On 2/18/06, Udo Richter <udo_richter@xxxxxx> wrote:
> All these strings are dynamically allocated, either in the (local)
> cString class or malloc'ed with exact size, so I dont think that this is
> a simple buffer overflow.
>
> (1) the delete is commented out for some reason, so this cant be causing it.
> (2) this is the last message of the init part, so the bug may be
> somewhere in the main loop.
>
> Anything helpful would be very welcome. Add some more debug messages or
> try to locate the crash with a debugger.
I think I've found the problem. In transceiver.c, on line 163
filenameLen should be changed to remoteFilename.length(), since
filenameLen is in network byte order. So it after all wasn't a very
big fix, but still I managed to spend way too much time debuggin
before I noticed that ;)
I attach a patch againts "mplayercluster-0.0.1a-Urig8.diff"-patched
version with the fix. I also uncommented the delete[] line, since it
doesn't cause any problems, at least for me.
-t
-------------- next part --------------
diff -u mplayercluster-0.0.1a/transceiver.c mplayercluster-0.0.1a-fixed/transceiver.c
--- mplayercluster-0.0.1a/transceiver.c 2006-02-21 01:24:13.000000000 +0200
+++ mplayercluster-0.0.1a-fixed/transceiver.c 2006-02-21 01:28:09.000000000 +0200
@@ -160,7 +160,7 @@
memcpy(initPacket + 4, &filenameLen, 2);
}
- initPacketFill = PKT_HEADERLEN + filenameLen;
+ initPacketFill = PKT_HEADERLEN + remoteFilename.length();
while (m_Active && (initPacketFill > 0)) {
fiSelect.Clear();
fiSelect.Add(m_DataSocket, true);
@@ -182,7 +182,7 @@
if (m_Active) {
cout << "deleting " << (int)initPacket << endl;
- //delete[] initPacket;
+ delete[] initPacket;
}
cout << "nach delete" << endl;
