[mythtv] [mythtv-commits] mythtv commit: r9296 by danielk

David Matthews dm at prolingua.co.uk
Wed Mar 8 17:41:21 UTC 2006


Stuart Auchterlonie wrote:
> I've been poking around a bit looking at some of the backtraces relating
> to other similar problems.
> 
> something I've noticed is that SIParser::ParseTable never checks the size
> of the data it is passed, It's called from dvbsiparser after it has done
> a read of a non zero number of bytes.
> 
> It is possible, though unlikely, that the read could return a number of
> bytes that is less than the minimum required number of bytes to have a
> valid packet. In this case we would be scribbling partial packets into
> an buffer and then attempting to process them
> 
> 
> Thoughts?

I saw exactly that a couple of days ago but I was actually looking for 
something else so I didn't note the details.  From what I recall the 
read in DVBSIParser::StartSecionReader had returned only three bytes. 
The construction of PSIPTable psip(pes) in ParseTable got a SEGV because 
the value of _allocSize was silly, the value of _fullbuffer was zero 
presumably because the call to pes_alloc failed and so memcpy was trying 
to write to address zero.

David.


More information about the mythtv-dev mailing list