Opened 9 years ago
Closed 9 years ago
Last modified 9 years ago
#12339 closed Bug Report - General (fixed)
708decoder crashes on specific data:
Reported by: | Owned by: | Jim Stichnoth | |
---|---|---|---|
Priority: | minor | Milestone: | 0.28 |
Component: | MythTV - Captions | Version: | Master Head |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
Hi guys, i recently found a problem in EIA708 decoder implementation, causing my programm to crash, please take a look at source code.
cc708decoder.cpp line 503 static int handle_cc_c2(CC708Reader* cc, uint service_num, int i) {
const int blk_size = cc->buf_size[service_num]; const int code = cc->buf[service_num][i+1];
so it accessing buffer at position i+1, while that function used as follows:
cc708decoder.cpp line 330
C2 code -- nothing in EIA-708-A
i = handle_cc_c2(cc, service_num, i+1);
For example handle_cc_c3 works fine, there is no extra i+1 in callee function
This looks like off by one issue, in my environment array was out of bound, cinse i've used stl vector instead of c++ arrays, probably dueto way of allocation buffer there never a crash in original code, but rather some inconsistence.
I'm attaching 708 data file that consist of 3*X bytes of CEA708 data. You can use it to check issue, if to feed decoder with type byte right shifted by 3
Attachments (1)
Change History (4)
Changed 9 years ago by
Attachment: | video_track_with_cc.708 added |
---|
comment:1 Changed 9 years ago by
Component: | MythTV - General → MythTV - Captions |
---|---|
Milestone: | unknown → 0.27.5 |
Owner: | set to Jim Stichnoth |
Priority: | major → minor |
Status: | new → accepted |
comment:2 Changed 9 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
comment:3 Changed 9 years ago by
Milestone: | 0.27.5 → 0.28 |
---|
I played about 12 hours of recordings from various TV stations, but none of them ever caused the handle_cc_c2() function to be called. Nonetheless, I agree that this does look like a legitimate bug. We can backport to 0.27 if anyone finds a video sample showing the problem.
In 01adb0e5c1df0f5969727da5309e18a6fe649c4b/mythtv: