Project

General

Profile

Bug #5844

Invalid value in duration field of recording will crash TVH

Added by Hiro Protagonist 9 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Crashes
Target version:
-
Start date:
2020-01-13
Due date:
% Done:

0%

Estimated time:
Found in version:
4.3
Affected Versions:

Description

Recently I recorded 6 programs which had the following entry in the log file:

"duration": 3746854690,

No problems arose subsequently until I restarted tvheadend. After that tvheadend would crash whenever a client with dvr access other than 'basic' or 'htsp' would connect.

Core dump showed:

#0 __GI_raise ([email protected]=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x74f9e824 in __GI_abort () at abort.c:89
#2 0x0055cbb4 in htsmsg_binary_write (
ptr=0x4 <error: Cannot access memory at address 0x4>,
[email protected]=0x6ef006f7 "\003\004", msg=<optimized out>)
at src/htsmsg_binary.c:258
#3 0x0055cb68 in htsmsg_binary_write (ptr=0x6ef006f7 "\003\004",
[email protected]=0x6ef006f1 "\001", msg=<optimized out>)
at src/htsmsg_binary.c:275
#4 0x0055cb68 in htsmsg_binary_write (ptr=0x6ef006f1 "\001",
[email protected]=0x6ef0068e "\003\b", msg=<optimized out>)
at src/htsmsg_binary.c:275
#5 0x0055cb68 in htsmsg_binary_write (ptr=0x6ef0068e "\003\b",
[email protected]=0x6ef00688 "\001", msg=<optimized out>)
at src/htsmsg_binary.c:275
#6 0x0055cb68 in htsmsg_binary_write (ptr=0x6ef00688 "\001",
[email protected]=0x6ef00474 "\002\002", msg=<optimized out>)
at src/htsmsg_binary.c:275
#7 0x0055ccac in htsmsg_binary_serialize (msg=<optimized out>,
[email protected]=0x644f0820, [email protected]=0x644f0824,
[email protected]=2147483647) at src/htsmsg_binary.c:324
#8 0x00551030 in htsp_write_scheduler (aux=0x64cf16a8)
at src/htsp_server.c:3226
#9 0x00528c28 in thread_wrapper (p=0x6e5008f8) at src/wrappers.c:159
#10 0x7514cfc4 in start_thread (arg=0x644f0ef0) at pthread_create.c:458
#11 0x75043038 in ?? () at ../sysdeps/unix/sysv/linux/arm/clone.S:76
from /lib/arm-linux-gnueabihf/libc.so.6

The problem was due to a HMF_DBL field being sent to htsmsg_binary_write(),
which results in an abort() as HMF_DBL is not handled by switch(f->hmf_type).

Ideally, TVH should not be writing values to files that will cause it to crash when read back.

I'm running 4.3 compiled locally. The problem was the same when I tried running 4.3-1857~g221c29b40~raspbianbuster_armhf.deb

Also available in: Atom PDF