[vdr] bug in channels.h?

Udo Richter udo_richter at gmx.de
Thu Jul 21 14:37:07 CEST 2005


Matthias Lenk wrote:
> I was experimenting with VDR 1.3.27 and DVB-T reception and found an issue in 
> channels.h. The alangs member of the class cChannel has MAXAPIDS elements. 
> But in channels.c line 447 an element with index MAXAPIDS can be accessed. 
> But the max index is of course MAXAPIDS - 1. This can have weird effects, so 
> I suggest to increase the number of elements to MAXAPIDS + 1. The same is 
> true for dlangs member of the cChannels class.

I agree. The ?pid lists are zero-terminated, so they are [MAX?PIDS + 1] 
sized. The ?langs arrays are accessed in parallel, so they need to be 
sized the same, just like in pat.c line 329.

An alternative would be to rewrite the initializing loop in 
cChannel::SetPids, because there is no need to copy the lang of the 
terminating 0 pid. (the current loop always copies the whole array 
instead of stopping at the terminating 0 pid)

The bug is currently just cosmetic, because the only out-of-bounds write 
access to alangs[MAXAPIDS] trashes dpids[0] which is overwritten in the 
next step. Same happens for dlangs[MAXDPIDS] and spids[0], where spids 
is generally un-used by now.

Cheers,

Udo




More information about the vdr mailing list