#8 lsdvd crashes on new Thor DVD -- valgrind and gdb output

open
nobody
None
5
2014-09-25
2011-09-24
Elijah Newren
No

If I stick one of the new 'Thor' DVDs (rented from RedBox) into my laptop and run lsdvd, I get a segfault. valgrind/gdb/lsdvd output:

$ valgrind --tool=memcheck --db-attach=yes lsdvd
==3135== Memcheck, a memory error detector
==3135== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==3135== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==3135== Command: lsdvd
==3135==
libdvdread: Using libdvdcss version 1.2.10 for DVD access
==3135== Warning: noted but unhandled ioctl 0x5390 with no size/direction hints
==3135== This could cause spurious value errors to appear.
==3135== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
==3135== Warning: noted but unhandled ioctl 0x5392 with no size/direction hints
==3135== This could cause spurious value errors to appear.
==3135== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
==3135== Warning: noted but unhandled ioctl 0x5392 with no size/direction hints
==3135== This could cause spurious value errors to appear.
==3135== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper.
Please send bug report - no VTS_TMAPT ??
==3135== Invalid read of size 2
==3135== at 0x400EC0: main (lsdvd.c:291)
==3135== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==3135==
==3135==
==3135== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- y
==3135== starting debugger with cmd: /usr/bin/gdb -nw /proc/3136/fd/1014 3136
GNU gdb (GDB) Fedora (7.3-43.fc15)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /proc/3136/fd/1014...Reading symbols from /usr/lib/debug/usr/bin/lsdvd.debug...done.
done.
Attaching to program: /proc/3136/fd/1014, process 3136
Reading symbols from /usr/lib64/valgrind/vgpreload_core-amd64-linux.so...done.
Loaded symbols for /usr/lib64/valgrind/vgpreload_core-amd64-linux.so
Reading symbols from /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so...done.
Loaded symbols for /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
Reading symbols from /usr/lib64/libdvdread.so.4...Reading symbols from /usr/lib/debug/usr/lib64/libdvdread.so.4.1.4.debug...done.
done.
Loaded symbols for /usr/lib64/libdvdread.so.4
Reading symbols from /lib64/libc.so.6...Reading symbols from /usr/lib/debug/lib64/libc-2.14.so.debug...done.
done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/libdl.so.2...Reading symbols from /usr/lib/debug/lib64/libdl-2.14.so.debug...done.
done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib64/ld-2.14.so.debug...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libdvdcss.so.2...Reading symbols from /usr/lib/debug/usr/lib64/libdvdcss.so.2.1.0.debug...done.
done.
Loaded symbols for /usr/lib64/libdvdcss.so.2
Reading symbols from /lib64/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib64/libnss_files-2.14.so.debug...done.
done.
Loaded symbols for /lib64/libnss_files.so.2
main (argc=<optimized out>, argv=<optimized out>) at lsdvd.c:291
291 ifo = (ifo_handle_t **)malloc((ifo_zero->vts_atrt->nr_of_vtss + 1) * sizeof(ifo_handle_t *));
(gdb) info locals
title = "\256\376\377\376\a\000\000\000\320\070@", '\000' <repeats 13 times>, "\023\v@\000\000\000\000", <incomplete sequence \343>
dvd = 0x4e4bbb0
ifo_zero = 0x4e4bc20
ifo = <optimized out>
vts_pgcit = <optimized out>
vtsi_mat = <optimized out>
vmgi_mat = <optimized out>
audio_attr = <optimized out>
video_attr = <optimized out>
subp_attr = <optimized out>
pgc = <optimized out>
i = <optimized out>
j = <optimized out>
c = <optimized out>
titles = <optimized out>
cell = <optimized out>
lang_code = "\t\000"
dvd_device = 0x403b59 "/dev/dvd"
has_title = 0
ret = <optimized out>
max_length = 0
max_track = 0
dvd_stat = {st_dev = 5, st_ino = 23, st_nlink = 1, st_mode = 25008, st_uid = 0, st_gid = 11, __pad0 = 0, st_rdev = 2816,
st_size = 0, st_blksize = 4096, st_blocks = 0, st_atim = {tv_sec = 1316833092, tv_nsec = 472999017}, st_mtim = {
tv_sec = 1316833087, tv_nsec = 70999017}, st_ctim = {tv_sec = 1316833087, tv_nsec = 73999017}, __unused = {0, 0, 0}}
dvd_info = {discinfo = {device = 0x0, disc_title = 0x100000000 <Address 0x100000000 out of bounds>, vmg_id = 0x0,
provider_id = 0x400758 "__libc_start_main"}, title_count = -181053768, titles = 0x3bf528f580, longest_track = 0}
(gdb) list
286 if ( !ifo_zero ) {
287 fprintf( stderr, "Can't open main ifo!\n");
288 return 3;
289 }
290
291 ifo = (ifo_handle_t **)malloc((ifo_zero->vts_atrt->nr_of_vtss + 1) * sizeof(ifo_handle_t *));
292
293 for (i=1; i <= ifo_zero->vts_atrt->nr_of_vtss; i++) {
294 ifo[i] = ifoOpen(dvd, i);
295 if ( !ifo[i] ) {
(gdb) p ifo_zero
$1 = (ifo_handle_t *) 0x4e4bc20
(gdb) p ifo_zero->vts_atrt
$2 = (vts_atrt_t *) 0x0
(gdb)

Discussion

  • Steve Dibb
    Steve Dibb
    2014-09-25

    Probably choking on a bad IFO. Can you post full output of lsdvd -x /dev/dvd for me?

    Thanks