Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

servicemp3: remove dead code from getTrackInfo #3

Merged
merged 1 commit into from
Jul 26, 2015
Merged

servicemp3: remove dead code from getTrackInfo #3

merged 1 commit into from
Jul 26, 2015

Conversation

athoik
Copy link
Contributor

@athoik athoik commented Jul 24, 2015

No description provided.

littlesat added a commit that referenced this pull request Jul 26, 2015
@littlesat
Merge pull request #3 from athoik/remove_dead_code
8a70f71 
servicemp3: remove dead code from getTrackInfo
@littlesat littlesat merged commit 8a70f71 into OpenPLi:master Jul 26, 2015
@athoik athoik deleted the remove_dead_code branch July 26, 2015 12:47
eriksl added a commit that referenced this pull request Aug 5, 2016
@eriksl
JESS: patch #3, by adenin, "JESS part 2"
709909f 
This seems to add/change:

- Fix for Unicable tuning word calculation
- Merge some code paths in the user config code

Changed for OpenPLi:

- merge conflicts

Cherry-picked from Huevos/enigma2@63fe272
eriksl added a commit that referenced this pull request Aug 5, 2016
@eriksl
JESS: Cosmetic: remove ';' after break in #3.
9df256c
eriksl added a commit that referenced this pull request Aug 5, 2016
@eriksl
JESS: Cosmetic: add spaces around operators in #3.
88436a4
eriksl added a commit that referenced this pull request Aug 5, 2016
@eriksl
JESS: Cleanup debug if 1==1 statement in #3.
dea6d32
@rocco99222 rocco99222 mentioned this pull request Dec 18, 2016
Closed
athoik added a commit that referenced this pull request Apr 5, 2020
@athoik
console: fix heap-buffer-overflow on readyRead
d9ae3d9 
This commit fixes a heap-buffer-overflow found using ASAN.
Same issue also seens to occur on readyErrRead, so fix it there as well.

In order to verify that console is not breaking after this commit
a random file was written to stdout using cat.
The file was written to another file and hashes where same on input
file and on output file. That seems enough as a test schenario.
Input file can be created using command: dd if=/dev/urandom of=/tmp/in.dat bs=1 count=1024

        def yellow(self):
                self.container = eConsoleAppContainer()
                self.container.appClosed.append(self.finish)
                self.container.stdoutAvail.append(self.write)
                self.container.setBufferSize(1024)
                catargs = ['/bin/cat', '/tmp/in.dat']
                self.container.execute('/bin/cat', *catargs)

        def finish(self, retval=None):
                self.container.kill()

        def write(self, data):
                file = open('/tmp/out.dat', 'ab')
                file.write(data)
                file.close()

The full error from ASAN follows:
=================================================================
==1014==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x9e176400 at pc 0x00093b98 bp 0xbe9ca384 sp 0xbe9ca37c
WRITE of size 1 at 0x9e176400 thread T0
    #0 0x93b94 in eConsoleAppContainer::readyRead(int) ../../git/lib/base/console.cpp:242
    #1 0x9d1f8 in sigc::bound_mem_functor1<void, eConsoleAppContainer, int>::operator()(int const&) const /usr/include/sigc++-2.0/sigc++/functors/mem_fun.h:2066
    #2 0x9bafc in sigc::adaptor_functor<sigc::bound_mem_functor1<void, eConsoleAppContainer, int> >::deduce_result_type<int const&, void, void, void, void, void, void>::type sigc::adaptor_functor<sigc::bound_mem_functor1<void, eConsoleAppContainer, int> >::operator()<int const&>(int const&) const /usr/include/sigc++-2.0/sigc++/adaptors/adaptor_trait.h:89
    #3 0x99878 in sigc::internal::slot_call<sigc::bound_mem_functor1<void, eConsoleAppContainer, int>, void, int>::call_it(sigc::internal::slot_rep*, int const&) /usr/include/sigc++-2.0/sigc++/functors/slot.h:451
    #4 0x9ae0c in sigc::internal::signal_emit1<void, int, sigc::nil>::emit(sigc::internal::signal_impl*, int const&) /usr/include/sigc++-2.0/sigc++/signal.h:1041
    #5 0x98f68 in sigc::signal1<void, int, sigc::nil>::emit(int const&) const /usr/include/sigc++-2.0/sigc++/signal.h:2951
    #6 0x97854 in sigc::signal1<void, int, sigc::nil>::operator()(int const&) const /usr/include/sigc++-2.0/sigc++/signal.h:2967
    #7 0x95cac in PSignal1<void, int>::operator()(int) ../../git/lib/python/connections.h:67
    #8 0xaaef4 in eSocketNotifier::activate(int) ../../git/lib/base/ebase.h:157
    #9 0xaf070 in eMainloop::processOneEvent(long, _object**, ePyObject) ../../git/lib/base/ebase.cpp:273
    #10 0xafeb8 in eMainloop::iterate(unsigned int, _object**, ePyObject) ../../git/lib/base/ebase.cpp:352
    #11 0xb0400 in eMainloop::poll(ePyObject, ePyObject) ../../git/lib/base/ebase.cpp:379
    #12 0x7446d4 in _wrap_eMainloop_poll python/enigma_python.cpp:5964

0x9e176400 is located 0 bytes to the right of 32768-byte region [0x9e16e400,0x9e176400)
allocated by thread T0 here:
    #0 0xb6a290a0 in operator new(unsigned int) (/usr/lib/libasan.so.5+0x1030a0)
    #1 0x63560 in __gnu_cxx::new_allocator<char>::allocate(unsigned int, void const*) /usr/include/c++/9.2.0/ext/new_allocator.h:114
    #2 0x624c0 in std::allocator_traits<std::allocator<char> >::allocate(std::allocator<char>&, unsigned int) /usr/include/c++/9.2.0/bits/alloc_traits.h:444
    #3 0x63ce4 in std::_Vector_base<char, std::allocator<char> >::_M_allocate(unsigned int) /usr/include/c++/9.2.0/bits/stl_vector.h:343
    #4 0x62d38 in std::vector<char, std::allocator<char> >::_M_default_append(unsigned int) /usr/include/c++/9.2.0/bits/vector.tcc:635
    #5 0x619e8 in std::vector<char, std::allocator<char> >::resize(unsigned int) /usr/include/c++/9.2.0/bits/stl_vector.h:937
    #6 0x91bbc in eConsoleAppContainer::setBufferSize(int) ../../git/lib/base/console.cpp:90
    #7 0x73d040 in eConsolePy_setBufferSize python/enigma_python.cpp:4913
    #8 0xb603b728 in PyEval_EvalFrameEx (/usr/lib/libpython2.7.so.1.0+0xd9728)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../../git/lib/base/console.cpp:242 in eConsoleAppContainer::readyRead(int)
Shadow bytes around the buggy address:
  0x33c2ec30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x33c2ec40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x33c2ec50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x33c2ec60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x33c2ec70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x33c2ec80:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x33c2ec90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x33c2eca0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x33c2ecb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x33c2ecc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x33c2ecd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==1014==ABORTING
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@athoik @littlesat