GitHub
Moderator
[Scan] Fix N/A entries and use-after-free in SDT/VCT processing
Four fixes for the channel scan:
1. The found_existing loop in processSDT/processVCT matched services by
SID+Namespace+TSID+ONID without checking serviceType. This caused valid
entries with proper names to be erased and replaced during network scan
when the same service was encountered again. If the replacement SDT
section lacked a SERVICE_DESCRIPTOR, the name was lost (N/A). Fix: only
match when serviceType actually differs (the loop's original purpose).
2. Use-after-free: the debug print accessed sit->first.getServiceType()
after m_new_services.erase(sit). Fix: save old_type before erasing.
3. insertInto() unconditionally overwrote service/provider names in the
database, even with empty strings. When a channel list was already
installed and a scan didn't provide SDT in time, existing names were
replaced with empty strings, causing N/A entries. Fix: only overwrite
when the new name is non-empty.
4. The namespace collision detection threshold (diff > 0) was too sensitive.
calculateDifference() returns frequency+symbolrate deviation, so even
the same transponder with slightly different parameters from an installed
channel list triggered false collision detection, creating mismatched
service references. Fix: use diff >= 2000, consistent with sameChannel().
Both SDT and VCT processing blocks are fixed.
(cherry picked from commit 068455f489a8eeeeef63fbd2300ba378d118a177)
Continue reading...
Four fixes for the channel scan:
1. The found_existing loop in processSDT/processVCT matched services by
SID+Namespace+TSID+ONID without checking serviceType. This caused valid
entries with proper names to be erased and replaced during network scan
when the same service was encountered again. If the replacement SDT
section lacked a SERVICE_DESCRIPTOR, the name was lost (N/A). Fix: only
match when serviceType actually differs (the loop's original purpose).
2. Use-after-free: the debug print accessed sit->first.getServiceType()
after m_new_services.erase(sit). Fix: save old_type before erasing.
3. insertInto() unconditionally overwrote service/provider names in the
database, even with empty strings. When a channel list was already
installed and a scan didn't provide SDT in time, existing names were
replaced with empty strings, causing N/A entries. Fix: only overwrite
when the new name is non-empty.
4. The namespace collision detection threshold (diff > 0) was too sensitive.
calculateDifference() returns frequency+symbolrate deviation, so even
the same transponder with slightly different parameters from an installed
channel list triggered false collision detection, creating mismatched
service references. Fix: use diff >= 2000, consistent with sameChannel().
Both SDT and VCT processing blocks are fixed.
(cherry picked from commit 068455f489a8eeeeef63fbd2300ba378d118a177)
Continue reading...