touch-packages team mailing list archive

Thread
Date

[Bug 894170] Re: libdvdread core dumps with invalid next size

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Rolf Leggewie <894170@xxxxxxxxxxxxxxxxxx>
Date: Wed, 03 Dec 2014 09:21:54 -0000
Reply-to: Bug 894170 <894170@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

oneiric has seen the end of its life and is no longer receiving any
updates. Marking the oneiric task for this ticket as "Won't Fix".

** Changed in: libdvdread (Ubuntu Oneiric)
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libdvdread in Ubuntu.
https://bugs.launchpad.net/bugs/894170

Title:
  libdvdread core dumps with invalid next size

Status in libdvdread package in Ubuntu:
  Fix Released
Status in libdvdread source package in Natty:
  Won't Fix
Status in libdvdread source package in Oneiric:
  Won't Fix

Bug description:
  SRU Request:

  Impact: Oneiric cannot read certain dvds, including "The Express".

  Development fix: This is fixed in Precise with the minimal patch
  provided in this bug.

  Stable fix: An identical minimal patch has been applied to the Oneiric
  package

  Test Case: Unfortunately, someone needs to try playing the "The
  Express" DVD to test this updated package

  Regression potential: Although unlikely, this patch may prevent other
  DVDs from playing, in which case the patch can be backed out.

  
  Description:    Ubuntu 11.04
  Release:        11.04

  When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
  *** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***

  Using Valgrind, I was able to track down the culprit, in the file
  ifo_read.c, function ifoRead_TT_SRPT, where a structure array is
  allocated, but another variable, extracted from the DVD info
  determines the lenght of the array, resulting in read/writes beyond
  the array. I truncate the read, but perhaps a better solution would be
  to expand the malloc to include the data off the DVD. I believe that,
  however could lead to out of memory errors if the DVD data was
  bad/invalid.

  With the applied patch, dvdbackup no longer segfaults.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+subscriptions