[mythtv] Ticket #2420: mythreplex segfault
D. Hugh Redelmeier
hugh at mimosa.com
Tue Sep 26 18:47:22 UTC 2006
| From: D. Hugh Redelmeier <hugh at mimosa.com>
| | #2420: mythreplex segfault
|
| | Comment (by paulh):
| |
| | (In [11294]) Possible fix for #2420. find_audio_sync() was always
| | expecting the buf array
| | passed as a parameter to be 7 bytes but some of the calling functions
| | where
| | only creating 4 and 6 byte arrays.
On my system, the stack smashing crash was reproduceable.
With the fixes PaulH made to element.c, it no longer crashed.
With my rewrite of find_audio_sync and no changes to buffer
declarations (i.e. without PaulH's fixes), it no longer crashed. The
output files were identical to the ones produced with PaulH's fixed
version.
I propose that my rewrite of find_audio_sync be adopted because it
simplifies the program and does not require arbitrary appearances of
the number 7.
| int find_audio_sync(ringbuffer *rbuf, uint8_t *buf, int off, int type, int le)
| {
| int c;
| int l;
| uint8_t b1,b2,m2;
| int r;
|
| switch(type){
| case AC3:
| b1 = 0x0B;
| b2 = 0x77;
| m2 = 0xFF;
| l = 6;
| break;
|
| case MPEG_AUDIO:
| b1 = 0xFF;
| b2 = 0xF8;
| m2 = 0xF8;
| l = 4;
| break;
|
| default:
| return -1;
| }
|
| c = off;
| while ( c-off < le){
| uint8_t b;
|
| if ((r = mring_peek(rbuf, &b, 1, c)) <0) return -1;
| c++;
| while ( b == b1) {
| if ((r = mring_peek(rbuf, &b, 1, c)) <0) return -1;
| c++;
| if ( (b&m2) == b2 ) {
| if ((r = mring_peek(rbuf, buf, l, c-2)) < -1)
| return -2;
| return c-2-off;
| }
| }
| }
| return -1;
| }
I'd prefer to move the declaration of r to just before the declaration
of b. Not important.
More information about the mythtv-dev
mailing list