# HG changeset patch
# User rathann
# Date 1386196817 0
# Node ID 23d412d59d6280a848a2cc6aae12187700ca34bc
# Parent  9f5802d2767a23ab7c26a9a4fa60d7f3d6b75094
Abort when PTT search table has zero entries

The static analyzer from LLVM/Clang 1:3.4~svn194079-1 reports a possible
allocation of size 0 in `libdvdread/src/ifo_read.c`.

        $ scan-build -o scan-build make
        $ scan-view scan-build/2013-11-18-155601-16168-1

When `vts_ptt_srpt->nr_of_srpts` is zero the allocation size is zero.

        vts_ptt_srpt->title = malloc(vts_ptt_srpt->nr_of_srpts * sizeof(ttu_t));

The manual of the function `malloc` writes the following.

        If size is 0, then malloc() returns either NULL, or a unique
        pointer value that can later be successfully passed to free().

So check for 0 and, if it is, abort by going to the label `fail`.

Patch by Paul Menzel <paulepanter AT users DOT sourceforge DOT net>

diff -r 9f5802d2767a -r 23d412d59d62 ifo_read.c
--- a/ifo_read.c	Mon Nov 18 23:43:16 2013 +0000
+++ b/ifo_read.c	Wed Dec 04 22:40:17 2013 +0000
@@ -1186,6 +1186,12 @@
     fprintf(stderr, "libdvdread: PTT search table too small.\n");
     goto fail;
   }
+
+  if(vts_ptt_srpt->nr_of_srpts == 0) {
+    fprintf(stderr, "libdvdread: Zero entries in PTT search table.\n");
+    goto fail;
+  }
+
   for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) {
     /* Transformers 3 has PTT start bytes that point outside the SRPT PTT */
     uint32_t start = data[i];