Re: dvb-tools: dvbv5-scan segfaults with DVB-T2 HD service that just started in Germany

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Mauro,

could you please take a look?

Thanks,
Gregor

On 3/30/17 9:36 PM, Frank Heckenbach wrote:
> I got the same problem, only on some channels though, e.g. ZDF using
> this input:
> 
> [CH34]
> DELIVERY_SYSTEM = DVBT2
> FREQUENCY = 578000000
> BANDWIDTH_HZ = 8000000
> MODULATION = QAM/16
> 
> *** Error in `dvbv5-scan': malloc(): memory corruption: 0x0000000000fe13c0 ***
> 
> I did some debugging with gdb and valgrind (using the upstream
> version v4l-utils-1.12.3.tar.bz2 since I needed to recompile anyway
> to get debug info).
> 
> I found an invalid access in descriptors/desc_t2_delivery.c:55
> 
>   memcpy(&d->centre_frequency, p, len);
> 
> Before this, dvb_extension_descriptor_init had
> 
>   desc_type == 4 (T2_delivery_system_descriptor)
> 
> and
> 
>   dvb_ext_descriptors[4].size == sizeof(struct dvb_desc_t2_delivery) (23)
> 
> so it allocated only 23 bytes, but didn't change desc_len which was
> still 68, causing the overflow.
> 
> Setting desc_len to 23 didn't help, but just allocating 68 bytes
> did:
> 
> --- v4l-utils-1.12.3/lib/libdvbv5/descriptors/desc_extension.c
> +++ v4l-utils-1.12.3/lib/libdvbv5/descriptors/desc_extension.c
> @@ -149,7 +149,7 @@
>  	if (!size)
>  		size = desc_len;
>  
> -	ext->descriptor = calloc(1, size);
> +	ext->descriptor = calloc(1, desc_len);
>  
>  	if (init) {
>  		if (init(parms, p, ext, ext->descriptor) != 0)
> 
> NOTE: This is probably not a proper fix, just a bandaid. Since
> scanning channels is mostly a one-off job, I'm happy now that I got
> my channels list and don't plan to invest more time resarching the
> issue.
> 




[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux