<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div><div apple-content-edited="true">
</div>
<br><div><div>On Oct 23, 2013, at 10:59 AM, Jean-Paul Saman <<a href="mailto:jpsaman@videolan.org">jpsaman@videolan.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Brat,<br><br>Sorry for the delay I just spotted your e-mail.<br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 3, 2013 at 6:01 PM, Brad Bitterman <span dir="ltr"><<a href="mailto:bitter@vtilt.com" target="_blank">bitter@vtilt.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">So I had a chance to test all the ATSC tables that are in libdvbpsi. I did make the change mentioned below to each table and attached a patch to this email.</div>
</blockquote><div><br></div><div>Thanks, I'll have a look at it.<br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div>
<br></div><div>I did find and issue with ETT parsing though. The function dvbpsi_atsc_DecodeETTSections causes a crash. It seems the memory for p_ett->p_etm_data is not being allocated. Also, the check for the p_ett->p_etm_data is wrong. It should be this:</div>
<div><br> </div></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div></div><div><div> if (!p_ett->p_etm_data)</div>
<div> abort();</div></div><div><br></div></div></blockquote><div><br>Indeed this is a bug.<br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">
<div></div><div>I tried malloc'ing the memory and correcting the pointer check. When I do that I get an abort from libc free saying double free or corruption. Here is the stack trace:</div><div><br></div><div><div>#0 0x0000003908e35935 in raise () from /lib64/libc.so.6</div>
<div>#1 0x0000003908e370e8 in abort () from /lib64/libc.so.6</div><div>#2 0x0000003908e74e8b in __libc_message () from /lib64/libc.so.6</div><div>#3 0x0000003908e7c00e in _int_free () from /lib64/libc.so.6</div><div>#4 0x00007ffff7ddca91 in dvbpsi_DeletePSISections (p_section=0x7fffe80008c0) at psi.c:179</div>
<div>#5 0x00007ffff7deb992 in dvbpsi_atsc_GatherETTSections (p_dvbpsi=0x7ffff00008c0, p_decoder=0x7fffe8001910, p_section=0x7fffe80008c0)</div><div> at tables/atsc_ett.c:403</div><div>#6 0x00007ffff7ddd17e in dvbpsi_Demux (p_dvbpsi=0x7ffff00008c0, p_section=0x7fffe80008c0) at demux.c:123</div>
<div>#7 0x00007ffff7ddc31e in dvbpsi_packet_push (p_dvbpsi=0x7ffff00008c0, p_data=0x7ffff75b5dd0 "GR\a\031") at dvbpsi.c:445</div><div>#8 0x0000000000403cff in ATSCServices::demuxCallback (stream=0x7ffff75b5dd0 "GR\a\031", size=188, privateData=0x7fffffffde70, args=0x0)</div>
<div> at ATSCServices.cpp:172</div><div>#9 0x00000000004021fb in DemuxInterface::run (context=0x609060) at DemuxInterface.cpp:106</div><div>#10 0x0000003909607d14 in start_thread () from /lib64/libpthread.so.0</div><div>
#11 0x0000003908ef168d in clone () from /lib64/libc.so.6</div></div><div><br></div><div><br></div><div>I'm not sure where to go from here in trying to debug it. I'm not actually using EITs and ETTs so its not a problem for me but might be for someone else in the future.</div>
<div><br></div><div>I can send you a capture of ETT TS packets that you can test with if you want me to.</div></div></blockquote><div><br></div><div>Please sent me a capture I can then debug.<br> <br></div><div>Kind regards,<br>
<br></div><div>Jean-Paul Saman.<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><div><br></div><div>Thanks,</div><div><br>
<div>
<span style="border-collapse:separate;border-spacing:0px"><div>Brad Bitterman</div><div><a href="mailto:bitter@vtilt.com" target="_blank">bitter@vtilt.com</a></div><div><br></div></span></div></div></div><br><div style="word-wrap:break-word">
<div><div>
</div>
<br><div><div>On Oct 2, 2013, at 1:30 PM, Jean-Paul Saman <<a href="mailto:jpsaman@videolan.org" target="_blank">jpsaman@videolan.org</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr"><div class="gmail_extra">
Brad,<br><br></div><div class="gmail_extra"><div class="gmail_quote">On Wed, Oct 2, 2013 at 7:03 PM, Brad Bitterman <span dir="ltr"><<a href="mailto:bitter@vtilt.com" target="_blank">bitter@vtilt.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">The patch works.<div><br></div><div>On another note, in atsc_mgt.c I think there might be an issue in dvbpsi_AddSectionMGT. At line 387 there is a check to see if p_decoder->p_building_mgt gets created from the call to dvbpsi_atsc_NewMGT. The check is as follows:</div>
<div><br></div><div><div>if (p_decoder->p_building_mgt)</div><div> return false;</div><div><br></div><div>Shouldn't it be this:</div><div><br></div><div><div>if (!p_decoder->p_building_mgt)</div><div> return false;</div>
</div><div><br></div></div></div></blockquote><div> </div><div>indeed, I quickly checked 2 other ATSC table and they have the same problem.<br>I guess it refers to all ATSC tables. Could you prepare a patch for all ATSC tables and properly test it?<br>
<br></div><div>I do not have ATSC sources, so cannot test.<br><br></div><div>Kind regards,<br></div><div><br>Jean-Paul Saman.<br></div></div><br></div></div>
</blockquote></div><br></div></div><br></blockquote></div><br></div></div>
</blockquote></div><br></div></body></html>