[Impact]
Program segfaults when reading metadata of DVDs with invalid unicode characters.
This has been spotted with the quite popular Thor DVD, and several duplicate reports indicate it's affecting quite a few people. It's unknown if this was an accident (which would be bad enough!) or intentional (in which case we can expect more movies to be released with this flaw).
[Development Fix]
The patch is essentially scanning the upper of the two-byte code for unicode16 strings and if it has any non-zero value it blanks out the remainder of the string. In this particular case, this results in an empty string, thus causing the garbage file to be ignored.
The patch has been slightly modified from the original author's version, to clean up the code so the patch will be more maintainable.
[Stable Fix]
Oneiric and Natty carry the same version of libdvdread, so the same patch is used in both cases.
[Test Case]
1. Buy Thor DVD.
2. Install and run lsdvd.
3. Program segfaults
With the patch, step #3 produces valid output listing the contents of the DVD.
[Regression Potential]
Minor. This only affects how unicode characters in filenames on a DVD are handled, and as far as I know DVDs don't tend to use unicode. If they do use unicode, we can expect they'd use valid unicode (which this patch allows through.)
Since uploading the fix for this bug about a week ago, only one bug report has been filed against oneiric, and that bug is just a duplicate of this one.
[Original Report]
Package: libdvdread4
Version: 4.1.x and others
No error message, but symptoms are usually segfault when reading, for example the Movie DVD Thor.
This results from a new anti-copy scheme where the real video_ts.ifo is hidden. Use of the decoy video_ts.ifo results in a unplayable DVD.
Discussion is here:
http://ubuntuforums.org/showthread.php?p=11257764
Patch is here:
diff -ru libdvdread-4.1.3/src/dvd_udf.c libdvdread-4.1.3.fixed/src/dvd_udf.c
--- libdvdread-4.1.3/src/dvd_udf.c 2008-09-06 15:55:51.000000000 -0600
+++ libdvdread-4.1.3.fixed/src/dvd_udf.c 2011-09-16 14:07:04.000000000 -0600
@@ -331,21 +331,26 @@
/* This is wrong with regard to endianess */
#define GETN(p, n, target) memcpy(target,&data[p], n)
-static int Unicodedecode( uint8_t *data, int len, char *target )
+static int Unicodedecode(uint8_t *data, int len, char *target)
{
- int p = 1, i = 0;
+ len--;
+ data++;
+ if (data[-1] == 8 )
+ memcpy(target, data, len);
+ else if (data[-1] == 16) {
+ int i;
- if( ( data[ 0 ] == 8 ) || ( data[ 0 ] == 16 ) ) do {
- if( data[ 0 ] == 16 ) p++; /* Ignore MSB of unicode16 */
- if( p< len ) {
- target[ i++ ] = data[ p++ ];
+ for (i = 0; i< len; i++) {
+ if (data[i*2] == 0)
+ target[i] = data[i*2+1];
+ else
+ target[i] = 0;
}
- } while( p< len );
+ }
+ target[len] = '\0';
- target[ i ] = '\0';
return 0;
}
-
static int UDFDescriptor( uint8_t *data, uint16_t *TagID )
{
*TagID = GETN2(0);
Status changed to 'Confirmed' because the bug affects multiple users.