Opened 14 years ago

Closed 14 years ago

#256 closed defect (fixed)

Patch for osdsurface memory corruption

Reported by: shrybman@… Owned by: Isaac Richards
Priority: minor Milestone: unknown
Component: mythtv Version:
Severity: medium Keywords:
Cc: Ticket locked: no

Description

This patch fixes memory corruption due to memsetting off the end of the array. I suspect it was the cause of this backtrace:

(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb6916921 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xb691827b in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xb694cf77 in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4  0xb6953597 in malloc_usable_size () from /lib/tls/i686/cmov/libc.so.6
#5  0xb6953a32 in free () from /lib/tls/i686/cmov/libc.so.6
#6  0x412061c1 in operator delete () from /usr/lib/libstdc++.so.6
#7  0x4120621c in operator delete[] () from /usr/lib/libstdc++.so.6
#8  0xb7c4e307 in ~OSDSurface (this=0x9a9f170) at osdsurface.cpp:80
#9  0xb7c28879 in ~OSD (this=0x92b8e98) at osd.cpp:104
#10 0xb7bead58 in ~NuppelVideoPlayer (this=0x90fe518)
    at NuppelVideoPlayer.cpp:229
#11 0xb7bc0ff8 in TV::TeardownPlayer (this=0x9014220) at tv_play.cpp:1153
#12 0xb7bbfc5b in TV::StopStuff (this=0x9014220, stopRingBuffers=true, 
    stopPlayers=true, stopRecorders=false) at tv_play.cpp:1038
#13 0xb7bbe7ba in TV::HandleStateChange (this=0x9014220) at tv_play.cpp:824
#14 0xb7bc1736 in TV::RunTV (this=0x9014220) at tv_play.cpp:1254
#15 0xb7bc1217 in TV::EventThread (param=0x9014220) at tv_play.cpp:1199
#16 0xb6a4fe40 in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#17 0xb69be60e in clone () from /lib/tls/i686/cmov/libc.so.6

I am not 100% sure this is the correct fix, but it does seem to work well.

Regards,

Shane

Attachments (1)

osdsurface.buf.overrun.diff (864 bytes) - added by shane 14 years ago.
osdsurface.cpp patch

Download all attachments as: .zip

Change History (2)

Changed 14 years ago by shane

Attachment: osdsurface.buf.overrun.diff added

osdsurface.cpp patch

comment:1 Changed 14 years ago by Isaac Richards

Resolution: fixed
Status: newclosed

Should be fixed by [7126].

Note: See TracTickets for help on using tickets.