Bad XDS bytes segfault zvbi
Status: Alpha
Brought to you by:
mschimek
Menu
▾
▴
#190 Bad XDS bytes segfault zvbi
I have a video file with bad (and possibly missing) XDS bytes. This causes libzvbi to not just choke, but segfault with a dereference on a bad pointer. I've distilled the section of picture-user bytes into a byte array within a test application to make this easily repeatable (attached).
Expected behavior: the library shouldn't segfault on bad slice data.
(gdb) bt
#0 xds_separator (vbi=0x2aaaaad4c010, buf=<value optimized out>)
at caption.c:665
#1 0x00002aaaaaacd579 in vbi_decode_caption (vbi=0x2aaaaad4c010,
line=<value optimized out>,
buf=0x7fffffffe128 "\277", <incomplete sequence \340>) at caption.c:1276
#2 0x00002aaaaaafc9d3 in vbi_decode (vbi=0x2aaaaad4c010,
sliced=0x7fffffffe120, lines=1, time=1.6200000000000012) at vbi.c:463
#3 0x0000000000400953 in Process () at xdssegfault.cpp:126
#4 0x00000000004009da in main (argc=1, argv=0x7fffffffe288)
at xdssegfault.cpp:147
Demo program to slice a static array of bytes and feed them to zvbi_decode
Range-check fix
It looks like there's a "Start Miscellaneous" XDS code in there with a sub-code of 0x18. As best as I can tell, 0x18 is illegal (they go up to 0x17). This is accessing an array element in cc->sub_packet[][] that is beyond the end of the array.