[vdr] get a segmentation fault when starting vdr (backtrace included)

Dr. Werner Fink werner at suse.de
Fri Nov 30 12:51:35 CET 2012 

On Fri, Nov 30, 2012 at 12:08:53PM +0100, Dieter Bloms wrote:
> Hi Werner,
> 
> --snip--
>   25 cString tComponent::ToString(void)
>   26 {
>   27   char buffer[256];
>   28   snprintf(buffer, sizeof(buffer), "%X %02X %s %s", stream, type, language, description ? description : "");
>   29   return buffer;
>   30 }
>   31 
>   32 bool tComponent::FromString(const char *s)
>   33 {
>   34   unsigned int Stream, Type;
>   35   description = NULL;
>   36   int n = sscanf(s, "%X %02X %7s %as[^\n]", &Stream, &Type, language, &description); // 7 = MAXLANGCODE2 - 1
>   37   esyslog("dbloms: \"%X\" \"%02X\" \"%7s\" \"%s\"", Stream, Type, language, description);
>   38 
>   39   if (n != 4 || isempty(description)) {
>   40      free(description);
>   41      description = NULL;
>   42      }
>   43   stream = Stream;
>   44   type = Type;
>   45   return n >= 3;
>   46 }
> --snip--
> 
> 
> and get a core dump with this:
> 
> --snip--
> vdrservernew:/tmp# gdb --core /tmp/core /usr/local/bin/vdr
> GNU gdb (GDB) 7.5
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-unknown-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/local/bin/vdr...done.
> [New LWP 8986]
> [New LWP 8985]
> [New LWP 8987]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/libthread_db.so.1".
> Core was generated by `/usr/local/bin/vdr --config=/etc/vdr --epgfile=/tmp/epg.data --grab=/dev/shm --'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00006b2476b263b3 in strnlen () from /lib/libc.so.0.9.32
> (gdb) bt
> #0  0x00006b2476b263b3 in strnlen () from /lib/libc.so.0.9.32
> #1  0x00006b2476b1ff56 in ?? () from /lib/libc.so.0.9.32
> #2  0x00006b2476b1d5dc in vsnprintf () from /lib/libc.so.0.9.32
> #3  0x00006b2476b14c29 in vsyslog () from /lib/libc.so.0.9.32
> #4  0x000000000052e510 in syslog_with_tid (priority=3, format=0x551ab8 "dbloms: \"%X\" \"%02X\" \"%7s\" \"%s\"") at tools.c:40
> #5  0x00000000004a1e4e in FromString (s=<optimized out>, this=0x3dabc20) at epg.c:37
> #6  cComponents::SetComponent (this=<optimized out>, Index=<optimized out>, s=s at entry=0x3daaaa2 "1 01 deu 4:3") at epg.c:84
> #7  0x00000000004a4163 in cEvent::Parse (this=0x3d9f4d0, s=<optimized out>) at epg.c:498
> #8  0x00000000004e9f16 in cRecordingInfo::Read (this=0x3da8640, f=f at entry=0x3d9f840) at recording.c:468
> #9  0x00000000004eb553 in cRecording::cRecording (this=0x3da05c0, FileName=0x3d8aa7c "Sex_and_the_City_2/2012-11-19.20.10.27-0.rec") at recording.c:723
> #10 0x00000000004ecf21 in cRecordings::ScanVideoDir (this=0x7fe880 <Recordings>, DirName=0x3d9d4c0 "/remote/vdr/Sex_and_the_City_2", Foreground=false, LinkLevel=0) at recording.c:1165
> #11 0x00000000004ed39c in cRecordings::ScanVideoDir (this=0x7fe880 <Recordings>, DirName=0x3d83a20 "/remote/vdr", Foreground=false, LinkLevel=0) at recording.c:1180
> #12 0x00000000005269be in cThread::StartThread (Thread=0x7fe8a0 <Recordings+32>) at thread.c:262
> #13 0x00006b247844a406 in start_thread () from /lib/libpthread.so.0.9.32
> #14 0x00006b2478442885 in clone () from /lib/libpthread.so.0.9.32
> #15 0x0000000000000000 in ?? ()
> (gdb) 
> --snip--

Maybe some more checks are required as if n != 4 this could be that one of the
variables are not used and therefore not initialized.

Before sscanf() this could be a `memset(language, 0, sizeof(language));' or more
simple a `*language = 0;' depending on the type of language.  Also the code

   if (n != 4 || isempty(description)) {
      free(description);
      description = NULL;
   }

could become

   if (n != 4 || isempty(description)) {
      if (description)
         free(description);
      description = NULL;
   }

as well as the line

   esyslog("dbloms: \"%X\" \"%02X\" \"%7s\" \"%s\"", Stream, Type, language, description);   

may look like

   esyslog("dbloms: \"%X\" \"%02X\" \"%7s\" \"%s\"", Stream, Type, language, description ? description : "");


Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr

More information about the vdr mailing list