Fix crash when scanning True Grit

git-svn-id: svn://svn.handbrake.fr/HandBrake/trunk@4090 b64f7644-9d1e-0410-96f1-a4d463321fa5

1 files changed, 37 insertions, 0 deletions

diff --git a/contrib/libdvdread/A05-short-ptt-table.patch b/contrib/libdvdread/A05-short-ptt-table.patch
new file mode 100644
index 000000000..b6a23b357
--- /dev/null
+++ b/contrib/libdvdread/A05-short-ptt-table.patch
@@ -0,0 +1,37 @@
+Index: ifo_read.c
+===================================================================
+--- libdvdread.orig/src/ifo_read.c	2009-10-29 09:11:32.066743831 -0700
++++ libdvdread/src/ifo_read.c	2009-11-13 10:27:49.293174360 -0800
+@@ -1138,6 +1127,14 @@
+     return 0;
+   }
+ 
++  if(vts_ptt_srpt->nr_of_srpts * sizeof(uint32_t) > info_length) {
++    fprintf(stderr, "libdvdread: PTT search table too small.\n");
++    free(vts_ptt_srpt);
++    free(data);
++    ifofile->vts_ptt_srpt = 0;
++    return 0;
++  }
++
+   for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) {
+     B2N_32(data[i]);
+     /* assert(data[i] + sizeof(ptt_info_t) <= vts_ptt_srpt->last_byte + 1);
+@@ -1178,6 +1175,17 @@
+       ifofile->vts_ptt_srpt = 0;
+       return 0;
+     }
++
++    if(vts_ptt_srpt->title[i].nr_of_ptts * sizeof(uint32_t) > info_length) {
++      for(n = 0; n < i; n++)
++        free(vts_ptt_srpt->title[n].ptt);
++      fprintf(stderr, "libdvdread: PTT search table too small.\n");
++      free(vts_ptt_srpt);
++      free(data);
++      ifofile->vts_ptt_srpt = 0;
++      return 0;
++    }
++
+     for(j = 0; j < vts_ptt_srpt->title[i].nr_of_ptts; j++) {
+       /* The assert placed here because of Magic Knight Rayearth Daybreak */
+       CHECK_VALUE(data[i] + sizeof(ptt_info_t) <= vts_ptt_srpt->last_byte + 1);