Source: libisoburn Version: 1.2.2-1 Severity: normal Tags: upstream patch As written by Thomas Schmitt: I just commited a bug fix (written before i got those drugs) which would be of interest for the stabilized libburnia-1.2.2 of Debian.
The fix is worthwhile, because the bug is nasty albeit rarely occuring. I encountered a SIGSEGV by dereferring NULL, but it could have been any other random stack value instead. So the bug has some potential. The risk of introducing regressions is low. See: http://libburnia-project.org/changeset/4809 and - if not too inconvenient - the small beautification of http://libburnia-project.org/changeset/4810 The adjusted patch against 1.2.2 is attached. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
--- libisoburn-1.2.2.orig/xorriso/write_run.c +++ libisoburn-1.2.2/xorriso/write_run.c @@ -2357,7 +2357,7 @@ int Xorriso_update_iso_lba0(struct Xorri int ret, full_size, i; char *headpt; struct burn_drive_info *dinfo; - struct burn_drive *drive; + struct burn_drive *drive = NULL; off_t seek_ret, to_write; int tag_type; uint32_t pos, range_start, range_size, next_tag; @@ -2387,8 +2387,9 @@ int Xorriso_update_iso_lba0(struct Xorri if(!(flag & 2)) { /* head_buffer was not filled yet. Read it from output media. */ - if(burn_drive_get_drive_role(drive) == 5) /* write-only */ - return(2); + if(drive != NULL) + if(burn_drive_get_drive_role(drive) == 5) /* write-only */ + return(2); if(job != NULL && job->data_to_fd >= 0) { if((flag & 8) && job->sector_map != NULL) { ret= Sectorbitmap_bytes_are_set(job->sector_map, @@ -2416,16 +2417,18 @@ int Xorriso_update_iso_lba0(struct Xorri Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, errno, "FAILURE",0); return(0); } - ret= isoburn_read_iso_head(drive, 0, &isosize, head_buffer, 1 << 13); + ret= isoburn_read_iso_head(NULL, 0, &isosize, head_buffer, 1 << 13); if(ret<=0) { Xorriso_process_msg_queues(xorriso,0); sprintf(xorriso->info_text, - "Alleged session start does not like ISO 9660."); + "Alleged session start does not look like ISO 9660."); Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, errno, "FAILURE",0); return(0); } } else { - ret= isoburn_read_iso_head(drive, iso_lba, &isosize, head_buffer, 2); + ret= 0; + if(drive != NULL) + ret= isoburn_read_iso_head(drive, iso_lba, &isosize, head_buffer, 2); if(ret<=0) { Xorriso_process_msg_queues(xorriso,0); sprintf(xorriso->info_text,