From 3db2d636b2757326323418b5293ebc7307bf161d Mon Sep 17 00:00:00 2001
From: Klaus Schmidinger <kls (at) cadsoft (dot) de>
Date: Wed, 30 Jan 2002 18:00:00 +0100
Subject: Version 0.99pre4 - Fixed handling improperly formatted EIT data
(thanks to Rolf Hakenes).
---
HISTORY | 4 ++++
config.h | 4 ++--
libdtv/libsi/include/libsi.h | 34 ++++++++++++++++++++++++----------
libdtv/libsi/si_parser.c | 28 +++++++++++++++-------------
4 files changed, 45 insertions(+), 25 deletions(-)
diff --git a/HISTORY b/HISTORY
index 819a9f4..a2c2e41 100644
--- a/HISTORY
+++ b/HISTORY
@@ -926,3 +926,7 @@ Video Disk Recorder Revision History
- Fixed handling improper buffer lengths in the EIT parser (thanks to Deti
Fliegl).
+
+2002-01-30: Version 0.99pre4
+
+- Fixed handling improperly formatted EIT data (thanks to Rolf Hakenes).
diff --git a/config.h b/config.h
index 189390a..42f7337 100644
--- a/config.h
+++ b/config.h
@@ -4,7 +4,7 @@
* See the main source file 'vdr.c' for copyright information and
* how to reach the author.
*
- * $Id: config.h 1.89 2002/01/29 21:53:32 kls Exp $
+ * $Id: config.h 1.90 2002/01/30 18:30:03 kls Exp $
*/
#ifndef __CONFIG_H
@@ -18,7 +18,7 @@
#include "eit.h"
#include "tools.h"
-#define VDRVERSION "0.99pre3"
+#define VDRVERSION "0.99pre4"
#define MAXPRIORITY 99
#define MAXLIFETIME 99
diff --git a/libdtv/libsi/include/libsi.h b/libdtv/libsi/include/libsi.h
index 29079b1..366387a 100644
--- a/libdtv/libsi/include/libsi.h
+++ b/libdtv/libsi/include/libsi.h
@@ -4,8 +4,8 @@
/// ///
//////////////////////////////////////////////////////////////
-// $Revision: 1.4 $
-// $Date: 2001/10/07 10:24:46 $
+// $Revision: 1.6 $
+// $Date: 2002/01/30 17:04:13 $
// $Author: hakenes $
//
// (C) 2001 Rolf Hakenes <hakenes@hippomi.de>, under the GNU GPL.
@@ -32,6 +32,8 @@
#include <sys/types.h>
#include <asm/types.h>
+#define dvb_pid_t int
+
/* Program Identifier */
@@ -274,7 +276,7 @@ struct Pid {
struct PidInfo {
struct NODE Node;
int StreamType;
- int ElementaryPid;
+ dvb_pid_t ElementaryPid;
struct LIST *Descriptors;
};
@@ -283,7 +285,7 @@ struct PidInfo {
{ \
xCreateNode (pidinfo, NULL); \
pidinfo->StreamType = styp; \
- pidinfo->ElementaryPid = epid; \
+ pidinfo->ElementaryPid = (dvb_pid_t) epid; \
pidinfo->Descriptors = xNewList (NULL); \
} while (0)
@@ -418,7 +420,9 @@ struct BouquetNameDescriptor {
#define CreateBouquetNameDescriptor(descr, text) \
do \
{ \
- xCreateNode (((struct BouquetNameDescriptor *)descr), text); \
+ xCreateNode (((struct BouquetNameDescriptor *)descr), NULL); \
+ ((struct NODE *)descr)->Name = text; \
+ ((struct NODE *)descr)->HashKey = xHashKey (text); \
((struct BouquetNameDescriptor *)descr)->Tag = DESCR_BOUQUET_NAME; \
} while (0)
@@ -613,7 +617,9 @@ struct ServiceDescriptor {
#define CreateServiceDescriptor(descr, styp, prov, name) \
do \
{ \
- xCreateNode (((struct ServiceDescriptor *)descr), name); \
+ xCreateNode (((struct ServiceDescriptor *)descr), NULL); \
+ ((struct NODE *)descr)->Name = name; \
+ ((struct NODE *)descr)->HashKey = xHashKey (name); \
((struct ServiceDescriptor *)descr)->Tag = DESCR_SERVICE; \
((struct ServiceDescriptor *)descr)->ServiceType = styp; \
((struct ServiceDescriptor *)descr)->ServiceProvider = prov; \
@@ -678,7 +684,9 @@ struct ComponentDescriptor {
#define CreateComponentDescriptor(descr, scnt, ctyp, tag, lc1, lc2, lc3, txt) \
do \
{ \
- xCreateNode (((struct ComponentDescriptor *)descr), txt); \
+ xCreateNode (((struct ComponentDescriptor *)descr), NULL); \
+ ((struct NODE *)descr)->Name = txt; \
+ ((struct NODE *)descr)->HashKey = xHashKey (txt); \
((struct ComponentDescriptor *)descr)->Tag = DESCR_COMPONENT; \
((struct ComponentDescriptor *)descr)->StreamContent = scnt; \
((struct ComponentDescriptor *)descr)->ComponentType = ctyp; \
@@ -735,7 +743,9 @@ struct ExtendedEventDescriptor {
#define CreateExtendedEventDescriptor(descr, dnum, ldnb, lc1, lc2, lc3, text) \
do \
{ \
- xCreateNode (((struct ExtendedEventDescriptor *)descr), text); \
+ xCreateNode (((struct ExtendedEventDescriptor *)descr), NULL); \
+ ((struct NODE *)descr)->Name = text; \
+ ((struct NODE *)descr)->HashKey = xHashKey (text); \
((struct ExtendedEventDescriptor *)descr)->Tag = DESCR_EXTENDED_EVENT; \
((struct ExtendedEventDescriptor *)descr)->DescriptorNumber = dnum; \
((struct ExtendedEventDescriptor *)descr)->LastDescriptorNumber = ldnb; \
@@ -754,7 +764,9 @@ struct ExtendedEventItem {
#define CreateExtendedEventItem(itm, dtxt, text) \
do \
{ \
- xCreateNode (itm, dtxt); \
+ xCreateNode (itm, NULL); \
+ ((struct NODE *)itm)->Name = dtxt; \
+ ((struct NODE *)itm)->HashKey = xHashKey (dtxt); \
itm->Text = text; \
} while (0)
@@ -822,7 +834,9 @@ struct ShortEventDescriptor {
#define CreateShortEventDescriptor(descr, name, lc1, lc2, lc3, text) \
do \
{ \
- xCreateNode (((struct ShortEventDescriptor *)descr), name); \
+ xCreateNode (((struct ShortEventDescriptor *)descr), NULL); \
+ ((struct NODE *)descr)->Name = name; \
+ ((struct NODE *)descr)->HashKey = xHashKey (name); \
((struct ShortEventDescriptor *)descr)->Tag = DESCR_SHORT_EVENT; \
((struct ShortEventDescriptor *)descr)->LanguageCode[0] = lc1; \
((struct ShortEventDescriptor *)descr)->LanguageCode[1] = lc2; \
diff --git a/libdtv/libsi/si_parser.c b/libdtv/libsi/si_parser.c
index e6ca525..063d93e 100644
--- a/libdtv/libsi/si_parser.c
+++ b/libdtv/libsi/si_parser.c
@@ -4,8 +4,8 @@
/// ///
//////////////////////////////////////////////////////////////
-// $Revision: 1.4 $
-// $Date: 2001/10/07 10:24:46 $
+// $Revision: 1.6 $
+// $Date: 2002/01/30 17:04:13 $
// $Author: hakenes $
//
// (C) 2001 Rolf Hakenes <hakenes@hippomi.de>, under the GNU GPL.
@@ -119,7 +119,8 @@ struct Pid *siParsePMT (u_char *Buffer)
CreatePid (Pid, ProgramID, PcrID, PmtVersion);
- siParseDescriptors (Pid->Descriptors, Ptr, ProgramInfoLength, Pmt->table_id);
+ if (StreamLength >= 0) siParseDescriptors (Pid->Descriptors, Ptr,
+ ProgramInfoLength, Pmt->table_id);
Ptr += ProgramInfoLength;
@@ -209,6 +210,8 @@ struct LIST *siParseSDT (u_char *Buffer)
SetPresentFollowing (Service->Status);
LoopLength = HILO (SdtDescriptor->descriptors_loop_length);
+ if (LoopLength > SectionLength - SDT_DESCR_LEN)
+ return (ServiceList);
Ptr += SDT_DESCR_LEN;
siParseDescriptors (Service->Descriptors, Ptr, LoopLength, Sdt->table_id);
@@ -297,6 +300,8 @@ struct LIST *siParseEIT (u_char *Buffer)
Event->Duration = BcdTimeToSeconds (EitEvent->duration);
LoopLength = HILO (EitEvent->descriptors_loop_length);
+ if (LoopLength > SectionLength - EIT_EVENT_LEN)
+ return (EventList);
Ptr += EIT_EVENT_LEN;
siParseDescriptors (Event->Descriptors, Ptr, LoopLength, Eit->table_id);
@@ -349,6 +354,8 @@ void siParseDescriptors (struct LIST *Descriptors, u_char *Buffer,
while (DescriptorLength < Length)
{
+ if ((GetDescriptorLength (Ptr) > Length - DescriptorLength) ||
+ (GetDescriptorLength (Ptr) <= 0)) return;
switch (TableID)
{
case TID_NIT_ACT: case TID_NIT_OTH:
@@ -554,7 +561,6 @@ void siParseDescriptor (struct LIST *Descriptors, u_char *Buffer)
Text = siGetDescriptorText (Buffer + DESCR_BOUQUET_NAME_LEN,
GetDescriptorLength (Buffer) - DESCR_BOUQUET_NAME_LEN);
CreateBouquetNameDescriptor (Descriptor, Text);
-// xMemFree (Text);
break;
case DESCR_COMPONENT:
@@ -567,7 +573,6 @@ void siParseDescriptor (struct LIST *Descriptors, u_char *Buffer)
CastComponentDescriptor(Buffer)->lang_code1,
CastComponentDescriptor(Buffer)->lang_code2,
CastComponentDescriptor(Buffer)->lang_code3, Text);
-// xMemFree (Text);
break;
case DESCR_SERVICE:
@@ -579,7 +584,6 @@ void siParseDescriptor (struct LIST *Descriptors, u_char *Buffer)
CastServiceDescriptor(Buffer)->provider_name_length)));
CreateServiceDescriptor (Descriptor,
CastServiceDescriptor(Buffer)->service_type, Text, Text2);
-// xMemFree (Text2);
break;
case DESCR_COUNTRY_AVAIL:
@@ -603,7 +607,6 @@ void siParseDescriptor (struct LIST *Descriptors, u_char *Buffer)
CastShortEventDescriptor(Buffer)->lang_code1,
CastShortEventDescriptor(Buffer)->lang_code2,
CastShortEventDescriptor(Buffer)->lang_code3, Text2);
-// xMemFree (Text);
break;
case DESCR_EXTENDED_EVENT:
@@ -617,10 +620,9 @@ void siParseDescriptor (struct LIST *Descriptors, u_char *Buffer)
CastExtendedEventDescriptor(Buffer)->lang_code1,
CastExtendedEventDescriptor(Buffer)->lang_code2,
CastExtendedEventDescriptor(Buffer)->lang_code3, Text);
-// xMemFree (Text);
Length = CastExtendedEventDescriptor(Buffer)->length_of_items;
Ptr += DESCR_EXTENDED_EVENT_LEN;
- while (Length > 0)
+ while ((Length > 0) && (Length < GetDescriptorLength (Buffer)))
{
Text = siGetDescriptorText (Ptr + ITEM_EXTENDED_EVENT_LEN,
CastExtendedEventItem(Ptr)->item_description_length);
@@ -629,7 +631,6 @@ void siParseDescriptor (struct LIST *Descriptors, u_char *Buffer)
*((u_char *)(Ptr + ITEM_EXTENDED_EVENT_LEN +
CastExtendedEventItem(Ptr)->item_description_length)));
AddExtendedEventItem (Descriptor, Text2, Text);
-// xMemFree (Text2);
Length -= ITEM_EXTENDED_EVENT_LEN + CastExtendedEventItem(Ptr)->item_description_length +
*((u_char *)(Ptr + ITEM_EXTENDED_EVENT_LEN +
CastExtendedEventItem(Ptr)->item_description_length)) + 1;
@@ -760,7 +761,7 @@ void siParseDescriptor (struct LIST *Descriptors, u_char *Buffer)
ASVC_FLAG, CastAc3Descriptor(Buffer)->asvc); }
Length -= DESCR_AC3_LEN;
Ptr += DESCR_AC3_LEN;
- if (Length) AddAc3AdditionalData (Descriptor, Ptr, Length);
+ if (Length > 0) AddAc3AdditionalData (Descriptor, Ptr, Length);
break;
case DESCR_SUBTITLING:
@@ -843,6 +844,8 @@ char *siGetDescriptorText (u_char *Buffer, int Length)
char *tmp, *result;
int i;
+ if ((Length < 0) || (Length > 4095))
+ return (xSetText ("text error"));
if (*Buffer == 0x05 || (*Buffer >= 0x20 && *Buffer <= 0xff))
{
xMemAlloc (Length+1, &result);
@@ -852,9 +855,8 @@ char *siGetDescriptorText (u_char *Buffer, int Length)
if (*Buffer == 0) break;
if ((*Buffer >= ' ' && *Buffer <= '~') ||
- (*Buffer == '\n') ||
(*Buffer >= 0xa0 && *Buffer <= 0xff)) *tmp++ = *Buffer;
- if (*Buffer == 0x8A) *tmp++ = '\n';
+ if (*Buffer == 0x8A || *Buffer == '\n') *tmp++ = '\n';
if (*Buffer == 0x86 || *Buffer == 0x87) *tmp++ = ' ';
Buffer++;
}
--
cgit v1.2.3