id summary reporter owner description type status priority milestone component version severity resolution keywords cc mlocked 12339 708decoder crashes on specific data: eugene.smirnov@… Jim Stichnoth "Hi guys, i recently found a problem in EIA708 decoder implementation, causing my programm to crash, please take a look at source code. cc708decoder.cpp line 503 static int handle_cc_c2(CC708Reader* cc, uint service_num, int i) { const int blk_size = cc->buf_size[service_num]; const int code = cc->buf[service_num][i+1]; so it accessing buffer at position i+1, while that function used as follows: cc708decoder.cpp line 330 // C2 code -- nothing in EIA-708-A i = handle_cc_c2(cc, service_num, i+1); For example handle_cc_c3 works fine, there is no extra i+1 in callee function This looks like off by one issue, in my environment array was out of bound, cinse i've used stl vector instead of c++ arrays, probably dueto way of allocation buffer there never a crash in original code, but rather some inconsistence. I'm attaching 708 data file that consist of 3*X bytes of CEA708 data. You can use it to check issue, if to feed decoder with type byte right shifted by 3" Bug Report - General closed minor 0.28 MythTV - Captions Master Head medium fixed 0