[FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash

Thu Oct 22 11:57:39 EEST 2020

Steven Liu <lq at chinaffmpeg.org> 于2020年10月21日周三 下午6:57写道：

>
>
> > 2020年10月21日 下午5:16，徐慧书 <javashu2012 at gmail.com> 写道：
> >
> > Steven Liu <lq at chinaffmpeg.org> 于2020年10月17日周六 下午4:57写道：
> >
> >>
> >>
> >>> 在 2020年10月17日，13:38，徐慧书 <javashu2012 at gmail.com> 写道：
> >>>
> >>> Andreas Rheinhardt <andreas.rheinhardt at gmail.com> 于2020年10月16日周五
> >> 下午9:32写道：
> >>>
> >>>> javashu2012 at gmail.com:
> >>>>> From: bevis <javashu2012 at gmail.com>
> >>>>>
> >>>>> Signed-off-by: bevis <javashu2012 at gmail.com>
> >>>>> ---
> >>>>> libavformat/hls.c | 5 +++--
> >>>>> 1 file changed, 3 insertions(+), 2 deletions(-)
> >>>>>
> >>>>> diff --git a/libavformat/hls.c b/libavformat/hls.c
> >>>>> index 72e28ab94f..0a522a4595 100644
> >>>>> --- a/libavformat/hls.c
> >>>>> +++ b/libavformat/hls.c
> >>>>> @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext
> *s)
> >>>>>        pls->ctx->interrupt_callback = s->interrupt_callback;
> >>>>>        url = av_strdup(pls->segments[0]->url);
> >>>>>        ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0,
> >> 0);
> >>>>> -        av_free(url);
> >>>>>        if (ret < 0) {
> >>>>>            /* Free the ctx - it isn't initialized properly at this
> >>>> point,
> >>>>>             * so avformat_close_input shouldn't be called. If
> >>>>>             * avformat_open_input fails below, it frees and zeros the
> >>>>>             * context, so it doesn't need any special treatment like
> >>>> this. */
> >>>>> -            av_log(s, AV_LOG_ERROR, "Error when loading first
> segment
> >>>> '%s'\n", pls->segments[0]->url);
> >>>>> +            av_log(s, AV_LOG_ERROR, "Error when loading first
> segment
> >>>> '%s'\n", url);
> >>>>>            avformat_free_context(pls->ctx);
> >>>>>            pls->ctx = NULL;
> >>>>> +            av_free(url);
> >>>>>            goto fail;
> >>>>>        }
> >>>>> +        av_free(url);
> >>>>>        pls->ctx->pb       = &pls->pb;
> >>>>>        pls->ctx->io_open  = nested_io_open;
> >>>>>        pls->ctx->flags   |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
> >>>>>
> >>>> The change itself seems fine to me (I wonder why this hasn't been
> >>>> noticed when writing/reviewing b5e39880fb), but your commit message is
> >>>> way too long: The first line should be a short description followed
> by a
> >>>> more detailed description lateron (in the next lines).
> >>>>
> >>>> How exactly did you find this?
> >>>>
> >>>> - Andreas
> >>>>
> >>>
> >>> It was found in the crash logs of online users, and it was also
> simulated
> >>> locally. In China, we have a very large number of users, and the hls
> >>> protocol is widely used, with hundreds of millions of views every day,
> >> and
> >>> every small problem becomes more obvious.
> >> maybe more than 1.5 billions right now. :D
> >>
> >>>
> >>>> _______________________________________________
> >>>> ffmpeg-devel mailing list
> >>>> ffmpeg-devel at ffmpeg.org
> >>>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >>>>
> >>>> To unsubscribe, visit link above, or email
> >>>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> >>> _______________________________________________
> >>> ffmpeg-devel mailing list
> >>> ffmpeg-devel at ffmpeg.org
> >>> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >>>
> >>> To unsubscribe, visit link above, or email
> >>> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> >>
> >> Thanks
> >> Steven
> >>
> >>
> > hi steven, This modification has not been confirmed, and it was
> > reinitiated. Is there any problem? What else do I need to do?
> Do you mean I can push this patch? I saw you have beed submit a new patch
> same as this patch:
>
> https://patchwork.ffmpeg.org/project/ffmpeg/patch/20201019020757.12101-1-javashu2012@gmail.com/
>
> Can I push that?
> If (yes)
>     I will push that after 24 hours if no objections. :-)
>
>
> Thanks
>
> Steven Liu
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".


yes，you can pull this。