[mythtv] [mythtv-commits] mythtv commit: r9296 by danielk
dm at prolingua.co.uk
Wed Mar 8 17:41:21 UTC 2006
Stuart Auchterlonie wrote:
> I've been poking around a bit looking at some of the backtraces relating
> to other similar problems.
> something I've noticed is that SIParser::ParseTable never checks the size
> of the data it is passed, It's called from dvbsiparser after it has done
> a read of a non zero number of bytes.
> It is possible, though unlikely, that the read could return a number of
> bytes that is less than the minimum required number of bytes to have a
> valid packet. In this case we would be scribbling partial packets into
> an buffer and then attempting to process them
I saw exactly that a couple of days ago but I was actually looking for
something else so I didn't note the details. From what I recall the
read in DVBSIParser::StartSecionReader had returned only three bytes.
The construction of PSIPTable psip(pes) in ParseTable got a SEGV because
the value of _allocSize was silly, the value of _fullbuffer was zero
presumably because the call to pes_alloc failed and so memcpy was trying
to write to address zero.
More information about the mythtv-dev