contrib/libdvdread/A05-short-ptt-table.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

Index: ifo_read.c
===================================================================
--- libdvdread.orig/src/ifo_read.c	2009-10-29 09:11:32.066743831 -0700
+++ libdvdread/src/ifo_read.c	2009-11-13 10:27:49.293174360 -0800
@@ -1138,6 +1127,14 @@
     return 0;
   }
 
+  if(vts_ptt_srpt->nr_of_srpts * sizeof(uint32_t) > info_length) {
+    fprintf(stderr, "libdvdread: PTT search table too small.\n");
+    free(vts_ptt_srpt);
+    free(data);
+    ifofile->vts_ptt_srpt = 0;
+    return 0;
+  }
+
   for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) {
     B2N_32(data[i]);
     /* assert(data[i] + sizeof(ptt_info_t) <= vts_ptt_srpt->last_byte + 1);
@@ -1178,6 +1175,17 @@
       ifofile->vts_ptt_srpt = 0;
       return 0;
     }
+
+    if(vts_ptt_srpt->title[i].nr_of_ptts * sizeof(uint32_t) > info_length) {
+      for(n = 0; n < i; n++)
+        free(vts_ptt_srpt->title[n].ptt);
+      fprintf(stderr, "libdvdread: PTT search table too small.\n");
+      free(vts_ptt_srpt);
+      free(data);
+      ifofile->vts_ptt_srpt = 0;
+      return 0;
+    }
+
     for(j = 0; j < vts_ptt_srpt->title[i].nr_of_ptts; j++) {
       /* The assert placed here because of Magic Knight Rayearth Daybreak */
       CHECK_VALUE(data[i] + sizeof(ptt_info_t) <= vts_ptt_srpt->last_byte + 1);