diff options
author | jstebbins <[email protected]> | 2011-07-08 22:22:35 +0000 |
---|---|---|
committer | jstebbins <[email protected]> | 2011-07-08 22:22:35 +0000 |
commit | 3fceadac91bbeb330dbd99dd79698726a643f671 (patch) | |
tree | 1e95477fdbb68d9a9e700aec73156610a7123e05 /contrib | |
parent | 75624ce100eb47a98e6d01ecf952f1b801a36055 (diff) |
Fix crash when scanning True Grit
git-svn-id: svn://svn.handbrake.fr/HandBrake/trunk@4090 b64f7644-9d1e-0410-96f1-a4d463321fa5
Diffstat (limited to 'contrib')
-rw-r--r-- | contrib/libdvdread/A05-short-ptt-table.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/contrib/libdvdread/A05-short-ptt-table.patch b/contrib/libdvdread/A05-short-ptt-table.patch new file mode 100644 index 000000000..b6a23b357 --- /dev/null +++ b/contrib/libdvdread/A05-short-ptt-table.patch @@ -0,0 +1,37 @@ +Index: ifo_read.c +=================================================================== +--- libdvdread.orig/src/ifo_read.c 2009-10-29 09:11:32.066743831 -0700 ++++ libdvdread/src/ifo_read.c 2009-11-13 10:27:49.293174360 -0800 +@@ -1138,6 +1127,14 @@ + return 0; + } + ++ if(vts_ptt_srpt->nr_of_srpts * sizeof(uint32_t) > info_length) { ++ fprintf(stderr, "libdvdread: PTT search table too small.\n"); ++ free(vts_ptt_srpt); ++ free(data); ++ ifofile->vts_ptt_srpt = 0; ++ return 0; ++ } ++ + for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) { + B2N_32(data[i]); + /* assert(data[i] + sizeof(ptt_info_t) <= vts_ptt_srpt->last_byte + 1); +@@ -1178,6 +1175,17 @@ + ifofile->vts_ptt_srpt = 0; + return 0; + } ++ ++ if(vts_ptt_srpt->title[i].nr_of_ptts * sizeof(uint32_t) > info_length) { ++ for(n = 0; n < i; n++) ++ free(vts_ptt_srpt->title[n].ptt); ++ fprintf(stderr, "libdvdread: PTT search table too small.\n"); ++ free(vts_ptt_srpt); ++ free(data); ++ ifofile->vts_ptt_srpt = 0; ++ return 0; ++ } ++ + for(j = 0; j < vts_ptt_srpt->title[i].nr_of_ptts; j++) { + /* The assert placed here because of Magic Knight Rayearth Daybreak */ + CHECK_VALUE(data[i] + sizeof(ptt_info_t) <= vts_ptt_srpt->last_byte + 1); |