[vdr] Re: Aborted - a test case

To: vdr@linuxtv.org
Subject: [vdr] Re: Aborted - a test case
From: s.huelswitt@gmx.de (Stefan Huelswitt)
Date: Wed, 15 Sep 2004 16:02:43 +0000 (UTC)
Content-type: text/plain; charset=us-ascii
List-help: <mailto:ecartis@linuxtv.org?subject=help>
List-id: vdr <vdr.mail>
List-owner: <mailto:listmaster@convergence.de>
List-post: <mailto:vdr@linuxtv.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:ecartis@linuxtv.org?subject=subscribe%20vdr>
List-unsubscribe: <mailto:ecartis@linuxtv.org?subject=unsubscribe%20vdr>
Newsgroups: local.linux.vdr
Organization: Home, sweet home
References: <413F7E84.21227.6AD3AE@localhost.SOMEWHERE> <200409131738.17486.marcel.wiesweg@gmx.de> <ci4efr$fq0$3@video.local.muempf.de> <200409151423.25330.marcel.wiesweg@gmx.de>
Reply-to: vdr@linuxtv.org
Sender: vdr-bounce@linuxtv.org

On 15 Sep 2004 Marcel Wiesweg <marcel.wiesweg@gmx.de> wrote:
> Am Montag, 13. September 2004 17:31 schrieb Stefan Huelswitt:
>> On 13 Sep 2004 Marcel Wiesweg <marcel.wiesweg@gmx.de> wrote:
>> > It would be great if I had the original data in a binary file. Does
>> > someone know an elegant way to convert the printout below to a binary
>> > file, or to save it directly from gdb?
>>
>> I just mailed you the data in binary format.
> 
> Ok, I have analyzed the data and as I had suspected it is broken, but quite 
> skillfully so. The outer structure, the section and the event loop size is 
> all right with correct size, CRC and all. The event in the loop however is 
> truncated. It says to be of size 40xx (which is reasonable, EIT sections are 
> limited to 4096). I assume it has had that size sometimes in the past, was 
> then taken, truncated and correctly packed in a new section.

Thanks for your investigations.

> Currently, libsi is putting some trust in the data. After all, it is error 
> checked twice, and stations won't send malicious data over the air.

Well, obviously they do ...

> Currently it will read the full 4050 or so bytes, which leads to a segfault if 
> not to the observed abort() occurs before.
> 
> The only elegant way I currently see to solve that  is to use C++ exceptions.
> I hope Klaus does not object to the use of exeptions?

I think that any program mustn't relay on correct input data.
Error checking has to be done, even if outer struct/crc indicates
that everythin might be fine.
This case leads to a abort() only because of the huge malloc, but
in other cases the malloc size may be fine and corrupted data is
feed to vdr.
If I have 692 input bytes, the event text clearly cannot contain
40xx bytes. This can easily be checked, or not?

Regards.

-- 
Stefan Huelswitt
s.huelswitt@gmx.de  | http://www.muempf.de/

Follow-Ups:
- [vdr] Re: Aborted - a test case
  - From: Marcel Wiesweg <marcel.wiesweg@gmx.de>

References:
- [vdr] Re: Aborted - a test case
  - From: Marcel Wiesweg <marcel.wiesweg@gmx.de>
- [vdr] Re: Aborted - a test case
  - From: s.huelswitt@gmx.de (Stefan Huelswitt)
- [vdr] Re: Aborted - a test case
  - From: Marcel Wiesweg <marcel.wiesweg@gmx.de>

Prev by Date: [vdr] Re: mp3-plugin 0.9.6 - problems
Next by Date: [vdr] Re: mp3-plugin 0.9.6 - problems
Previous by thread: [vdr] Re: Aborted - a test case
Next by thread: [vdr] Re: Aborted - a test case
Index(es):
- Date
- Thread

Home | Main Index | Thread Index