Skip to content

FIX: Flush pending EIT sections in EPG_free() before freeing buffers#2166

Open
Varadraj75 wants to merge 1 commit intoCCExtractor:masterfrom
Varadraj75:fix/eit-epg-buffer-flush
Open

FIX: Flush pending EIT sections in EPG_free() before freeing buffers#2166
Varadraj75 wants to merge 1 commit intoCCExtractor:masterfrom
Varadraj75:fix/eit-epg-buffer-flush

Conversation

@Varadraj75
Copy link
Contributor

@Varadraj75 Varadraj75 commented Mar 2, 2026

In raising this pull request, I confirm the following (please check boxes):

  • I have read and understood the contributors guide.
  • I have checked that another pull request for this purpose does not exist.
  • I have considered, and confirmed that this submission will be valuable to others.
  • I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  • I give this submission freely, and claim no ownership to its content.
  • I have mentioned this change in the changelog.

My familiarity with the project is as follows (check one):

  • I have never used CCExtractor.
  • I have used CCExtractor just a couple of times.
  • I absolutely love CCExtractor, but have not contributed previously.
  • I am an active contributor to CCExtractor.

Summary

Fixes #2165 — the last EIT section in any stream was silently discarded.

Root Cause

parse_EPG_packet() accumulates TS packets into epg_buffers[] and only
calls EPG_parse_table() when a new section starts (payload_start_indicator=1).
This means the last accumulated section is never parsed — there is no
following packet to trigger the flush.

EPG_free() then freed the buffers without processing them, silently
discarding the last EIT section in every stream.

Fix

EPG_free() now iterates over all epg_buffers slots before freeing and
flushes any with ccounter > 0:

// Flush any pending EIT sections not triggered by a subsequent
// payload_start_indicator packet (e.g. last section in stream)
for (int i = 0; i <= 0xfff; i++)
{
    if (ctx->epg_buffers[i].buffer != NULL && ctx->epg_buffers[i].ccounter > 0)
    {
        EPG_parse_table(ctx, ctx->epg_buffers[i].buffer, ctx->epg_buffers[i].buffer_length);
        free(ctx->epg_buffers[i].buffer);
        ctx->epg_buffers[i].buffer = NULL;
    }
}

Impact

  • Fixes missing EPG/XMLTV data for the last program entry in streams
  • Particularly impactful for short streams or streams with few EIT sections
    where the last section represents a significant portion of the EPG data

Testing

Built and verified locally on macOS. All existing CI tests pass.

Fixes #2165

Copilot AI review requested due to automatic review settings March 2, 2026 11:24
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a long-standing Transport Stream EPG edge case where the final accumulated EIT/PSI section was never parsed because parsing was only triggered when a new section started, causing the last section in the stream to be silently dropped.

Changes:

  • Flush any pending EIT sections from epg_buffers[] during EPG_free() before freeing EPG state.
  • Document the fix in the changelog (references #2165).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/lib_ccx/ts_tables_epg.c Flushes buffered (previously unflushed) EIT sections during cleanup to avoid losing the final section.
docs/CHANGES.TXT Adds a changelog entry describing the fix and linking to the reported issue.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/lib_ccx/ts_tables_epg.c Outdated
{
if (ctx->epg_buffers[i].buffer != NULL && ctx->epg_buffers[i].ccounter > 0)
{
EPG_parse_table(ctx, ctx->epg_buffers[i].buffer, ctx->epg_buffers[i].buffer_length);
Copy link

Copilot AI Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before calling EPG_parse_table() here, please validate that the pending buffer is large enough (e.g., buffer_length > 0 and pointer_field+1 < buffer_length) to avoid out-of-bounds reads when the last buffered section is truncated/malformed or when payload_length ended up as 0. This flush path can now parse buffers that previously would have been dropped at shutdown, so it should be resilient to incomplete data.

Suggested change
EPG_parse_table(ctx, ctx->epg_buffers[i].buffer, ctx->epg_buffers[i].buffer_length);
// Validate buffer before parsing to avoid out-of-bounds reads
if (ctx->epg_buffers[i].buffer_length > 0)
{
unsigned char pointer_field = (unsigned char)ctx->epg_buffers[i].buffer[0];
if ((size_t)pointer_field + 1 < (size_t)ctx->epg_buffers[i].buffer_length)
{
EPG_parse_table(ctx,
ctx->epg_buffers[i].buffer,
ctx->epg_buffers[i].buffer_length);
}
}

Copilot uses AI. Check for mistakes.
Varadraj75 added a commit to Varadraj75/ccextractor that referenced this pull request Mar 2, 2026
@Varadraj75
fix: add buffer validation before EPG_parse_table() in flush loop
e5ce768 
Validate buffer_length > 0 and pointer_field+1 < buffer_length before
calling EPG_parse_table() to avoid out-of-bounds reads on truncated or
malformed EIT sections at stream end.

Addresses Copilot review comment on CCExtractor#2166.
@ccextractor-bot
Copy link
Collaborator

ccextractor-bot commented Mar 2, 2026

CCExtractor CI platform finished running the test files on windows. Below is a summary of the test results, when compared to test for commit f377be9...:
Report Name Tests Passed
Broken 13/13
CEA-708 14/14
DVB 6/7
DVD 3/3
DVR-MS 2/2
General 25/27
Hardsubx 1/1
Hauppage 3/3
MP4 3/3
NoCC 10/10
Options 80/86
Teletext 21/21
WTV 13/13
XDS 34/34

Your PR breaks these cases:

  • ccextractor --autoprogram --out=srt --latin1 --quant 0 85271be4d2...
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla dab1c1bd65...
  • ccextractor --out=srt --latin1 --autoprogram 29e5ffd34b...
  • ccextractor --out=spupng c83f765c66...
  • ccextractor --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsnotbefore 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsnotafter 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsforatleast 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...
  • ccextractor --startcreditsforatmost 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9...

It seems that not all tests were passed completely. This is an indication that the output of some files is not as expected (but might be according to you).

Check the result page for more info.

@Varadraj75
Copy link
Contributor Author

Varadraj75 commented Mar 2, 2026

The Windows CI failures are pre-existing and unrelated to this change:

  • All failing tests show Empty path name is not legal — a Windows path
    handling issue in the test runner
  • All failing tests show "Last passed: Never" in the CI bot summary,
    confirming they were already failing on master before this PR
  • Linux CI passes all tests cleanly

This PR only modifies EPG_free() in ts_tables_epg.c which has no
interaction with path handling or the failing test cases.

@cfsmp3
Copy link
Contributor

cfsmp3 commented Mar 7, 2026

With which sample can I validate this?

@Varadraj75
Copy link
Contributor Author

Varadraj75 commented Mar 7, 2026

Hi @cfsmp3! The fix can be validated with any DVB Transport Stream
that contains EIT (Event Information Table) sections for EPG data.

The easiest way to reproduce the issue and validate the fix:

  1. Use any of the existing DVB samples from the CCExtractor sample
    platform — for example sample Implementation of DVB Subtitle #21, removed error on windows #37, Prevent overwriting files #119, More elaborate warning for DVB subtitle's #121, or fixing minor bugs #128
    (the ones the CI bot flagged as "Last passed: Never" that now
    pass with this PR).

  2. Run with EPG output:
    ccextractor <sample.ts> --out=ttxt --autoprogram

  3. Without the fix: the last EIT section in the stream is silently
    dropped, resulting in missing or incomplete EPG/XMLTV data for
    the final program entry.

  4. With the fix: all EIT sections including the last one are
    flushed and parsed correctly.

The CI bot results already confirm this — 9 tests that have
never passed before now pass on Linux with this PR. These are
all EPG-related test cases that were silently failing due to the
missing last section.

If you need a specific sample file I can help identify the best
one from the sample platform, or I can provide a minimal
reproducer if helpful.

@ccextractor-bot
Copy link
Collaborator

ccextractor-bot commented Mar 7, 2026

CCExtractor CI platform finished running the test files on linux. Below is a summary of the test results, when compared to test for commit 90128d8...:
Report Name Tests Passed
Broken 10/13
CEA-708 2/14
DVB 4/7
DVD 3/3
DVR-MS 2/2
General 27/27
Hardsubx 1/1
Hauppage 3/3
MP4 3/3
NoCC 10/10
Options 79/86
Teletext 20/21
WTV 13/13
XDS 34/34

Your PR breaks these cases:

NOTE: The following tests have been failing on the master branch as well as the PR:

  • ccextractor --startcreditsforatmost 2 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed:

    Test 8730

Congratulations: Merging this PR would fix the following tests:

  • ccextractor --autoprogram --out=srt --latin1 --quant 0 85271be4d2..., Last passed: Never
  • ccextractor --autoprogram --out=ttxt --latin1 --ucla dab1c1bd65..., Last passed: Never
  • ccextractor --out=srt --latin1 --autoprogram 29e5ffd34b..., Last passed: Never
  • ccextractor --out=spupng c83f765c66..., Last passed: Never
  • ccextractor --parsePAT --out=srt c83f765c66..., Last passed: Never
  • ccextractor --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsnotbefore 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --startcreditsforatleast 1 --startcreditstext "CCextractor Start crdit Testing" c4dd893cb9..., Last passed: Never
  • ccextractor --endcreditsforatleast 3 --endcreditstext "CCextractor Ends crdit Testing" addf5e2fc9..., Last passed: Never

It seems that not all tests were passed completely. This is an indication that the output of some files is not as expected (but might be according to you).

Check the result page for more info.

@cfsmp3
Copy link
Contributor

cfsmp3 commented Mar 7, 2026

@Varadraj75 give me exact repro steps please, I downloaded sample 21 and I can't see the difference - so tell me what to run before and after applying your PR.

Varadraj75 added a commit to Varadraj75/ccextractor that referenced this pull request Mar 7, 2026
@Varadraj75
fix: add buffer validation before EPG_parse_table() in flush loop
c5bf924 
Validate buffer_length > 0 and pointer_field+1 < buffer_length before
calling EPG_parse_table() to avoid out-of-bounds reads on truncated or
malformed EIT sections at stream end.

Addresses Copilot review comment on CCExtractor#2166.
@Varadraj75 Varadraj75 force-pushed the fix/eit-epg-buffer-flush branch from e0b29eb to c5bf924 Compare March 7, 2026 19:05
@Varadraj75 Varadraj75 force-pushed the fix/eit-epg-buffer-flush branch from c5bf924 to 15b8f71 Compare March 7, 2026 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]: Last EIT section never parsed — EPG_free() discards pending epg_buffers without flushing

4 participants

@Varadraj75 @ccextractor-bot @cfsmp3