[FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Mon Oct 19 10:53:29 EEST 2020 

徐慧书:
> Andreas Rheinhardt <andreas.rheinhardt at gmail.com> 于2020年10月16日周五 下午9:32写道:
> 
>> javashu2012 at gmail.com:
>>> From: bevis <javashu2012 at gmail.com>
>>>
>>> Signed-off-by: bevis <javashu2012 at gmail.com>
>>> ---
>>>  libavformat/hls.c | 5 +++--
>>>  1 file changed, 3 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/libavformat/hls.c b/libavformat/hls.c
>>> index 72e28ab94f..0a522a4595 100644
>>> --- a/libavformat/hls.c
>>> +++ b/libavformat/hls.c
>>> @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
>>>          pls->ctx->interrupt_callback = s->interrupt_callback;
>>>          url = av_strdup(pls->segments[0]->url);
>>>          ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0, 0);
>>> -        av_free(url);
>>>          if (ret < 0) {
>>>              /* Free the ctx - it isn't initialized properly at this
>> point,
>>>               * so avformat_close_input shouldn't be called. If
>>>               * avformat_open_input fails below, it frees and zeros the
>>>               * context, so it doesn't need any special treatment like
>> this. */
>>> -            av_log(s, AV_LOG_ERROR, "Error when loading first segment
>> '%s'\n", pls->segments[0]->url);
>>> +            av_log(s, AV_LOG_ERROR, "Error when loading first segment
>> '%s'\n", url);
>>>              avformat_free_context(pls->ctx);
>>>              pls->ctx = NULL;
>>> +            av_free(url);
>>>              goto fail;
>>>          }
>>> +        av_free(url);
>>>          pls->ctx->pb       = &pls->pb;
>>>          pls->ctx->io_open  = nested_io_open;
>>>          pls->ctx->flags   |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
>>>
>> The change itself seems fine to me (I wonder why this hasn't been
>> noticed when writing/reviewing b5e39880fb), but your commit message is
>> way too long: The first line should be a short description followed by a
>> more detailed description lateron (in the next lines).
>>
>> How exactly did you find this?
>>
>> - Andreas
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>> To unsubscribe, visit link above, or email
>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> 
> 
> hi, Andreas,I have already updated and initiated the submission, what else
> do I need to do to submit this fix?

It is fine for me, but I am not the maintainer of the hls demuxer.

- Andreas

More information about the ffmpeg-devel mailing list