[mythtv] [mythtv-commits] mythtv commit: r9296 by danielk
Janne Grunau
janne-mythtv at grunau.be
Thu Mar 9 22:38:28 UTC 2006
On Wednesday 08 March 2006 16:54, Daniel Kristjansson wrote:
> On Wed, 2006-03-08 at 15:48 +0000, Stuart Auchterlonie wrote:
> > I've been poking around a bit looking at some of the backtraces
> > relating to other similar problems.
> >
> > something I've noticed is that SIParser::ParseTable never checks
> > the size of the data it is passed, It's called from dvbsiparser
> > after it has done a read of a non zero number of bytes.
>
> My understanding is that the section reader used by SIParser verifies
> the PES packets, this seems to be backed up by these things only
> occurring with the signal monitor which doesn't use the section
> reader.
This is unfortunately incorrect. I've seen segfaults with a buffer of
size 4 and table_id 0x0. That is obviously invalid NIT. Even a NIT
without data is atleast 16 bytes.
Before 9229 the buffer size was somehow used in SIParser::ParseTable().
It might be the changeset where the crashes in the DVB-section parsing
began.
I'll create a ticket with a patch for checking buffer size ==
section_length+3 and ommitting ParseTable() if buffer size >= 8 (the
size of the smallest valid DVB table TDT).
ciao Janne
ps: Daniel, is it suspicious, if in a backtrace in DVB-land
ATSCStreamData shows up? the backtrace is not informative, since I
can't see where the ATSCStreamData is called from.
More information about the mythtv-dev
mailing list