Matthias Lenk wrote: > I was experimenting with VDR 1.3.27 and DVB-T reception and found an issue in > channels.h. The alangs member of the class cChannel has MAXAPIDS elements. > But in channels.c line 447 an element with index MAXAPIDS can be accessed. > But the max index is of course MAXAPIDS - 1. This can have weird effects, so > I suggest to increase the number of elements to MAXAPIDS + 1. The same is > true for dlangs member of the cChannels class. I agree. The ?pid lists are zero-terminated, so they are [MAX?PIDS + 1] sized. The ?langs arrays are accessed in parallel, so they need to be sized the same, just like in pat.c line 329. An alternative would be to rewrite the initializing loop in cChannel::SetPids, because there is no need to copy the lang of the terminating 0 pid. (the current loop always copies the whole array instead of stopping at the terminating 0 pid) The bug is currently just cosmetic, because the only out-of-bounds write access to alangs[MAXAPIDS] trashes dpids[0] which is overwritten in the next step. Same happens for dlangs[MAXDPIDS] and spids[0], where spids is generally un-used by now. Cheers, Udo
