Bug 169698

Summary: multimedia/libdvdnav 4.2.0 ignores WITH_DEBUG and segfaults with some discs
Product: Ports & Packages Reporter: Fabian Keil <fk>
Component: Individual Port(s)Assignee: Ganael LAPLANCHE <martymac>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Fabian Keil 2012-07-07 16:20:08 UTC 
Some discs can cause multimedia/libdvdnav 4.2.0 to segfault in dvdnav_describe_title_chapters():

(gdb) where
#0  0x0000000802a17956 in dvdnav_describe_title_chapters (this=0x80d90be00, title=35, times=0x7fffff7f9a90, duration=0x7fffff7f9a98)
    at /usr/obj-ports/usr/ports/multimedia/libdvdnav/work/libdvdnav-4.2.0/src/searching.c:633
#1  0x0000000802806b06 in DemuxTitles (p_demux=<optimized out>) at dvdnav.c:1005
#2  Open (p_this=<optimized out>) at dvdnav.c:320
#3  0x0000000800ad5528 in generic_start (func=0x8028060c0, ap=0x7fffff7f9bc0) at modules/modules.c:413
#4  0x0000000800ad50ff in vlc_module_load (p_this=0x80d81b158, psz_capability=0x800b1582c "access_demux", psz_name=0x80d810068 "dvd", b_strict=true,
    probe=0x800ad54b0 <generic_start>) at modules/modules.c:342
#5  0x0000000800ad55ef in module_need (obj=0x80d81b158, cap=0x800b1582c "access_demux", name=0x80d810068 "dvd", strict=true) at modules/modules.c:428
#6  0x0000000800a83dbb in demux_New (p_obj=0x806428078, p_parent_input=0x806428078, psz_access=0x80d851040 "dvd", psz_demux=0x800b17349 "",
    psz_location=0x80d851046 "/dev/cd0", s=0x0, out=0x80d812040, b_quick=false) at input/demux.c:194
#7  0x0000000800a99b90 in InputSourceInit (p_input=0x806428078, in=0x80642b8b0, psz_mrl=0x80ae21340 "dvd:///dev/cd0", psz_forced_demux=0x0, b_in_can_fail=false)
    at input/input.c:2391
#8  0x0000000800a96730 in Init (p_input=0x806428078) at input/input.c:1237
#9  0x0000000800a93ed5 in Run (obj=0x806428078) at input/input.c:539
#10 0x00000008016d59f9 in thread_start (curthread=0x806454400) at /usr/src/lib/libthr/thread/thr_create.c:284
#11 0x0000000000000000 in ?? ()
(gdb) f 0
#0  0x0000000802a17956 in dvdnav_describe_title_chapters (this=0x80d90be00, title=35, times=0x7fffff7f9a90, duration=0x7fffff7f9a98)
    at /usr/obj-ports/usr/ports/multimedia/libdvdnav/work/libdvdnav-4.2.0/src/searching.c:633
633           if(!(cell->block_type == BLOCK_TYPE_ANGLE_BLOCK &&
(gdb) p cell->block_type
Cannot access memory at address 0x200d812838
[...]
(gdb) p cellnr
$5 = 0

The port also ignores WITH_DEBUG which doesn't help when analyzing core dumps.

Fix: The attached update to 4.2.0_1 contains an upstream patch from
Erik Hovland that fixes the problem. It also lets the port honor
WITH_DEBUG in case of crashes in the future.

Patch attached with submission follows:
How-To-Repeat: Open the first disc of Grey's Anatomy Season 2 RC2 with VLC 2.1.

The "current" VLC version in the ports isn't affected,
I assume it doesn't use dvdnav_describe_title_chapters()
yet, but didn't investigate this.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2012-07-07 16:21:22 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->martymac

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2012-08-01 13:40:47 UTC 
Author: martymac
Date: Wed Aug  1 12:40:29 2012
New Revision: 301826
URL: http://svn.freebsd.org/changeset/ports/301826

Log:
  - Add DEBUG option [1]
  - Fix crash with some discs [1]
  - Un-version LIB_DEPENDS
  
  PR:	ports/169698 [1]
  Submitted by:	Fabian Keil <fk@fabiankeil.de> [1]

Added:
  head/multimedia/libdvdnav/files/patch-src-searching.c   (contents, props changed)
Modified:
  head/multimedia/libdvdnav/Makefile   (contents, props changed)

Modified: head/multimedia/libdvdnav/Makefile
==============================================================================
--- head/multimedia/libdvdnav/Makefile	Wed Aug  1 12:26:01 2012	(r301825)
+++ head/multimedia/libdvdnav/Makefile	Wed Aug  1 12:40:29 2012	(r301826)
@@ -7,6 +7,7 @@
 
 PORTNAME=	libdvdnav
 PORTVERSION=	4.2.0
+PORTREVISION=	1
 CATEGORIES=	multimedia
 # Svn repository URL : svn://svn.mplayerhq.hu/dvdnav/trunk/libdvdnav
 MASTER_SITES=	http://dvdnav.mplayerhq.hu/releases/ \
@@ -18,7 +19,7 @@ COMMENT=	MPlayer version of the libdvdna
 
 LICENSE=	GPLv2
 
-LIB_DEPENDS=	dvdread.4:${PORTSDIR}/multimedia/libdvdread
+LIB_DEPENDS=	dvdread:${PORTSDIR}/multimedia/libdvdread
 
 USE_BZIP2=	yes
 HAS_CONFIGURE=	yes
@@ -29,14 +30,23 @@ CONFIGURE_ARGS=	--prefix="${PREFIX}" \
 		--shlibdir="${PREFIX}/lib" \
 		--incdir="${PREFIX}/include/dvdnav" \
 		--disable-opts \
-		--disable-debug \
 		--cc="${CC}"
 USE_GMAKE=	yes
 CONFLICTS=	libdvdnav-mplayer-[0-9]*
 USE_LDCONFIG=	yes
 
+OPTIONS_DEFINE=	DEBUG
+
+.include <bsd.port.pre.mk>
+
+.if ${PORT_OPTIONS:MDEBUG}
+CONFIGURE_ARGS+=	--enable-debug --disable-strip
+.else
+CONFIGURE_ARGS+=	--disable-debug
+.endif
+
 post-patch:
 	@${REINPLACE_CMD} -e 's|^threadlib="-lpthread"|threadlib="${PTHREAD_LIBS}"|g' \
 		${WRKSRC}/configure2
 
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>

Added: head/multimedia/libdvdnav/files/patch-src-searching.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/multimedia/libdvdnav/files/patch-src-searching.c	Wed Aug  1 12:40:29 2012	(r301826)
@@ -0,0 +1,43 @@
+From 49c67ccf88c688e0e0e9e3b04f651b12c7d7f7f3 Mon Sep 17 00:00:00 2001
+From: Erik Hovland <erik@hovland.org>
+Date: Mon, 16 Apr 2012 14:56:43 -0700
+Subject: [PATCH] Check cell new row before using it to index into
+ cell_playback
+
+cellnr is used to index into cell_playback after subtracting
+one from it. If cellnr is 0, then it will index -1 in cell_playback
+which will seek out of boundary of cell_playback. This manifested into a
+segfault for some users as reported by this launchpad bug:
+https://bugs.launchpad.net/ubuntu/+source/libdvdnav/+bug/934471
+
+By checking cellnr and skipping the indexing if cellnr is equal to zero
+then we avoid the segfault. There might be a bigger issue w/ regard to
+retrieving a value of zero for cell new row, but this fix works for the
+reporter.
+
+Thanks goes to Sylvain Henry (hsyl20 AT gmail DOT com for both
+reporting the bug to launchpad and submitting a potential patch (even
+though we went w/ a different fix).
+---
+ src/searching.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/searching.c b/src/searching.c
+index 3649e9d..0b5f22a 100644
+--- src/searching.c
++++ src/searching.c
+@@ -640,7 +640,11 @@ uint32_t dvdnav_describe_title_chapters(dvdnav_t *this, int32_t title, uint64_t
+       goto fail;
+     }
+ 
+-    cellnr = pgc->program_map[ptt[i].pgn-1];
++    if ((cellnr = pgc->program_map[ptt[i].pgn-1]) == 0) {
++      printerr("Cell new row cannot be 0");
++      continue;
++    }
++
+     if(ptt[i].pgn < pgc->nr_of_programs)
+       endcellnr = pgc->program_map[ptt[i].pgn];
+     else
+-- 
+1.7.10.3
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Ganael LAPLANCHE freebsd_committer freebsd_triage 2012-08-01 13:46:23 UTC 
State Changed
From-To: open->closed

Committed with minor changes, thanks!