Hi Udo, I just wanted to add some details. That crash happened when watching DVB-T in Berlin and I had a special channels.conf that I do not find right now unfortunately. Also, it was not on an x86 platform so this might come into play as well. Thanks, Matthias On Thursday 21 July 2005 15:13, Matthias Lenk wrote: > Hi Udo, > > Thanks for the quick reply. I don't think that this is just cosmetic. I had > a crash caused by this, not directly but indirectly, so I suggest to fix > this. > > Thanks, > > Matthias > > On Thursday 21 July 2005 14:37, Udo Richter wrote: > > Matthias Lenk wrote: > > > I was experimenting with VDR 1.3.27 and DVB-T reception and found an > > > issue in channels.h. The alangs member of the class cChannel has > > > MAXAPIDS elements. But in channels.c line 447 an element with index > > > MAXAPIDS can be accessed. But the max index is of course MAXAPIDS - 1. > > > This can have weird effects, so I suggest to increase the number of > > > elements to MAXAPIDS + 1. The same is true for dlangs member of the > > > cChannels class. > > > > I agree. The ?pid lists are zero-terminated, so they are [MAX?PIDS + 1] > > sized. The ?langs arrays are accessed in parallel, so they need to be > > sized the same, just like in pat.c line 329. > > > > An alternative would be to rewrite the initializing loop in > > cChannel::SetPids, because there is no need to copy the lang of the > > terminating 0 pid. (the current loop always copies the whole array > > instead of stopping at the terminating 0 pid) > > > > The bug is currently just cosmetic, because the only out-of-bounds write > > access to alangs[MAXAPIDS] trashes dpids[0] which is overwritten in the > > next step. Same happens for dlangs[MAXDPIDS] and spids[0], where spids > > is generally un-used by now. > > > > Cheers, > > > > Udo
