[vdr] get a segmentation fault when starting vdr (backtrace included)
Lars Hanisch
dvb at flensrocker.de
Sat Dec 1 14:44:44 CET 2012
Am 30.11.2012 11:32, schrieb Gerald Dachs:
> Am 2012-11-30 10:17, schrieb Lars Hanisch:
>> Looks like the pointer returned by sscanf is not valid:
>>
>> 32: bool tComponent::FromString(const char *s)
>> 33: {
>> 34: unsigned int Stream, Type;
>> 35: int n = sscanf(s, "%X %02X %7s %a[^\n]", &Stream, &Type,
>> language, &description); // 7 = MAXLANGCODE2 - 1
>> 36: if (n != 4 || isempty(description)) {
>> 37: free(description);
>> 38: description = NULL;
>> 39: }
>> 40: stream = Stream;
>> 41: type = Type;
>> 42: return n >= 3;
>> 43: }
>
> From man sscanf:
>
> The GNU C library supports a nonstandard extension that causes the library to
> dynamically allocate a string of sufficient size for input strings for the %s
> and %a[range] conversion specifiers.
>
> This is the reason why it doesn't work with ulibc.
Then there should be a malloc or something similiar for description:
32: bool tComponent::FromString(const char *s)
33: {
34: unsigned int Stream, Type;
description = malloc(strlen(s));
description[0] = 0;
35: int n = sscanf(s, "%X %02X %7s %a[^\n]", &Stream, &Type, language, &description); // 7 = MAXLANGCODE2 - 1
36: if (n != 4 || isempty(description)) {
37: free(description);
38: description = NULL;
39: }
40: stream = Stream;
41: type = Type;
42: return n >= 3;
43: }
A check for description != NULL before the free call is not needed.
But this is not the only place in the vdr code, where %a is used...
Lars.
>
> Gerald
>
>
> _______________________________________________
> vdr mailing list
> vdr at linuxtv.org
> http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
>
More information about the vdr
mailing list