2015-12-05, 01:51
(2015-11-29, 23:56)Milhouse Wrote:(2015-11-29, 23:28)nalor Wrote: Can you tell what kind of problems appeared with libaacs? I couldn't find anything here in this thread nor in the RaspberryPi section here in the forum - I only noticed that libaacs got removed beginning with build #1010 and the comment 'disable libaacs as this seems to be responsible for BD ISO crashes' - but couldn't find details about this issue.
https://github.com/OpenELEC/OpenELEC.tv/pull/4378
Today I've found time to play with the iso I've got from Milhouse and fix the main problem in libaacs - basically it is that this disc is simply not a valid bluray... there are a couple of things really strange in the aacs directory:
# MKB_RW.inf is completely filled with 00
# MKB_RO.inf is completely filled with 00
So I'm 100% sure this disc isn't an image of a real bluray - but nevertheless libaacs shouldn't lock up even if the disc is somewhat strange
When libaacs tries to read records from the file 'MKB_RO.inf' it is done this way:
Code:
while (pos + 4 <= mkb->size) {
len = MKINT_BE24(mkb->buf + pos + 1);
(....)
pos += len;
}So when all values in the source file are 0, the variable 'len' will also be always 0 and in fact we're getting an endless loop and this is the reason for the lockup.
To fix this I've included a check if len=0 and 'break' the loop if this condition is detected. Finally I had to adjust a few followup procedures that don't expect that this main procedure might fail.. but in the end there's no lockup any longer.
Here's the diff that can be applied to the file mkb.c from the libaacs-0.8.1 source (I've never created a diff before - hopefully it's useable this way):
Code:
--- mkb_orig.c 2015-12-04 22:40:48.644390058 +0100
+++ mkb.c 2015-12-05 00:34:27.272274520 +0100
@@ -48,6 +48,13 @@
return mkb->buf + pos;
}
+ if (len == 0) {
+ BD_DEBUG(DBG_MKB, "Couldn't retrieve MKB record 0x%02x - len=0 error detected (%p)\n", type,
+ (void*)(mkb->buf + pos));
+
+ break;
+ }
+
pos += len;
}
@@ -114,6 +121,9 @@
{
const uint8_t *rec = _record(mkb, 0x10, NULL);
+ if (!rec) {
+ return 0;
+ }
return MKINT_BE32(rec + 4);
}
@@ -121,6 +131,9 @@
{
const uint8_t *rec = _record(mkb, 0x10, NULL);
+ if (!rec) {
+ return 0;
+ }
return MKINT_BE32(rec + 8);
}
@@ -136,6 +149,9 @@
{
const uint8_t *rec = _record(mkb, 0x21, len);
+ if (!rec) {
+ return NULL;
+ }
if (rec) {
rec += 4;
*len -= 4;
@@ -148,6 +164,9 @@
{
const uint8_t *rec = _record(mkb, 0x20, len);
+ if (!rec) {
+ return NULL;
+ }
if (rec) {
rec += 4;
*len -= 4;
@@ -159,6 +178,10 @@
const uint8_t *mkb_subdiff_records(MKB *mkb, size_t *len)
{
const uint8_t *rec = _record(mkb, 0x04, len) + 4;
+
+ if (!rec) {
+ return NULL;
+ }
*len -= 4;
return rec;
@@ -167,6 +190,10 @@
const uint8_t *mkb_cvalues(MKB *mkb, size_t *len)
{
const uint8_t *rec = _record(mkb, 0x05, len) + 4;
+
+ if (!rec) {
+ return NULL;
+ }
*len -= 4;
return rec;
@@ -180,6 +207,10 @@
const uint8_t *mkb_signature(MKB *mkb, size_t *len)
{
const uint8_t *rec = _record(mkb, 0x02, len);
+
+ if (!rec) {
+ return NULL;
+ }
*len -= 4;
return rec + 4;
@@ -242,3 +273,4 @@
return -1;
}
+Is it possible to give it another try with this fix applied and reenable libaacs support?
