[vdr] bug in channels.h?
udo_richter at gmx.de
Thu Jul 21 14:37:07 CEST 2005
Matthias Lenk wrote:
> I was experimenting with VDR 1.3.27 and DVB-T reception and found an issue in
> channels.h. The alangs member of the class cChannel has MAXAPIDS elements.
> But in channels.c line 447 an element with index MAXAPIDS can be accessed.
> But the max index is of course MAXAPIDS - 1. This can have weird effects, so
> I suggest to increase the number of elements to MAXAPIDS + 1. The same is
> true for dlangs member of the cChannels class.
I agree. The ?pid lists are zero-terminated, so they are [MAX?PIDS + 1]
sized. The ?langs arrays are accessed in parallel, so they need to be
sized the same, just like in pat.c line 329.
An alternative would be to rewrite the initializing loop in
cChannel::SetPids, because there is no need to copy the lang of the
terminating 0 pid. (the current loop always copies the whole array
instead of stopping at the terminating 0 pid)
The bug is currently just cosmetic, because the only out-of-bounds write
access to alangs[MAXAPIDS] trashes dpids which is overwritten in the
next step. Same happens for dlangs[MAXDPIDS] and spids, where spids
is generally un-used by now.
More information about the vdr