[email protected]> > --- > src/searching.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/src/searching.c b/src/searching.c > index a9b4dc9..86d4d97 100644 > --- a/src/searching.c > +++ b/src/searching.c > @@ -641,6 +641,11 @@ uint32_t dvdnav_describe_title_chapters(dvdnav_t *this, > int32_t title, uint64_t > length = 0; > for(i=0; i<parts; i++) { > uint32_t cellnr, endcellnr; > + /* This mimics pgcn checks in ifoRead_VTS_PTT_SRPT() */ > + if (ptt[i].pgcn > 1000 || ptt[i].pgcn < 0) { > + printerr("PGCN out of bounds."); > + continue; > + } > if (ifo->vts_pgcit->pgci_srp[ptt[i].pgcn-1].pgc_start_byte >= > ifo->vts_pgcit->last_byte) { > printerr("PGC start out of bounds"); > continue; > -- > 1.7.9.5 ----- End forwarded message ----- _______________________________________________ DVDnav-discuss mailing list [email protected] https://lists.mplayerhq.hu/mailman/listinfo/dvdnav-discuss
