Opened 11 years ago

Closed 10 years ago

#3417 closed defect (fixed)

r8865 crashes on sh4 stb

Reported by: Deas Owned by:
Priority: critical Component: Reader
Severity: Please fill in Keywords:
Cc: Sensitive: no

Description

unfortunately there is no working gdb available on sh4, but i tracked it down to the exact revision. r8864 is working, r8865 crashes very often when switching between channels. this is the last log entry when it happens (-d 255)

00:47:59 4E1420 c [EMM Filter] starting emm filter type GLOBAL, pid: 0x0258
00:47:59 4E1420 82 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00:47:59 4E1420 FF 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00:47:59 4E1420 c DEVICE open (/dev/dvb/adapter0/demux0) fd 11
00:47:59 4E1420 c [EMM Filter] starting emm filter type UNIQUE, pid: 0x0258
* glibc detected * /var/swap/oscam/oscam: free(): invalid next size (normal)
: 0x00506fe8 *

Change History (18)

comment:1 by Deas, 11 years ago

Summary: r8864 crashes on sh4 stbr8865 crashes on sh4 stb

comment:2 by theparasol, 11 years ago

For sure broken emm filter system for your cas.
What CAS is in use?

comment:3 by Deas, 11 years ago

irdeto (orf ice card)

comment:4 by Deas, 11 years ago

but when you fixed it for seca and i use irdeto all cas systems could be affected...

comment:5 by theparasol, 11 years ago

Hope this fixes it for all cas systems!

http://www.streamboard.tv/oscam/changeset/8872

comment:6 by lattjo, 11 years ago

No, no, no. That's not the way to do it.
Fixing a bug by writing hard to understand code is not good.

comment:7 by theparasol, 11 years ago

Not hard at all, only advance filter index if a new filter is added not before.
Hard too read due to !#$$%& my editor using tabs and all code written with spaces.

comment:8 by lattjo, 11 years ago

Count must of course be increased once for each filter, count != index.

comment:9 by theparasol, 11 years ago

filter idx is increased with each addition filter.
All filters for a card/reader start at idx 0, last filter is highest idx. So idx = count.
If no filters active, count/idx = 0 and filter[idx].enabled= 0

comment:10 by lattjo, 11 years ago

Yes, but not after your so called bugfixes. In that case the loops in oscam-emm.c and module-dvbapi.c loops out of bounds.
The real fix is to only add idx++ in reader-seca.c
Irdeto is another story, there it could be another bug.

If you need a more detailed explaination pm on streambord forum.

Last edited 11 years ago by lattjo (previous) (diff)

comment:11 by lattjo, 11 years ago

Irdeto problem fixed in r8875

comment:12 by lattjo, 11 years ago

One more fix for Seca in r8876, now the reader parts should be fixed.

comment:13 by theparasol, 11 years ago

Yes, seca working fine again. I did that idx++ too but somehow I complete overlooked the filter memory allocation and started to mess up the code since it still didnt work (sorry)

Anyway, I'm wondering if this is correct:

http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c#L731

Looks to me as a double idx increase, one from the for loop and one in de filters[idx++].enabled = 1
Isnt that going out of bounds too?

comment:14 by lattjo, 11 years ago

Now we are talking, fixed in r8877.
I'm sorry for messing up but it would been very hard to test all systems reliably.

Last edited 11 years ago by lattjo (previous) (diff)

comment:15 by theparasol, 11 years ago

Perhaps this code needs fixing too?

Similar for loop double idx++ here:

http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c?rev=8877#L783

Besides I mentioned that all cas have filters started on idx 0, but not for irdeto (?)
or is the increase of idx done after using idx for setting .enabled to zero?

http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c#L660

http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c#L777

Last edited 11 years ago by theparasol (previous) (diff)

comment:16 by lattjo, 11 years ago

Those are on purpose, to use the same memory-pointer for betatunneling.
I allocate memory for all filters (since I'm not sure if they can't co-exist ate the same time) and when called I disable/enable the respective filters.

comment:17 by theparasol, 11 years ago

Ok, but what about this for loop double idx++ here too:

http://www.streamboard.tv/oscam/browser/trunk/reader-irdeto.c?rev=8877#L783

comment:18 by Deas, 10 years ago

Resolution: fixed
Status: newclosed

as the main issue is fixed...

Note: See TracTickets for help on using tickets.