Mercurial > libdvdread4.hg
changeset 63:46c05a214511 src
Inhibit double free of parental management information
If reading the country data fails the point to the parental
management information is not nulled out. So it is possible for
the same structure to be freed twice. To inhibit this whenever
the country data read fails the structure pointer is assigned
null. Patch submitted by Frederic Marchal, fmarchal at
perso dot be. Thanks for being patient and reworking the patch
when requested.
| author | erik |
|---|---|
| date | Sun, 30 Jan 2011 23:44:09 +0000 |
| parents | 3bc841283972 |
| children | 70c34d162e6e |
| files | ifo_read.c |
| diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ifo_read.c Sat Sep 11 15:15:43 2010 +0000 +++ b/ifo_read.c Sun Jan 30 23:44:09 2011 +0000 @@ -1325,6 +1325,9 @@ ifofile->ptl_mait = 0; return 0; } + for(i = 0; i < ptl_mait->nr_of_countries; i++) { + ptl_mait->countries[i].pf_ptl_mai = NULL; + } for(i = 0; i < ptl_mait->nr_of_countries; i++) { if(!(DVDReadBytes(ifofile->file, &ptl_mait->countries[i], PTL_MAIT_COUNTRY_SIZE))) { @@ -1357,18 +1360,21 @@ fprintf(stderr, "libdvdread: Unable to seek PTL_MAIT table.\n"); free(ptl_mait->countries); free(ptl_mait); + ifofile->ptl_mait = NULL; return 0; } info_length = (ptl_mait->nr_of_vtss + 1) * sizeof(pf_level_t); pf_temp = (uint16_t *)malloc(info_length); if(!pf_temp) { free_ptl_mait(ptl_mait, i); + ifofile->ptl_mait = NULL; return 0; } if(!(DVDReadBytes(ifofile->file, pf_temp, info_length))) { fprintf(stderr, "libdvdread: Unable to read PTL_MAIT table.\n"); free(pf_temp); free_ptl_mait(ptl_mait, i); + ifofile->ptl_mait = NULL; return 0; } for (j = 0; j < ((ptl_mait->nr_of_vtss + 1) * 8); j++) { @@ -1378,6 +1384,7 @@ if(!ptl_mait->countries[i].pf_ptl_mai) { free(pf_temp); free_ptl_mait(ptl_mait, i); + ifofile->ptl_mait = NULL; return 0; } { /* Transpose the array so we can use C indexing. */