[vdr] Mplayercluster-plugin crashes with long NFS paths

Teppo Jalava tjjalava at gmail.com
Tue Feb 21 00:44:02 CET 2006


On 2/18/06, Udo Richter <udo_richter at gmx.de> wrote:
> All these strings are dynamically allocated, either in the (local)
> cString class or malloc'ed with exact size, so I dont think that this is
> a simple buffer overflow.
>
> (1) the delete is commented out for some reason, so this cant be causing it.
> (2) this is the last message of the init part, so the bug may be
> somewhere in the main loop.
>
> Anything helpful would be very welcome. Add some more debug messages or
> try to locate the crash with a debugger.

I think I've found the problem. In transceiver.c, on line 163
filenameLen should be changed to remoteFilename.length(), since
filenameLen is in network byte order. So it after all wasn't a very
big fix, but still I managed to spend way too much time debuggin
before I noticed that ;)

I attach a patch againts "mplayercluster-0.0.1a-Urig8.diff"-patched
version with the fix. I also uncommented the delete[] line, since it
doesn't cause any problems, at least for me.

-t
-------------- next part --------------
diff -u mplayercluster-0.0.1a/transceiver.c mplayercluster-0.0.1a-fixed/transceiver.c
--- mplayercluster-0.0.1a/transceiver.c	2006-02-21 01:24:13.000000000 +0200
+++ mplayercluster-0.0.1a-fixed/transceiver.c	2006-02-21 01:28:09.000000000 +0200
@@ -160,7 +160,7 @@
 		memcpy(initPacket + 4, &filenameLen, 2);
 	}
 
-	initPacketFill = PKT_HEADERLEN + filenameLen;
+	initPacketFill = PKT_HEADERLEN + remoteFilename.length();
 	while (m_Active && (initPacketFill > 0)) {
 		fiSelect.Clear();
 		fiSelect.Add(m_DataSocket, true);
@@ -182,7 +182,7 @@
 
 	if (m_Active) {
 		cout << "deleting " << (int)initPacket << endl;
-		//delete[] initPacket;
+		delete[] initPacket;
 	}
 
 	cout << "nach delete" << endl;


More information about the vdr mailing list