[vdr] get a segmentation fault when starting vdr (backtrace included)

Lars Hanisch dvb at flensrocker.de
Sat Dec 1 14:44:44 CET 2012


Am 30.11.2012 11:32, schrieb Gerald Dachs:
> Am 2012-11-30 10:17, schrieb Lars Hanisch:
>>  Looks like the pointer returned by sscanf is not valid:
>>
>> 32: bool tComponent::FromString(const char *s)
>> 33: {
>> 34:   unsigned int Stream, Type;
>> 35:   int n = sscanf(s, "%X %02X %7s %a[^\n]", &Stream, &Type,
>> language, &description); // 7 = MAXLANGCODE2 - 1
>> 36:   if (n != 4 || isempty(description)) {
>> 37:      free(description);
>> 38:      description = NULL;
>> 39:      }
>> 40:   stream = Stream;
>> 41:   type = Type;
>> 42:   return n >= 3;
>> 43: }
> 
> From man sscanf:
> 
>        The GNU C library supports a nonstandard extension that causes the library to
>        dynamically allocate a string of sufficient size for input strings for the %s
>        and %a[range] conversion specifiers.
> 
> This is the reason why it doesn't work with ulibc.

 Then there should be a malloc or something similiar for description:

32: bool tComponent::FromString(const char *s)
33: {
34:   unsigned int Stream, Type;
      description = malloc(strlen(s));
      description[0] = 0;
35:   int n = sscanf(s, "%X %02X %7s %a[^\n]", &Stream, &Type, language, &description); // 7 = MAXLANGCODE2 - 1
36:   if (n != 4 || isempty(description)) {
37:      free(description);
38:      description = NULL;
39:      }
40:   stream = Stream;
41:   type = Type;
42:   return n >= 3;
43: }

 A check for description != NULL before the free call is not needed.

 But this is not the only place in the vdr code, where %a is used...

Lars.
> 
> Gerald
> 
> 
> _______________________________________________
> vdr mailing list
> vdr at linuxtv.org
> http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
>



More information about the vdr mailing list