Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#13264 closed Bug Report - Crash (fixed)

Crash (abort) in MythSocket::ResetReal

Reported by: Gary Buhrmaster Owned by: David Hampton <mythtv@…>
Priority: minor Milestone: 29.2
Component: MythTV - General Version: Master Head
Severity: medium Keywords: gcc8
Cc: Ticket locked: no

Description

In libmythbase mythsocket.cpp MythSocket::ResetReal? there can be cases where there are no bytes to available to read, so the vector is never resized to greater than zero, which results in an abort when referencing the 1st (non-existant) element which is now checked by gcc8 (libstdc++).

The abort was originally reported on the -users list when trying to playback video.

There are a couple of approaches to avoid referencing a non-existant element. My proposed patch just checks if there is going to be any bytes to read and skips any resizing and reading if not (skips some minor amount of work to do nothing anyway).

If the proposed patch is accepted, the fix should likely be backported to any currently supported release.

Proposed patch: 

diff --git a/mythtv/libs/libmythbase/mythsocket.cpp b/mythtv/libs/libmythbase/mythsocket.cpp
index 63f10b5331..bed0172cad 100644
--- a/mythtv/libs/libmythbase/mythsocket.cpp
+++ b/mythtv/libs/libmythbase/mythsocket.cpp
@@ -1003,8 +1003,11 @@ void MythSocket::ResetReal(void)
     do
     {
         uint avail = m_tcpSocket->bytesAvailable();
-        trash.resize(max((uint)trash.size(),avail));
-        m_tcpSocket->read(&trash[0], avail);
+        if (avail)
+        {
+            trash.resize(max((uint)trash.size(),avail));
+            m_tcpSocket->read(&trash[0], avail);
+        }
 
         LOG(VB_NETWORK, LOG_INFO, LOC + "Reset() " +
             QString("%1 bytes available").arg(avail));

Change History (8)

comment:1 Changed 6 years ago by Gary Buhrmaster

FWIW: related (by gcc8 changes for involving the improved AddressSanitizer?) to #13263

comment:2 Changed 6 years ago by David Hampton <mythtv@…>

Owner: set to David Hampton <mythtv@…>
Resolution: fixed
Status: newclosed

In 1f78097f0/mythtv:

Fix crash (abort) in MythSocket::ResetReal?

In libmythbase mythsocket.cpp MythSocket::ResetReal? there can be cases
where there are no bytes to available to read, so the vector is never
resized to greater than zero, which results in an abort when
referencing the 1st (non-existant) element which is now checked by
gcc8 (libstdc++).

Patch from Gary Buhrmaster, fixes #13264.

comment:3 Changed 6 years ago by David Hampton <mythtv@…>

In 81d2fb020f/mythtv:

Fix crash (abort) in MythSocket::ResetReal?

In libmythbase mythsocket.cpp MythSocket::ResetReal? there can be cases
where there are no bytes to available to read, so the vector is never
resized to greater than zero, which results in an abort when
referencing the 1st (non-existant) element which is now checked by
gcc8 (libstdc++).

Patch from Gary Buhrmaster, fixes #13264.

(cherry picked from commit 1f78097f0cef0ca15e1b7eee4e94fd17ca3b07b7)

comment:4 Changed 6 years ago by David Hampton <mythtv@…>

In bd456a26eb/mythtv:

Fix crash (abort) in MythSocket::ResetReal?

In libmythbase mythsocket.cpp MythSocket::ResetReal? there can be cases
where there are no bytes to available to read, so the vector is never
resized to greater than zero, which results in an abort when
referencing the 1st (non-existant) element which is now checked by
gcc8 (libstdc++).

Patch from Gary Buhrmaster, fixes #13264.

(cherry picked from commit 1f78097f0cef0ca15e1b7eee4e94fd17ca3b07b7)

comment:5 Changed 6 years ago by Stuart Auchterlonie

Milestone: unknown29.2

comment:6 Changed 6 years ago by David Hampton <mythtv@…>

In bd456a26eb/mythtv:

Fix crash (abort) in MythSocket::ResetReal?

In libmythbase mythsocket.cpp MythSocket::ResetReal? there can be cases
where there are no bytes to available to read, so the vector is never
resized to greater than zero, which results in an abort when
referencing the 1st (non-existant) element which is now checked by
gcc8 (libstdc++).

Patch from Gary Buhrmaster, fixes #13264.

(cherry picked from commit 1f78097f0cef0ca15e1b7eee4e94fd17ca3b07b7)

comment:7 Changed 6 years ago by David Hampton <mythtv@…>

In 81d2fb020f/mythtv:

Fix crash (abort) in MythSocket::ResetReal?

In libmythbase mythsocket.cpp MythSocket::ResetReal? there can be cases
where there are no bytes to available to read, so the vector is never
resized to greater than zero, which results in an abort when
referencing the 1st (non-existant) element which is now checked by
gcc8 (libstdc++).

Patch from Gary Buhrmaster, fixes #13264.

(cherry picked from commit 1f78097f0cef0ca15e1b7eee4e94fd17ca3b07b7)

comment:8 Changed 6 years ago by David Hampton <mythtv@…>

In 1f78097f0/mythtv:

Fix crash (abort) in MythSocket::ResetReal?

In libmythbase mythsocket.cpp MythSocket::ResetReal? there can be cases
where there are no bytes to available to read, so the vector is never
resized to greater than zero, which results in an abort when
referencing the 1st (non-existant) element which is now checked by
gcc8 (libstdc++).

Patch from Gary Buhrmaster, fixes #13264.

Note: See TracTickets for help on using tickets.