[FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash
Steven Liu
lq at chinaffmpeg.org
Wed Oct 21 13:57:01 EEST 2020
> 2020年10月21日 下午5:16,徐慧书 <javashu2012 at gmail.com> 写道:
>
> Steven Liu <lq at chinaffmpeg.org> 于2020年10月17日周六 下午4:57写道:
>
>>
>>
>>> 在 2020年10月17日,13:38,徐慧书 <javashu2012 at gmail.com> 写道:
>>>
>>> Andreas Rheinhardt <andreas.rheinhardt at gmail.com> 于2020年10月16日周五
>> 下午9:32写道:
>>>
>>>> javashu2012 at gmail.com:
>>>>> From: bevis <javashu2012 at gmail.com>
>>>>>
>>>>> Signed-off-by: bevis <javashu2012 at gmail.com>
>>>>> ---
>>>>> libavformat/hls.c | 5 +++--
>>>>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>>>>
>>>>> diff --git a/libavformat/hls.c b/libavformat/hls.c
>>>>> index 72e28ab94f..0a522a4595 100644
>>>>> --- a/libavformat/hls.c
>>>>> +++ b/libavformat/hls.c
>>>>> @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
>>>>> pls->ctx->interrupt_callback = s->interrupt_callback;
>>>>> url = av_strdup(pls->segments[0]->url);
>>>>> ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0,
>> 0);
>>>>> - av_free(url);
>>>>> if (ret < 0) {
>>>>> /* Free the ctx - it isn't initialized properly at this
>>>> point,
>>>>> * so avformat_close_input shouldn't be called. If
>>>>> * avformat_open_input fails below, it frees and zeros the
>>>>> * context, so it doesn't need any special treatment like
>>>> this. */
>>>>> - av_log(s, AV_LOG_ERROR, "Error when loading first segment
>>>> '%s'\n", pls->segments[0]->url);
>>>>> + av_log(s, AV_LOG_ERROR, "Error when loading first segment
>>>> '%s'\n", url);
>>>>> avformat_free_context(pls->ctx);
>>>>> pls->ctx = NULL;
>>>>> + av_free(url);
>>>>> goto fail;
>>>>> }
>>>>> + av_free(url);
>>>>> pls->ctx->pb = &pls->pb;
>>>>> pls->ctx->io_open = nested_io_open;
>>>>> pls->ctx->flags |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
>>>>>
>>>> The change itself seems fine to me (I wonder why this hasn't been
>>>> noticed when writing/reviewing b5e39880fb), but your commit message is
>>>> way too long: The first line should be a short description followed by a
>>>> more detailed description lateron (in the next lines).
>>>>
>>>> How exactly did you find this?
>>>>
>>>> - Andreas
>>>>
>>>
>>> It was found in the crash logs of online users, and it was also simulated
>>> locally. In China, we have a very large number of users, and the hls
>>> protocol is widely used, with hundreds of millions of views every day,
>> and
>>> every small problem becomes more obvious.
>> maybe more than 1.5 billions right now. :D
>>
>>>
>>>> _______________________________________________
>>>> ffmpeg-devel mailing list
>>>> ffmpeg-devel at ffmpeg.org
>>>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>>>
>>>> To unsubscribe, visit link above, or email
>>>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>>> _______________________________________________
>>> ffmpeg-devel mailing list
>>> ffmpeg-devel at ffmpeg.org
>>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>>
>>> To unsubscribe, visit link above, or email
>>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>>
>> Thanks
>> Steven
>>
>>
> hi steven, This modification has not been confirmed, and it was
> reinitiated. Is there any problem? What else do I need to do?
Do you mean I can push this patch? I saw you have beed submit a new patch same as this patch:
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20201019020757.12101-1-javashu2012@gmail.com/
Can I push that?
If (yes)
I will push that after 24 hours if no objections. :-)
Thanks
Steven Liu
More information about the ffmpeg-devel
mailing list