Opened 11 years ago
Closed 10 years ago
#3417 closed defect (fixed)
r8865 crashes on sh4 stb
Reported by: | Deas | Owned by: | |
---|---|---|---|
Priority: | critical | Component: | Reader |
Severity: | Please fill in | Keywords: | |
Cc: | Sensitive: | no |
Description
unfortunately there is no working gdb available on sh4, but i tracked it down to the exact revision. r8864 is working, r8865 crashes very often when switching between channels. this is the last log entry when it happens (-d 255)
00:47:59 4E1420 c [EMM Filter] starting emm filter type GLOBAL, pid: 0x0258
00:47:59 4E1420 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00:47:59 4E1420 FF 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00:47:59 4E1420 c DEVICE open (/dev/dvb/adapter0/demux0) fd 11
00:47:59 4E1420 c [EMM Filter] starting emm filter type UNIQUE, pid: 0x0258
* glibc detected * /var/swap/oscam/oscam: free(): invalid next size (normal)
: 0x00506fe8 *
Change History (18)
comment:1 by , 11 years ago
Summary: | r8864 crashes on sh4 stb → r8865 crashes on sh4 stb |
---|
comment:2 by , 11 years ago
comment:4 by , 11 years ago
but when you fixed it for seca and i use irdeto all cas systems could be affected...
comment:6 by , 11 years ago
No, no, no. That's not the way to do it.
Fixing a bug by writing hard to understand code is not good.
comment:7 by , 11 years ago
Not hard at all, only advance filter index if a new filter is added not before.
Hard too read due to !#$$%& my editor using tabs and all code written with spaces.
comment:9 by , 11 years ago
filter idx is increased with each addition filter.
All filters for a card/reader start at idx 0, last filter is highest idx. So idx = count.
If no filters active, count/idx = 0 and filter[idx].enabled= 0
comment:10 by , 11 years ago
Yes, but not after your so called bugfixes. In that case the loops in oscam-emm.c and module-dvbapi.c loops out of bounds.
The real fix is to only add idx++ in reader-seca.c
Irdeto is another story, there it could be another bug.
If you need a more detailed explaination pm on streambord forum.
comment:13 by , 11 years ago
Yes, seca working fine again. I did that idx++ too but somehow I complete overlooked the filter memory allocation and started to mess up the code since it still didnt work (sorry)
Anyway, I'm wondering if this is correct:
http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c#L731
Looks to me as a double idx increase, one from the for loop and one in de filters[idx++].enabled = 1
Isnt that going out of bounds too?
comment:14 by , 11 years ago
Now we are talking, fixed in r8877.
I'm sorry for messing up but it would been very hard to test all systems reliably.
comment:15 by , 11 years ago
Perhaps this code needs fixing too?
Similar for loop double idx++ here:
http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c?rev=8877#L783
Besides I mentioned that all cas have filters started on idx 0, but not for irdeto (?)
or is the increase of idx done after using idx for setting .enabled to zero?
http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c#L660
http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c#L777
comment:16 by , 11 years ago
Those are on purpose, to use the same memory-pointer for betatunneling.
I allocate memory for all filters (since I'm not sure if they can't co-exist ate the same time) and when called I disable/enable the respective filters.
comment:17 by , 11 years ago
Ok, but what about this for loop double idx++ here too:
http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c?rev=8877#L783
For sure broken emm filter system for your cas.
What CAS is in use?