[libdvbpsi-devel] Section CRC not being checked

Jean-Paul Saman jpsaman at videolan.org
Wed Oct 23 16:59:08 CEST 2013 

Brat,

Sorry for the delay I just spotted your e-mail.

On Thu, Oct 3, 2013 at 6:01 PM, Brad Bitterman <bitter at vtilt.com> wrote:

> So I had a chance to test all the ATSC tables that are in libdvbpsi. I did
> make the change mentioned below to each table and attached a patch to this
> email.
>

Thanks, I'll have a look at it.


>
> I did find and issue with ETT parsing though. The function
> dvbpsi_atsc_DecodeETTSections causes a crash. It seems the memory for
> p_ett->p_etm_data is not being allocated. Also, the check for the
> p_ett->p_etm_data is wrong. It should be this:
>
>
>
 if (!p_ett->p_etm_data)
>             abort();
>
>
Indeed this is a bug.


> I tried malloc'ing the memory and correcting the pointer check. When I do
> that I get an abort from libc free saying double free or corruption. Here
> is the stack trace:
>
> #0  0x0000003908e35935 in raise () from /lib64/libc.so.6
> #1  0x0000003908e370e8 in abort () from /lib64/libc.so.6
> #2  0x0000003908e74e8b in __libc_message () from /lib64/libc.so.6
> #3  0x0000003908e7c00e in _int_free () from /lib64/libc.so.6
> #4  0x00007ffff7ddca91 in dvbpsi_DeletePSISections
> (p_section=0x7fffe80008c0) at psi.c:179
> #5  0x00007ffff7deb992 in dvbpsi_atsc_GatherETTSections
> (p_dvbpsi=0x7ffff00008c0, p_decoder=0x7fffe8001910,
> p_section=0x7fffe80008c0)
>     at tables/atsc_ett.c:403
> #6  0x00007ffff7ddd17e in dvbpsi_Demux (p_dvbpsi=0x7ffff00008c0,
> p_section=0x7fffe80008c0) at demux.c:123
> #7  0x00007ffff7ddc31e in dvbpsi_packet_push (p_dvbpsi=0x7ffff00008c0,
> p_data=0x7ffff75b5dd0 "GR\a\031") at dvbpsi.c:445
> #8  0x0000000000403cff in ATSCServices::demuxCallback
> (stream=0x7ffff75b5dd0 "GR\a\031", size=188, privateData=0x7fffffffde70,
> args=0x0)
>     at ATSCServices.cpp:172
> #9  0x00000000004021fb in DemuxInterface::run (context=0x609060) at
> DemuxInterface.cpp:106
> #10 0x0000003909607d14 in start_thread () from /lib64/libpthread.so.0
> #11 0x0000003908ef168d in clone () from /lib64/libc.so.6
>
>
> I'm not sure where to go from here in trying to debug it. I'm not actually
> using EITs and ETTs so its not a problem for me but might be for someone
> else in the future.
>
> I can send you a capture of ETT TS packets that you can test with if you
> want me to.
>

Please sent me a capture I can then debug.

Kind regards,

Jean-Paul Saman.


> Thanks,
>
> Brad Bitterman
> bitter at vtilt.com
>
>
>
> On Oct 2, 2013, at 1:30 PM, Jean-Paul Saman <jpsaman at videolan.org> wrote:
>
> Brad,
>
> On Wed, Oct 2, 2013 at 7:03 PM, Brad Bitterman <bitter at vtilt.com> wrote:
>
>> The patch works.
>>
>> On another note, in atsc_mgt.c I think there might be an issue in
>> dvbpsi_AddSectionMGT. At line 387 there is a check to see if
>> p_decoder->p_building_mgt gets created from the call to dvbpsi_atsc_NewMGT.
>> The check is as follows:
>>
>> if (p_decoder->p_building_mgt)
>>          return false;
>>
>> Shouldn't it be this:
>>
>> if (!p_decoder->p_building_mgt)
>>           return false;
>>
>>
> indeed, I quickly checked 2 other ATSC table  and they have the same
> problem.
> I guess it refers to all ATSC tables. Could you prepare a patch for all
> ATSC tables and properly test it?
>
> I do not have ATSC sources, so cannot test.
>
> Kind regards,
>
> Jean-Paul Saman.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/libdvbpsi-devel/attachments/20131023/a46e8708/attachment.html>

More information about the libdvbpsi-devel mailing list