[linux-dvb] Re: CRC32 errors in sections

[Jeremy Hall <jhall@maoz.com>]

In the new year, Holger Waechtler wrote:
> 
> Jeremy Hall wrote:
> > In the new year, Holger Waechtler wrote:
> > 
> >>Jeremy Hall wrote:
> >>>When the driver gives you a section, does it at least 
> >>>sanity check the seclen to determine if it will make a memory out of 
> >>>bounds problem so it won't happily overwrite other memory?
> >>
> >>The read() function call will never read more bytes than you specified 
> >>in the argument, so you'll never overwrite more memory than you passed 
> >>as read()-buffer.
> >>
> > 
> > Is it a mmap'd read and you're actually accessing the incoming buffer, or 
> > does the driver copy a section to you? This question relates to the driver 
> > copying that data to userspace--how does it know how much to copy.  If the 
> > seclen is not correct, can the driver trash its memory structures?
> 
> no. If this happens you definitely found a driver bug.
> 
Well, to put it another way, when the userspace program requests a section 
filter, and starts it, what exactly does the driver prepare for it? The 
user gets the section length from the second and third bytes of the 
section.  If those are corrupt, and they are still less than the buffer 
size, the userspace application will read however much data it was told to 
read, we can't recover from that.  Then when we've read part way into 
another section, how do we get resynched with section boundaries?

If they are corrupt and larger than the userspace buffer size, how does 
the userspace program know how far to read ahead to find the next section? 
If CRC failure is detected, is it best to close and reopen the filter?

_J

> Holger
> 



-- 
Info:
To unsubscribe send a mail to listar@linuxtv.org with "unsubscribe linux-dvb" as subject.