Opened 17 years ago
Closed 16 years ago
#4097 closed defect (fixed)
Backend Segfaults after an invalid return by ProgramAssociationTable class.
| Reported by: | wleibe | Owned by: | danielk |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.21 |
| Component: | dvb | Version: | head |
| Severity: | medium | Keywords: | |
| Cc: | Ticket locked: | no |
Description
Please see the bt for the debug data.
After a review of the code I found that ProgramCount? in mpegtables.h was returning a very large number from an invalid subtraction operation. (Subtraction below zero)
I applied the patch to my code and I have not had a seg fault for 4 days. (Before the patch I would seg fault every 4 to 8 hours.)
I'm not sure of the component so I put it under mythtv.
Attachments (2)
Change History (7)
Changed 17 years ago by
| Attachment: | segfaultBT.txt added |
|---|
Changed 17 years ago by
| Attachment: | myth_segfault.diff.txt added |
|---|
comment:1 Changed 17 years ago by
| Component: | mythtv → dvb |
|---|---|
| Owner: | changed from Isaac Richards to danielk |
| Severity: | high → medium |
comment:2 Changed 16 years ago by
| Milestone: | unknown → 0.21 |
|---|---|
| Status: | new → assigned |
comment:3 Changed 16 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:4 Changed 16 years ago by
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Hello,
I was just curious about one thing. After I found this bug I also noticed that DescriptorsLength? in mpegtables.h has the same problem. Can we add the same sanity checking to this function as well?
comment:5 Changed 16 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Different problem == new ticket. BTW Please attach a "mythbackend -v record,siparser,channel" log, I'm curious as to whether we can't just enable CRC checking for your hardware and do away with the problem altogether.
Somehow the trac hook didn't catch this in [14737]..
Fixes #4097. Adds a little sanity checking to ProgramAssociationTable::ProgramCount??().
This sanity checking is only really needed because we allow bypassing the CRC check on PAT tables with some broken hardware, but there is also the theoretical possibility that a broadcaster sends out malformed data in which case this will prevent it from causing an illegal memory access.