Source: libisoburn
Version: 1.2.2-1
Severity: normal
Tags: upstream patch
As written by Thomas Schmitt:
I just commited a bug fix (written before i got those drugs) which
would be of interest for the stabilized libburnia-1.2.2 of Debian.
The fix is worthwhile, because the bug is nasty albeit rarely occuring.
I encountered a SIGSEGV by dereferring NULL, but it could have been any
other random stack value instead. So the bug has some potential.
The risk of introducing regressions is low.
See: http://libburnia-project.org/changeset/4809
and - if not too inconvenient - the small beautification of
http://libburnia-project.org/changeset/4810
The adjusted patch against 1.2.2 is attached.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- libisoburn-1.2.2.orig/xorriso/write_run.c
+++ libisoburn-1.2.2/xorriso/write_run.c
@@ -2357,7 +2357,7 @@ int Xorriso_update_iso_lba0(struct Xorri
int ret, full_size, i;
char *headpt;
struct burn_drive_info *dinfo;
- struct burn_drive *drive;
+ struct burn_drive *drive = NULL;
off_t seek_ret, to_write;
int tag_type;
uint32_t pos, range_start, range_size, next_tag;
@@ -2387,8 +2387,9 @@ int Xorriso_update_iso_lba0(struct Xorri
if(!(flag & 2)) {
/* head_buffer was not filled yet. Read it from output media. */
- if(burn_drive_get_drive_role(drive) == 5) /* write-only */
- return(2);
+ if(drive != NULL)
+ if(burn_drive_get_drive_role(drive) == 5) /* write-only */
+ return(2);
if(job != NULL && job->data_to_fd >= 0) {
if((flag & 8) && job->sector_map != NULL) {
ret= Sectorbitmap_bytes_are_set(job->sector_map,
@@ -2416,16 +2417,18 @@ int Xorriso_update_iso_lba0(struct Xorri
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, errno, "FAILURE",0);
return(0);
}
- ret= isoburn_read_iso_head(drive, 0, &isosize, head_buffer, 1 << 13);
+ ret= isoburn_read_iso_head(NULL, 0, &isosize, head_buffer, 1 << 13);
if(ret<=0) {
Xorriso_process_msg_queues(xorriso,0);
sprintf(xorriso->info_text,
- "Alleged session start does not like ISO 9660.");
+ "Alleged session start does not look like ISO 9660.");
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, errno, "FAILURE",0);
return(0);
}
} else {
- ret= isoburn_read_iso_head(drive, iso_lba, &isosize, head_buffer, 2);
+ ret= 0;
+ if(drive != NULL)
+ ret= isoburn_read_iso_head(drive, iso_lba, &isosize, head_buffer, 2);
if(ret<=0) {
Xorriso_process_msg_queues(xorriso,0);
sprintf(xorriso->info_text,
