Public bug reported:
On
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal):
0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file
ifo_read.c, function ifoRead_TT_SRPT, where a structure array is
allocated, but another variable, extracted from the DVD info determines
the lenght of the array, resulting in read/writes beyond the array. I
truncate the read, but perhaps a better solution would be to expand the
malloc to include the data off the DVD. I believe that, however could
lead to out of memory errors if the DVD data was bad/invalid.
With the applied patch, dvdbackup no longer segfaults.
** Affects: libdvdread (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/894170
Title:
libdvdread core dumps with invalid next size
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
