Commit ec45ee70 authored by Paul Menzel's avatar Paul Menzel Committed by Jean-Baptiste Kempf

Abort when PTT search table has zero entries

The static analyzer from LLVM/Clang 1:3.4~svn194079-1 reports a possible
allocation of size 0 in `libdvdread/src/ifo_read.c`.

        $ scan-build -o scan-build make
        $ scan-view scan-build/2013-11-18-155601-16168-1

When `vts_ptt_srpt->nr_of_srpts` is zero the allocation size is zero.

        vts_ptt_srpt->title = malloc(vts_ptt_srpt->nr_of_srpts * sizeof(ttu_t));

The manual of the function `malloc` writes the following.

        If size is 0, then malloc() returns either NULL, or a unique
        pointer value that can later be successfully passed to free().

So check for 0 and, if it is, abort by going to the label `fail`.
parent 4c2728ff
......@@ -1185,6 +1185,12 @@ int ifoRead_VTS_PTT_SRPT(ifo_handle_t *ifofile) {
fprintf(stderr, "libdvdread: PTT search table too small.\n");
goto fail;
if(vts_ptt_srpt->nr_of_srpts == 0) {
fprintf(stderr, "libdvdread: Zero entries in PTT search table.\n");
goto fail;
for(i = 0; i < vts_ptt_srpt->nr_of_srpts; i++) {
/* Transformers 3 has PTT start bytes that point outside the SRPT PTT */
uint32_t start = data[i];
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment