Audit round 3: ST/TOT/SAT-PID wire fixes, CRC-8 HEM cleanup, reassembler resync#3
Merged
Conversation
…assembler resync
Verified against the vendored PDFs before changing tested code.
dvb-si tables:
- St: accept any data_byte per §5.2.8 PDF prose ('may take any value and has
no meaning') — was rejecting real-world 0xFF stuffing fill
- Tot: serialize SSI=0 per §5.2.6 PDF prose ('shall be set to 0b0'; the TOT
exception — SSI=0 yet CRC_32 present); doc warning re Section short-form path
- Sat: PID 0x0010 → 0x001B (EN 300 468 Table 1); pid::well_known::SAT added
- Cat: keep descriptor loop raw for round-trip; ca_descriptors() typed view
- Cit: drop desyncable prepend_strings_length (derived, guarded ≤255)
- Bat: drop lone in-parse CRC verify — Section::validate_crc owns CRC
- Nit/Bat: need/have swapped in per-entry BufferTooShort
- dsmcc: document SSI/short-form limitation
dvb-si descriptors/docs:
- §-cites: bouquet_name 6.2.6, network_name 6.2.28, parental_rating 6.2.30,
service_list 6.2.36, stream_identifier 6.2.41
- descriptors/mod.rs: doc no longer overstates the Descriptor enum (4 typed
variants, not a full dispatcher); stale design-doc path removed
- remove dead smallvec/rayon features (advertised, never implemented)
- README dep snippet uses dash crate name; SDT example self-contained
dvb-bbframe:
- remove fictitious 'HEM CRC-8 init=0xB5' (length-9 coincidence): parse now
uses the §5.1.7 formula crc8 XOR MODE; Crc8Mismatch variant was unreachable
by construction and is removed; InvalidMode is the spec's integrity signal
dvb-t2mi:
- PacketReassembler: pointer_field now authoritative — corrupt-length partial
dropped at next PUSI (resync test), pointer-past-end drops sync; unused pid
param removed from feed()
- Header::payload_bytes() accessor added (README promised it; revives
PayloadLengthMismatch); serialize guards for p2_bias 15-bit +
fef_null/fef_iq s2_field; RFU policy documented in lib.rs
- docs: Table 13 garbled-extraction warning; timestamp layout completes
Cross-cutting:
- serde tests added for t2mi (header + 4 payloads) and bbframe (Bbheader,
Issy); dvb-si serde test now covers all 22 tables
- [package.metadata.docs.rs] all-features on all four crates
- .gitignore: drop stale Cargo.lock line (lock is committed), ignore audit venv
All gates green: tests (stable + MSRV 1.75), clippy -D warnings, --locked.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Third full adversarial audit (4 parallel auditors). All previously-fixed areas held; new findings fixed here — the notable wire-level ones verified against the vendored PDFs first:
crc8 XOR MODE; unreachableCrc8MismatchremovedPlus: CAT round-trip preservation, CIT length-field desync removal, BAT CRC-contract consistency, dead smallvec/rayon features removed, serde test coverage completed across all three crates, docs.rs metadata, and a tail of doc-cite fixes.
🤖 Generated with Claude Code