Fixed Issue #147. #154
Merged
Fixed Issue #147. #154
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When requesting resend of packets a lot, iOS sometimes sends a packet with type 0x56 (Reply to resend request), but with sequence number 0 and length == 4. This short length leads to memory corruption later on when processing the packet: alac_decode() expects at least 16 bytes for AES IV. Therefore the segfault. This fix ignores packets with length < 16, as seen in another implementation here: http://fossies.org/dox/mythtv-0.25.1/mythraopconnection_8cpp_source.html#l00555 Please be aware that this just fixes the segfault. The suspicious packet seems to be an information of an out of sync situation, so it may deserve further attention. Signed-off-by: Gregor Fabritius <gre@g0r.de>
The packet type 0x56, sequence number 0, containing 4 bytes (the first two are the sequence number of the previously requested packet) initiates a resync. Not sure what this packet is supposed to do, but it occurs after heavy requesting resending of packets. Seems to be an out of sync situation, so resyncing is not the worst idea. Signed-off-by: Gregor Fabritius <gre@g0r.de>
|
Thanks for the patch! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When requesting resend of packets a lot, iOS sometimes sends a packet with type 0x56 (Reply to resend request), but with sequence number 0 and length == 4. This short length leads to memory corruption later on when processing the packet: alac_decode() expects at least 16 bytes for AES IV. Therefore the segfault.
This fix ignores packets with length < 16, as seen in another implementation here:
http://fossies.org/dox/mythtv-0.25.1/mythraopconnection_8cpp_source.html#l00555
Please be aware that this just fixes the segfault. The suspicious packet seems to be an information of an out of sync situation, so it may deserve further attention.
Signed-off-by: Gregor Fabritius gre@g0r.de