[vdr] Re: Coredump - vdr 1.3.9 at eit.c:205

To: vdr@linuxtv.org
Subject: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
From: Klaus Schmidinger <Klaus.Schmidinger@cadsoft.de>
Date: Sat, 05 Jun 2004 12:01:04 +0200
Content-type: text/plain; charset=us-ascii
List-help: <mailto:ecartis@linuxtv.org?subject=help>
List-id: vdr <vdr.elisten>
List-owner: <mailto:listmaster@convergence.de>
List-post: <mailto:vdr@linuxtv.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:ecartis@linuxtv.org?subject=subscribe%20vdr>
List-unsubscribe: <mailto:ecartis@linuxtv.org?subject=unsubscribe%20vdr>
Organization: CadSoft Computer GmbH
References: <OF0D4C59E2.E08FE1D2-ONC1256EA9.0069A5F2-C1256EA9.006A0550@lindy.de> <40C0CE1B.6020209@lawatsch.at> <40C0D2A7.70407@lawatsch.at> <40C0DF8C.A7FF66F1@cadsoft.de> <40C0E3C9.50005@lawatsch.at>
Reply-to: vdr@linuxtv.org
Sender: vdr-bounce@linuxtv.org

Philip Lawatsch wrote:
> 
> Klaus Schmidinger wrote:
> 
> >
> > I'm having the same problem. It started at around 21:45 tonight.
> > For the moment I guess turning off the EPG scan helps somewhat.
> > Maybe some channel has f***ed up their EPG data, which maybe triggers
> > a bug in VDR.
> 
> Found the problem:
> 
> in eit.c around line 200:
> 
> if (ExtendedEventDescriptors) {
>              char
> buffer[ExtendedEventDescriptors->getMaximumTextLength(": ")];
> 
> pEvent->SetDescription(ExtendedEventDescriptors->getText(buffer, ": "));
> }
> 
> The size of the buffer is too small and a buffer overflow will overwrite
> the ShortEventDescriptor and a delete will crash the whole program.
> 
> ExtendedEventDescriptors->getMaximumTextLength(": ") calculates a too
> small size in my case.

Just curious: when you wre debugging this, did you see the actual value that
was returned by getMaximumTextLength()? And did you also see the actual string
returned by getText()?

My guess would be that the buffer was just one byte too small, because
getMaximumTextLength() returns the length of the string, without the terminating
'\0'. So maybe just increasing the buffer size by 1 would have done the trick.
Unfortunately the problem doesn't happen any more today, so it's hard to find
out what was really going on.

Klaus

Follow-Ups:
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Philip Lawatsch <philip@lawatsch.at>

References:
- [vdr] Coredump - vdr 1.3.9 at eit.c:205
  - From: "Stefan Hagendorn" <stefan.hagendorn@lindy.cc>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Philip Lawatsch <philip@lawatsch.at>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Philip Lawatsch <philip@lawatsch.at>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Klaus Schmidinger <Klaus.Schmidinger@cadsoft.de>
- [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
  - From: Philip Lawatsch <philip@lawatsch.at>

Prev by Date: [vdr] Re: kvdr-0.61 and xv?
Next by Date: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
Previous by thread: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
Next by thread: [vdr] Re: Coredump - vdr 1.3.9 at eit.c:205
Index(es):
- Date
- Thread

Home | Main Index | Thread Index