[mythtv] [mythtv-commits] mythtv commit: r9296 by danielk

Janne Grunau janne-mythtv at grunau.be
Thu Mar 9 22:38:28 UTC 2006


On Wednesday 08 March 2006 16:54, Daniel Kristjansson wrote:
> On Wed, 2006-03-08 at 15:48 +0000, Stuart Auchterlonie wrote:
> > I've been poking around a bit looking at some of the backtraces
> > relating to other similar problems.
> >
> > something I've noticed is that SIParser::ParseTable never checks
> > the size of the data it is passed, It's called from dvbsiparser
> > after it has done a read of a non zero number of bytes.
>
> My understanding is that the section reader used by SIParser verifies
> the PES packets, this seems to be backed up by these things only
> occurring with the signal monitor which doesn't use the section
> reader.

This is unfortunately incorrect. I've seen segfaults with a buffer of 
size 4 and table_id 0x0. That is obviously invalid NIT. Even a NIT 
without data is atleast 16 bytes.
Before 9229 the buffer size was somehow used in SIParser::ParseTable(). 
It might be the changeset where the crashes in the DVB-section parsing 
began.

I'll create a ticket with a patch for checking buffer size == 
section_length+3 and ommitting ParseTable() if buffer size >= 8 (the 
size of the smallest valid DVB table TDT).

ciao Janne

ps: Daniel, is it suspicious, if in a backtrace in DVB-land 
ATSCStreamData shows up? the backtrace is not informative, since I 
can't see where the ATSCStreamData is called from.


More information about the mythtv-dev mailing list