Mailing List archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-dvb] Re: Crashes in dvb_demux.c
Emard writes:
> [1 <text/plain; us-ascii (7bit)>]
> > I don't know exactly why it crashes for you (your dump rather
> > points to an out of bounds *buf I think) but ts_pid() can only return values
> > <=0x1fff. There should be no check needed.
>
> Neither do I, but it might be gcc optimizer bug.
> ts_pid returns u16 value, and gcc during optimization might
> have forgotten to extend it properly to 32 bits, what is
> required for index offset calculation.
> Perhaps declaring it u32 ts_pid(u8 *buf) would be sufficient.
Did you test printing out the value when it is >0x1fff?
Does it really happen?
Your ksymoops dump in your last mail seems to indicate that the oops
occurs when the second TS byte (lower 8 bit of PID) is fetched.
It is not when pid2feed[] is referenced.
Compare it to a disassembly of the demuxer object file.
> If you don't believe it could crash for me, edit your vpeirq/fidbirq
> and use dmapos[whatever] != 0x47 check and also offset dma pointer
> few bytes in advance dmapointer = (dmapointer + 441) % TS_BUFLEN, to
> see this and all the other crashes in matter of minutes or even seconds,
> depending on the transponder activity.
Hmmm, the:
if (dmapos >= TS_BUFLEN)
in fidb/vpeirq should maybe be:
if (dmapos > TS_BUFLEN)
This might explain some of the errors you get.
Ralph
--
Info:
To unsubscribe send a mail to listar@linuxtv.org with "unsubscribe linux-dvb" as subject.
Home |
Main Index |
Thread Index