** Description changed:
- [Impact]
- <fill me in with explanation of severity and frequency of bug on users and
justification for backporting the fix to the stable release>
+ SRU Request:
- [Development Fix]
- <fill me in with an explanation of how the bug has been addressed in the
development branch, including the relevant version numbers of packages modified
in order to implement the fix. >
+ Impact: Oneiric cannot read certain dvds, including "The Express".
- [Stable Fix]
- <fill me in by pointing out a minimal patch applicable to the stable version
of the package.>
+ Development fix: This is fixed in Precise with the minimal patch
+ provided in this bug.
- [Text Case]
- <fill me in with detailed *instructions* on how to reproduce the bug. This
will be used by people later on to verify the updated package fixes the
problem.>
- 1.
- 2.
- 3.
- Broken Behavior:
- Fixed Behavior:
+ Stable fix: An identical minimal patch has been applied to the Oneiric
+ package
- [Regression Potential]
- <fill me in with a discussion of likelihood and potential severity of
regressions and how users could get inadvertently affected.>
+ Test Case: Unfortunately, someone needs to try playing the "The Express"
+ DVD to test this updated package
- [Original Report]On
+ Regression potential: Although unlikely, this patch may prevent other
+ DVDs from playing, in which case the patch can be backed out.
+
+
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal):
0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file
ifo_read.c, function ifoRead_TT_SRPT, where a structure array is
allocated, but another variable, extracted from the DVD info determines
the lenght of the array, resulting in read/writes beyond the array. I
truncate the read, but perhaps a better solution would be to expand the
malloc to include the data off the DVD. I believe that, however could
lead to out of memory errors if the DVD data was bad/invalid.
With the applied patch, dvdbackup no longer segfaults.
** Changed in: libdvdread (Ubuntu Natty)
Status: New => Won't Fix
** Changed in: libdvdread (Ubuntu Oneiric)
Status: Confirmed => Fix Committed
** Changed in: libdvdread (Ubuntu Oneiric)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/894170
Title:
libdvdread core dumps with invalid next size
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
