[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libcdio-devel] buffer overflow/memory corruption in udf_readdir()

From: Pete Batard
Subject: Re: [Libcdio-devel] buffer overflow/memory corruption in udf_readdir()
Date: Tue, 17 Jan 2012 17:04:08 +0000
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20111105 Thunderbird/8.0

On 2012.01.17 15:43, Rocky Bernstein wrote:
Oh, I forgot to ask -- are we sure this is a bug in libcdio? It is possible
that it was valid at the time it was written for an earlier UDF standard.

Well, the first thing is that the reuse of udf_dirent_t on memcopy without checking the size looks a bit dodgy to me.

Then, nearly all of the UDF images I tried from the MSDN (about 4 of 5 of them) manifested the issue, so either Microsoft has a really buggy UDF image creation software, or libcdio has a bug. Also there should not be any form of copy protection on these images, as they are of course intended for internal replication and usage by MSDN subscribers.

I also believe that these are 1:1 copies of the actual UDF installation media that Microsoft sells to individual customers, so if it deviates too much from the standard, they would probably get reports.

Therefore, my bet would be on a libcdio bug.

A while back there was a UDF checker I think it was available from Sony
that dumped out UDF information and said whether something was valid UDF.
I'd be interested in knowing if what you are testing passes a UDF checker.
(A google search on UDF checkers seems to indicate there are a number
available for MS Windows).

Good idea.

I downloaded the UDF Verifier Software from Philips (see the notes at end of [1]. Registration required, but it comes as a Linux/OSX/Win/Solaris source. On Windows, it might also require wnaspi32.dll which one can get from [2]).

The tool generates a huge log with the Windows 8 preview UDF image, but the only error I got was the following:

====>        Testing uniqueness of relevant UniqueIDs.
  Error: 2 files or directories with identical UniqueID, UDF
- #0000000000000078 /"sources"/"noupgrade.txt"
- #0000000000000078 /"sources"/"peerdistai.dll"

Now, because our issue is with the udf_dirent, I don't think that having 2 files with the same UID is the cause, especially as I don't expect these files to be responsible from reading a different directory LBA.

Also, I got more than one mismatch with that image and I also didn't get this error on other images with the same problems.

> And I don't mind helping out in little ways. But others have to take > the lead on this, especially as I have no personal interest or need
> for UDF support.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]