[libdvdnav-devel] Abort when PTT search table has zero entries
Paul Menzel
git at videolan.org
Sun Dec 29 18:18:24 CET 2013
libdvdread | branch: master | Paul Menzel <paulepanter at users.sourceforge.net> | Wed Dec 4 22:40:17 2013 +0000| [ec45ee7029c273f8b50afc6bc114ed819fd08b80] | committer: Jean-Baptiste Kempf
Abort when PTT search table has zero entries
The static analyzer from LLVM/Clang 1:3.4~svn194079-1 reports a possible
allocation of size 0 in `libdvdread/src/ifo_read.c`.
$ scan-build -o scan-build make
$ scan-view scan-build/2013-11-18-155601-16168-1
When `vts_ptt_srpt->nr_of_srpts` is zero the allocation size is zero.
vts_ptt_srpt->title = malloc(vts_ptt_srpt->nr_of_srpts * sizeof(ttu_t));
The manual of the function `malloc` writes the following.
If size is 0, then malloc() returns either NULL, or a unique
pointer value that can later be successfully passed to free().
So check for 0 and, if it is, abort by going to the label `fail`.
> http://git.videolan.org/gitweb.cgi/libdvdread.git/?a=commit;h=ec45ee7029c273f8b50afc6bc114ed819fd08b80
---
src/ifo_read.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/ifo_read.c b/src/ifo_read.c
index 9d807f7..51f0857 100644
--- a/src/ifo_read.c
+++ b/src/ifo_read.c
@@ -1185,6 +1185,12 @@ int ifoRead_VTS_PTT_SRPT(ifo_handle_t *ifofile) {
fprintf(stderr, "libdvdread: PTT search table too small.\n");
goto fail;
}
+
+ if(vts_ptt_srpt->nr_of_srpts == 0) {
+ fprintf(stderr, "libdvdread: Zero entries in PTT search table.\n");
+ goto fail;
+ }
+
for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) {
/* Transformers 3 has PTT start bytes that point outside the SRPT PTT */
uint32_t start = data[i];
More information about the libdvdnav-devel
mailing list