vlc crashed with SIGSEGV in dvdnav_describe_title_chapters()

Bug #934471 reported by Ingo Gerth on 2012-02-17
78
This bug affects 13 people
Affects Status Importance Assigned to Milestone
libdvdnav (Ubuntu)
Medium
Bryce Harrington
Precise
Undecided
Bryce Harrington

Bug Description

[Impact]
VLC (and Totem) crash in dvdnav_describe_title_chapters() when attempting to play DVDs with a different region code than the player, and perhaps under other circumstances.

[Test Case]
Verify player is set to play one specific region code.
Insert DVD with a differing (unsupported) region code.
Launch VLC and open the DVD.

[Regression Potential]
This just adds a check that the cell ID is not 0. 0 is not a valid ID.
Upstream reviewed and accepted this patch, so it's had wide testing.

[Original Report]
This application crashed immediately when I put in a DVD with region code 1 in my code 2 laptop and selected "Open with VLC". No idea though whether the region has any influence on this problem.

There was no user input.

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: vlc-nox 2.0.0~unix-0ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-16.25-generic 3.2.6
Uname: Linux 3.2.0-16-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
CheckboxSubmission: 05c436e63dfa019ccd464d7387e4a841
CheckboxSystem: b845c366ea09c60efa3a45c1b5b21525
CrashCounter: 1
Date: Fri Feb 17 21:18:01 2012
ExecutablePath: /usr/bin/vlc
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Alpha amd64 (20110824)
ProcCmdline: /usr/bin/vlc /media/MOON_MACHINES
SegvAnalysis:
 Segfault happened at: 0x7f3eb81166e5 <dvdnav_describe_title_chapters+659>: movzbl (%rax),%eax
 PC (0x7f3eb81166e5) ok
 source "(%rax)" (0xffffffffffffffff) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
 Stack memory exhausted (SP below stack segment)
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: vlc
StacktraceTop:
 dvdnav_describe_title_chapters () from /usr/lib/libdvdnav.so.4
 ?? () from /usr/lib/vlc/plugins/access/libdvdnav_plugin.so
 vlc_module_load () from /usr/lib/libvlccore.so.5
 ?? () from /usr/lib/libvlccore.so.5
 ?? () from /usr/lib/libvlccore.so.5
Title: vlc crashed with SIGSEGV in dvdnav_describe_title_chapters()
UpgradeStatus: Upgraded to precise on 2012-02-17 (0 days ago)
UserGroups: adm admin cdrom debian-tor dialout lpadmin plugdev sambashare

Ingo Gerth (igerth) wrote :
Ingo Gerth (igerth) wrote :

Interestingly the same happens when opening the DVD with Totem!

Ingo Gerth (igerth) wrote :

StacktraceTop:
 dvdnav_describe_title_chapters (this=0x7f3e88001360, title=1, times=0x7f3eb41f8098, duration=0x7f3eb41f8090) at /build/buildd/libdvdnav-4.2.0/src/searching.c:625
 DemuxTitles (p_demux=0x7f3e880010d8) at dvdnav.c:1007
 Open (p_this=0x7f3e880010d8) at dvdnav.c:322
 vlc_module_load (p_this=0x7f3e880010d8, psz_capability=0x7f3ec1c618f2 "access_demux", psz_name=<optimized out>, b_strict=true, probe=0x7f3ec1c27f70 <generic_start>) at modules/modules.c:347
 demux_New (p_obj=0x7f3eb0000b78, p_parent_input=0x7f3eb0000b78, psz_access=0x7f3e88000ff0 "file", psz_demux=0x7f3ec1c6a1aa "", psz_location=<optimized out>, s=0x0, out=0x7f3e88000d40, b_quick=false) at input/demux.c:195

Changed in vlc (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Benjamin Drung (bdrung) on 2012-02-18
visibility: private → public
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vlc (Ubuntu):
status: New → Confirmed
affects: vlc (Ubuntu) → libdvdnav (Ubuntu)
Sylvain HENRY (hsyl20) wrote :

I sent a patch upstream to solve this problem (waiting for approval on the mailing-list). If you don't want to wait, I attach it here.

The attachment "cellnr.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Fjodor (sune-molgaard) wrote :

I can confirm that this patch works for me

Sylvain HENRY (hsyl20) wrote :

Finally, another patch may get applied (see libdvdnav mailing-list). Could some people confirm that this new patch works for them too?

Thanks

Bryce Harrington (bryce) wrote :

Hi Sylvain, do I understand properly that the patch in comment #11 is the correct one to take, rather than the one in comment #8?

Changed in libdvdnav (Ubuntu):
status: Confirmed → Triaged
assignee: nobody → Bryce Harrington (bryce)

Hi,

Yes. After a short discussion on the libdvdnav mailing-list, it seems
that the patch in comment #11 should be the one that would be applied
upstream.

Cheers
Sylvain

Le 15/04/2012 02:07, Bryce Harrington a écrit :
> Hi Sylvain, do I understand properly that the patch in comment #11 is
> the correct one to take, rather than the one in comment #8?
>
> ** Changed in: libdvdnav (Ubuntu)
> Status: Confirmed => Triaged
>
> ** Changed in: libdvdnav (Ubuntu)
> Assignee: (unassigned) => Bryce Harrington (bryce)
>

Elijah Lynn (elijah-lynn) wrote :

How do I apply this patch?

and

Will future updates wipe this patch out?

drewp (drewp) wrote :

Elijah, here is what I did:

First, have checkinstall and libdvdread-dev installed.

cd /tmp
apt-get source libdvdnav
wget https://bugs.launchpad.net/ubuntu/+source/libdvdnav/+bug/934471/+attachment/3055259/+files/libdvdnav-searching.c-check-cellnr-before-indexing.patch
patch -p1 < libdvdnav-searching.c-check-cellnr-before-indexing.patch
./configure2
sudo checkinstall
[enter a few times until the install runs]

But this installed libdvdnav, which will coexists with libdvdnav4, so I did this too:
sudo dpkg -r --force-depends libdvdnav4

HTH

Elijah Lynn (elijah-lynn) wrote :

Thanks Drew, I will give that a try.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libdvdnav - 4.2.0-1ubuntu1

---------------
libdvdnav (4.2.0-1ubuntu1) quantal; urgency=low

  * Add 100-check-cellnr.patch: Check for new row being 0. Fixes issue
    where VLC (and Totem) crashes in dvdnav_describe_title_chapters().
    (LP: #934471)
 -- Bryce Harrington <email address hidden> Thu, 17 May 2012 18:32:28 -0700

Changed in libdvdnav (Ubuntu):
status: Triaged → Fix Released
Bryce Harrington (bryce) on 2013-03-18
Changed in libdvdnav (Ubuntu Precise):
assignee: nobody → Bryce Harrington (bryce)
Benjamin Drung (bdrung) wrote :

Is bug #1094499 a duplicate of this bug? If so, libdvdnav 4.2.0+20121016-1 is affected by this bug.

Bryce Harrington (bryce) wrote :

@bdrung, the stack traces look awfully similar, but no looks like a different issue. bug #1094499 crashes a bit earlier in the code than this one, and looks like it's an invalid pgc pointer (at least, pgc=0x25 doesn't look like a proper memory address).

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libdvdnav (Ubuntu Precise):
status: New → Confirmed
Benjamin Drung (bdrung) on 2013-07-19
Changed in libdvdnav (Ubuntu Precise):
status: Confirmed → Fix Committed
Bryce Harrington (bryce) on 2013-08-02
description: updated

Hello Ingo, or anyone else affected,

Accepted libdvdnav into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libdvdnav/4.2.0-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed

The fix for this bug has been awaiting testing feedback in the -proposed repository for precise for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

tags: added: removal-candidate
Chris Halse Rogers (raof) wrote :

This is blocking the release of the fix for https://bugs.launchpad.net/ubuntu/+source/libdvdnav/+bug/1094499 . If you are affected by this bug, please test.

tags: added: verification-done
removed: verification-needed

The verification of the Stable Release Update for libdvdnav has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libdvdnav - 4.2.0-1ubuntu0.1

---------------
libdvdnav (4.2.0-1ubuntu0.1) precise-proposed; urgency=low

  * debian/patches/03-check-cellnr.patch: Check for new row being 0. Fixes
    issue where VLC (and Totem) crashes in dvdnav_describe_title_chapters().
    Thanks to Bryce Harrington <email address hidden>. (LP: #934471)
  * debian/patches/04-Make-sure-pgc-is-valid.patch,
    debian/patches/05-Ignore-parts-where-the-pgc-start-byte-is-wrong.patch,
    debian/patches/06-Skip-PGCs-w-a-cell-number-of-0.patch: Validate PGC values
    before accessing them to avoid causing a crash.
  * debian/patches/07-pgcn-bounds.patch: Check for out-of-bounds values for
    pgcn. Fixes a crash in dvdnav_describe_title_chapters() with vlc, lsdvd, and
    other video players. This occurs with the "Inside Man" DVD. Thanks to Bryce
    Harrington <email address hidden>. (LP: #1094499)
 -- Benjamin Drung <email address hidden> Sat, 20 Jul 2013 00:46:43 +0200

Changed in libdvdnav (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers