[mythtv-commits] Ticket #5859: Fix for high level CA_PMT handler code (SIGSEGV due to buffer overflow)
MythTV
mythtv at cvs.mythtv.org
Mon Oct 27 07:54:52 UTC 2008
#5859: Fix for high level CA_PMT handler code (SIGSEGV due to buffer overflow)
--------------------------------------+-------------------------------------
Reporter: manuel.kampert at online.de | Owner: ijr
Type: defect | Status: new
Priority: minor | Milestone: unknown
Component: mythtv | Version: unknown
Severity: medium | Mlocked: 0
--------------------------------------+-------------------------------------
cHlCiHandler::SetCaPmt does not test CaPmt.length > 256. This will cause a
SIGSEGV due to memory overwrite at
memcpy(&msg.msg[4], CaPmt.capmt, CaPmt.length);
as struct ca_msg msg msg.msg is defined in the kernel as msg[256].
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/5859>
MythTV <http://www.mythtv.org/>
MythTV
More information about the mythtv-commits
mailing list