[mythtv-commits] Ticket #7614: Segfault can occur in TVRec::StartRecording()
MythTV
mythtv at cvs.mythtv.org
Thu Nov 19 08:53:32 UTC 2009
#7614: Segfault can occur in TVRec::StartRecording()
------------------------------------+---------------------------------------
Reporter: david.madsen@… | Owner: danielk
Type: defect | Status: new
Priority: minor | Milestone: unknown
Component: MythTV - Recording | Version: head
Severity: medium | Mlocked: 0
------------------------------------+---------------------------------------
A potential segfault exists in the TVRec::StartRecording() function. This
function creates an iterator to the pendingRecordings QMap. It then
yields to the EventThread to process any outstanding events before
proceeding.
In the event thread it is possible that the call to
TVRec::HandlePendingRecordings() will find a stale recording pending and
will proceed to free the memory used by the info pointer and then delete
the entry out of the pendingRecordings map.
Eventually we will return to execution in the TVRec::StartRecording()
function and we will continue to use the existing iterator. The iterator
itself will still be valid since we are looking at a previously made copy
of the QMap but since the TVRec::HandlePendingRecordings() call deleted
the data stored at the info pointer this code will cause a segfault.
{{{
if (is_busy && !sourceid)
{
mplexid = (*it).info->GetMplexID();
sourceid = (*it).info->sourceid;
}
}}}
I've attached a patch that simply re-executes the find after being awaken
by the EventThread. Since the stale entry has now been deleted the
following loop will not try to dereference the invalid pointer.
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/7614>
MythTV <http://www.mythtv.org/>
MythTV
More information about the mythtv-commits
mailing list