[FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash
徐慧书
javashu2012 at gmail.com
Wed Oct 21 12:16:29 EEST 2020
Steven Liu <lq at chinaffmpeg.org> 于2020年10月17日周六 下午4:57写道:
>
>
> > 在 2020年10月17日,13:38,徐慧书 <javashu2012 at gmail.com> 写道:
> >
> > Andreas Rheinhardt <andreas.rheinhardt at gmail.com> 于2020年10月16日周五
> 下午9:32写道:
> >
> >> javashu2012 at gmail.com:
> >>> From: bevis <javashu2012 at gmail.com>
> >>>
> >>> Signed-off-by: bevis <javashu2012 at gmail.com>
> >>> ---
> >>> libavformat/hls.c | 5 +++--
> >>> 1 file changed, 3 insertions(+), 2 deletions(-)
> >>>
> >>> diff --git a/libavformat/hls.c b/libavformat/hls.c
> >>> index 72e28ab94f..0a522a4595 100644
> >>> --- a/libavformat/hls.c
> >>> +++ b/libavformat/hls.c
> >>> @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
> >>> pls->ctx->interrupt_callback = s->interrupt_callback;
> >>> url = av_strdup(pls->segments[0]->url);
> >>> ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0,
> 0);
> >>> - av_free(url);
> >>> if (ret < 0) {
> >>> /* Free the ctx - it isn't initialized properly at this
> >> point,
> >>> * so avformat_close_input shouldn't be called. If
> >>> * avformat_open_input fails below, it frees and zeros the
> >>> * context, so it doesn't need any special treatment like
> >> this. */
> >>> - av_log(s, AV_LOG_ERROR, "Error when loading first segment
> >> '%s'\n", pls->segments[0]->url);
> >>> + av_log(s, AV_LOG_ERROR, "Error when loading first segment
> >> '%s'\n", url);
> >>> avformat_free_context(pls->ctx);
> >>> pls->ctx = NULL;
> >>> + av_free(url);
> >>> goto fail;
> >>> }
> >>> + av_free(url);
> >>> pls->ctx->pb = &pls->pb;
> >>> pls->ctx->io_open = nested_io_open;
> >>> pls->ctx->flags |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
> >>>
> >> The change itself seems fine to me (I wonder why this hasn't been
> >> noticed when writing/reviewing b5e39880fb), but your commit message is
> >> way too long: The first line should be a short description followed by a
> >> more detailed description lateron (in the next lines).
> >>
> >> How exactly did you find this?
> >>
> >> - Andreas
> >>
> >
> > It was found in the crash logs of online users, and it was also simulated
> > locally. In China, we have a very large number of users, and the hls
> > protocol is widely used, with hundreds of millions of views every day,
> and
> > every small problem becomes more obvious.
> maybe more than 1.5 billions right now. :D
>
> >
> >> _______________________________________________
> >> ffmpeg-devel mailing list
> >> ffmpeg-devel at ffmpeg.org
> >> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >>
> >> To unsubscribe, visit link above, or email
> >> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
> Thanks
> Steven
>
>
hi steven, This modification has not been confirmed, and it was
reinitiated. Is there any problem? What else do I need to do?
>
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list