[packman] ldvd buffer overflow

Peter Czanik pczanik at fang.fa.gau.hu
Tue Oct 4 16:50:10 CEST 2005


Hello,
The ldvd package has a buffer overflow as well. It's in the ldvd-ls
command, when run with the '-x' option (which is used by ldvd to list
the disc).

czanik at czp:~> ldvd-ls -x
libdvdread: Using libdvdcss version 1.2.9 for DVD access
Disc Title|THE_WALL
01|Length|01:35:10|Chapters|27|Cells|27|Audio streams|03|Subpictures|04
01|VTS|04|TTN|01|FPS|25.00|Format|ldvd-ls|Aspect
ratio|16/9|Width|720|Height|576
|DF|Pan&Scan|Palette| 108080 998d31 cb8080 208080 808080 808080 808080
808080 80
8080 808080 808080 808080 808080 808080 808080 808080
01|Angles|1
*** buffer overflow detected ***: ldvd-ls terminated

So, actually ldvd does not work, due to the "-D_FORTIFY_SOURCE=2"
security parameter in /usr/lib/rpm/rpmrc CFLAGS.

Is this a problem on other platforms as well? Do you compile software
with this parameter, or I should remove it as well? Bye,
Peter

Ps: I spent the whole yesterday evening to fix (make it buildable with
y2pmbuild, by adding some additional BuildRequires) and compile packages
related to ldvd and get this message ;-)





More information about the Packman mailing list