[libdvdnav-devel] Fix crash in ifoRead_VTS_PTT_SRPT()
Steve Dibb
git at videolan.org
Thu Apr 24 16:44:13 CEST 2014
libdvdread | branch: master | Steve Dibb <beandog at gentoo.org> | Thu Apr 24 16:42:21 2014 +0200| [0cd997af4474b5026308195ecfb33a6016a9e7fb] | committer: Jean-Baptiste Kempf
Fix crash in ifoRead_VTS_PTT_SRPT()
In ifoRead_VTS_PTT_SRPT(), there's a lot of places where the
function will exit on a 'goto fail' call if the IFO is invalid.
However, the check for the PGN value is only done later.
This fixes it so that it fails earlier -- when the PGN is
originally set, and doesn't go through the other checks as well, trying to set
invalid data that will be referenced later.
See VLC trac #10459
> http://git.videolan.org/gitweb.cgi/libdvdread.git/?a=commit;h=0cd997af4474b5026308195ecfb33a6016a9e7fb
---
src/ifo_read.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/ifo_read.c b/src/ifo_read.c
index 3b6b262..cc6edd7 100644
--- a/src/ifo_read.c
+++ b/src/ifo_read.c
@@ -1245,6 +1245,8 @@ int ifoRead_VTS_PTT_SRPT(ifo_handle_t *ifofile) {
= *(uint16_t*)(((char *)data) + data[i] + 4*j - VTS_PTT_SRPT_SIZE);
vts_ptt_srpt->title[i].ptt[j].pgn
= *(uint16_t*)(((char *)data) + data[i] + 4*j + 2 - VTS_PTT_SRPT_SIZE);
+ if(!vts_ptt_srpt->title[i].ptt[j].pgn)
+ goto fail;
}
}
More information about the libdvdnav-devel
mailing list