[vdr] Re: Coredump - vdr 1.3.9 at eit.c:205

To: vdr@linuxtv.org
Subject: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
From: Philip Lawatsch <philip@lawatsch.at>
Date: Fri, 04 Jun 2004 23:04:09 +0200
Content-type: text/plain; charset=us-ascii; format=flowed
In-reply-to: <40C0DF8C.A7FF66F1@cadsoft.de>
List-help: <mailto:ecartis@linuxtv.org?subject=help>
List-id: vdr <vdr.elisten>
List-owner: <mailto:listmaster@convergence.de>
List-post: <mailto:vdr@linuxtv.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:ecartis@linuxtv.org?subject=subscribe%20vdr>
List-unsubscribe: <mailto:ecartis@linuxtv.org?subject=unsubscribe%20vdr>
References: <OF0D4C59E2.E08FE1D2-ONC1256EA9.0069A5F2-C1256EA9.006A0550@lindy.de> <40C0CE1B.6020209@lawatsch.at> <40C0D2A7.70407@lawatsch.at> <40C0DF8C.A7FF66F1@cadsoft.de>
Reply-to: vdr@linuxtv.org
Sender: vdr-bounce@linuxtv.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520

Klaus Schmidinger wrote:

I'm having the same problem. It started at around 21:45 tonight.
For the moment I guess turning off the EPG scan helps somewhat.
Maybe some channel has f***ed up their EPG data, which maybe triggers
a bug in VDR.

Found the problem:

in eit.c around line 200:

if (ExtendedEventDescriptors) {
char buffer[ExtendedEventDescriptors->getMaximumTextLength(": ")];

pEvent->SetDescription(ExtendedEventDescriptors->getText(buffer, ": "));
}

The size of the buffer is too small and a buffer overflow will overwrite the ShortEventDescriptor and a delete will crash the whole program.

ExtendedEventDescriptors->getMaximumTextLength(": ") calculates a too small size in my case.

Changing this to about

ExtendedEventDescriptors->getMaximumTextLength(": ")*2 solves the problem.

Btw, two note (no offenses !), using auto variables as buffers is bad no matter what since you can screw the stack.

#2 fixed size buffers are bad anyway since for instance you have

if (ShortEventDescriptor) {
char buffer[256];
pEvent->SetTitle(ShortEventDescriptor->name.getText(buffer));

pEvent->SetShortText(ShortEventDescriptor->text.getText(buffer));
}

Whereas getText checks for a length > 4095 or alike.

This is a source of problems imo.

And, using auto variable arrays with a "dynamic" size is a g++ only feature, its not protable.

kind regards Philip

Follow-Ups:
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Klaus Schmidinger <Klaus.Schmidinger@cadsoft.de>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Klaus Schmidinger <Klaus.Schmidinger@cadsoft.de>

References:
- [vdr] Coredump - vdr 1.3.9 at eit.c:205
  - From: "Stefan Hagendorn" <stefan.hagendorn@lindy.cc>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Philip Lawatsch <philip@lawatsch.at>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Philip Lawatsch <philip@lawatsch.at>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Klaus Schmidinger <Klaus.Schmidinger@cadsoft.de>

Prev by Date: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
Next by Date: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
Previous by thread: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
Next by thread: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
Index(es):
- Date
- Thread

Home | Main Index | Thread Index