| 2011-11-23 22:17:49 |
rickyrockrat |
bug |
|
|
added bug |
| 2011-11-23 22:17:49 |
rickyrockrat |
attachment added |
|
Fix out of array pointer access. https://bugs.launchpad.net/bugs/894170/+attachment/2606470/+files/libdvdread-4.1.3.ifoRead_TT_SRPT.pointerfix.patch |
|
| 2011-11-24 00:16:33 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
| 2011-11-24 00:16:34 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
| 2011-12-08 21:12:58 |
Bryce Harrington |
libdvdread (Ubuntu): importance |
Undecided |
High |
|
| 2011-12-08 21:12:58 |
Bryce Harrington |
libdvdread (Ubuntu): status |
New |
Triaged |
|
| 2011-12-14 04:06:18 |
Bryce Harrington |
attachment added |
|
THE_EXPRESS.log https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+attachment/2632375/+files/THE_EXPRESS.log |
|
| 2011-12-14 10:52:00 |
Bryce Harrington |
attachment added |
|
THE_EXPRESS.2.log https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+attachment/2632797/+files/THE_EXPRESS.2.log |
|
| 2011-12-14 11:00:12 |
Launchpad Janitor |
libdvdread (Ubuntu): status |
Triaged |
Fix Released |
|
| 2011-12-14 11:15:40 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/libdvdread |
|
| 2012-05-05 11:06:09 |
Stefano Rivera |
nominated for series |
|
Ubuntu Natty |
|
| 2012-05-05 11:06:09 |
Stefano Rivera |
bug task added |
|
libdvdread (Ubuntu Natty) |
|
| 2012-05-05 11:06:09 |
Stefano Rivera |
nominated for series |
|
Ubuntu Oneiric |
|
| 2012-05-05 11:06:09 |
Stefano Rivera |
bug task added |
|
libdvdread (Ubuntu Oneiric) |
|
| 2012-05-05 11:41:50 |
Vibhav Pant |
libdvdread (Ubuntu Oneiric): assignee |
|
Vibhav Pant (vibhavp) |
|
| 2012-05-05 11:42:12 |
Vibhav Pant |
attachment added |
|
libdvdread_4.1.3-10ubuntu4.2.debdiff https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+attachment/3131631/+files/libdvdread_4.1.3-10ubuntu4.2.debdiff |
|
| 2012-05-05 11:42:31 |
Vibhav Pant |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2012-05-09 23:46:25 |
Tyler Hicks |
libdvdread (Ubuntu Oneiric): status |
New |
Invalid |
|
| 2012-05-09 23:46:31 |
Tyler Hicks |
libdvdread (Ubuntu Oneiric): status |
Invalid |
Incomplete |
|
| 2012-05-09 23:46:40 |
Tyler Hicks |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
| 2012-05-10 17:02:53 |
Vibhav Pant |
attachment added |
|
Revised Debdiff https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+attachment/3140244/+files/libdvdread_4.1.3-10ubuntu4.2.debdiff |
|
| 2012-05-10 17:09:14 |
Vibhav Pant |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
| 2012-05-16 12:43:37 |
Marc Deslauriers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2012-05-16 12:43:59 |
Marc Deslauriers |
libdvdread (Ubuntu Oneiric): status |
Incomplete |
Confirmed |
|
| 2012-05-17 04:26:59 |
Bryce Harrington |
description |
On
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file ifo_read.c, function ifoRead_TT_SRPT, where a structure array is allocated, but another variable, extracted from the DVD info determines the lenght of the array, resulting in read/writes beyond the array. I truncate the read, but perhaps a better solution would be to expand the malloc to include the data off the DVD. I believe that, however could lead to out of memory errors if the DVD data was bad/invalid.
With the applied patch, dvdbackup no longer segfaults. |
[Impact]
<fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
[Development Fix]
<fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
[Stable Fix]
<fill me in by pointing out a minimal patch applicable to the stable version of the package.>
[Text Case]
<fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.>
1.
2.
3.
Broken Behavior:
Fixed Behavior:
[Regression Potential]
<fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.>
[Original Report]On
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file ifo_read.c, function ifoRead_TT_SRPT, where a structure array is allocated, but another variable, extracted from the DVD info determines the lenght of the array, resulting in read/writes beyond the array. I truncate the read, but perhaps a better solution would be to expand the malloc to include the data off the DVD. I believe that, however could lead to out of memory errors if the DVD data was bad/invalid.
With the applied patch, dvdbackup no longer segfaults. |
|
| 2012-05-17 23:42:52 |
Bryce Harrington |
description |
[Impact]
<fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
[Development Fix]
<fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
[Stable Fix]
<fill me in by pointing out a minimal patch applicable to the stable version of the package.>
[Text Case]
<fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.>
1.
2.
3.
Broken Behavior:
Fixed Behavior:
[Regression Potential]
<fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.>
[Original Report]On
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file ifo_read.c, function ifoRead_TT_SRPT, where a structure array is allocated, but another variable, extracted from the DVD info determines the lenght of the array, resulting in read/writes beyond the array. I truncate the read, but perhaps a better solution would be to expand the malloc to include the data off the DVD. I believe that, however could lead to out of memory errors if the DVD data was bad/invalid.
With the applied patch, dvdbackup no longer segfaults. |
SRU Request:
Impact: Oneiric cannot read certain dvds, including "The Express".
Development fix: This is fixed in Precise with the minimal patch provided in this bug.
Stable fix: An identical minimal patch has been applied to the Oneiric package
Test Case: Unfortunately, someone needs to try playing the "The Express" DVD to test this updated package
Regression potential: Although unlikely, this patch may prevent other DVDs from playing, in which case the patch can be backed out.
Description: Ubuntu 11.04
Release: 11.04
When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
*** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***
Using Valgrind, I was able to track down the culprit, in the file ifo_read.c, function ifoRead_TT_SRPT, where a structure array is allocated, but another variable, extracted from the DVD info determines the lenght of the array, resulting in read/writes beyond the array. I truncate the read, but perhaps a better solution would be to expand the malloc to include the data off the DVD. I believe that, however could lead to out of memory errors if the DVD data was bad/invalid.
With the applied patch, dvdbackup no longer segfaults. |
|
| 2012-05-17 23:42:57 |
Bryce Harrington |
libdvdread (Ubuntu Natty): status |
New |
Won't Fix |
|
| 2012-05-17 23:43:00 |
Bryce Harrington |
libdvdread (Ubuntu Oneiric): status |
Confirmed |
Fix Committed |
|
| 2012-05-17 23:43:04 |
Bryce Harrington |
libdvdread (Ubuntu Oneiric): importance |
Undecided |
High |
|
| 2012-05-17 23:51:19 |
Bryce Harrington |
removed subscriber Ubuntu Sponsors Team |
|
|
|
| 2012-05-18 08:13:34 |
Martin Pitt |
bug |
|
|
added subscriber SRU Verification |
| 2012-05-18 08:13:41 |
Martin Pitt |
tags |
patch |
patch verification-needed |
|
| 2012-05-18 08:46:29 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/oneiric-proposed/libdvdread |
|
| 2012-11-16 00:27:55 |
Brian Murray |
tags |
patch verification-needed |
patch removal-candidate verification-needed |
|
| 2012-11-30 20:14:55 |
Brian Murray |
tags |
patch removal-candidate verification-needed |
patch removal-candidate |
|
| 2012-11-30 20:14:56 |
Brian Murray |
tags |
patch removal-candidate |
patch |
|
| 2012-11-30 20:15:15 |
Brian Murray |
libdvdread (Ubuntu Oneiric): status |
Fix Committed |
Triaged |
|
| 2014-12-03 09:21:57 |
Rolf Leggewie |
libdvdread (Ubuntu Oneiric): status |
Triaged |
Won't Fix |
|
