OK, I discovered the cause of the segfault in dvdbackup[1]. It's been strangely fun :)
The manifestation:
Program received signal SIGSEGV, Segmentation fault.
0x10004cf8 in DVDGetFileSet (_dvd=0x1001cab8) at dvdbackup.c:1669
The cause:
DVDFileStatVOBUDF() keeps track of the file sizes in the local variable
"off_t parts_size[9]". It's part of libdvdread which is compiled so that
off_t is 64-bits. On line 1050 of libdvdread's dvd_reader.c, these
64-bit parts_size values are copied one at a time to the dvd_stat_t
(statbuf)'s "off_t parts_size[9]", which was allocated and passed in by
dvdbackup. dvdbackup is compiled with a 32-bit off_t (the default), so
this copying overflows and trashes the "int nr_parts" member of the
dvd_stat_t struct. Later on the nr_parts value is used to control a for
loop, but because it's been trashed and now contains a value greater
than 9 (the size of the array being copied to), the loop overruns the
array, trashing the stack then overrunning the memory space and causing
a SIGSEGV.
The solution:
Compile dvdbackup with
-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
A patch adding this to src/Makefile is attached.
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=366092
diff -ruN dvdbackup-0.1.1-orig/src/Makefile dvdbackup-0.1.1/src/Makefile --- dvdbackup-0.1.1-orig/src/Makefile 2006-05-13 14:32:21.000000000 +1000 +++ dvdbackup-0.1.1/src/Makefile 2006-05-13 14:38:23.000000000 +1000 @@ -1,6 +1,6 @@ #!/usr/bin/make -f -COPTS = -O2 -g +COPTS = -O2 -g -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CFLAGS = -Wall $(COPTS)
signature.asc
Description: OpenPGP digital signature
