[FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash

徐慧书 javashu2012 at gmail.com
Wed Oct 21 12:16:29 EEST 2020


Steven Liu <lq at chinaffmpeg.org> 于2020年10月17日周六 下午4:57写道:

>
>
> > 在 2020年10月17日,13:38,徐慧书 <javashu2012 at gmail.com> 写道:
> >
> > Andreas Rheinhardt <andreas.rheinhardt at gmail.com> 于2020年10月16日周五
> 下午9:32写道:
> >
> >> javashu2012 at gmail.com:
> >>> From: bevis <javashu2012 at gmail.com>
> >>>
> >>> Signed-off-by: bevis <javashu2012 at gmail.com>
> >>> ---
> >>> libavformat/hls.c | 5 +++--
> >>> 1 file changed, 3 insertions(+), 2 deletions(-)
> >>>
> >>> diff --git a/libavformat/hls.c b/libavformat/hls.c
> >>> index 72e28ab94f..0a522a4595 100644
> >>> --- a/libavformat/hls.c
> >>> +++ b/libavformat/hls.c
> >>> @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s)
> >>>         pls->ctx->interrupt_callback = s->interrupt_callback;
> >>>         url = av_strdup(pls->segments[0]->url);
> >>>         ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0,
> 0);
> >>> -        av_free(url);
> >>>         if (ret < 0) {
> >>>             /* Free the ctx - it isn't initialized properly at this
> >> point,
> >>>              * so avformat_close_input shouldn't be called. If
> >>>              * avformat_open_input fails below, it frees and zeros the
> >>>              * context, so it doesn't need any special treatment like
> >> this. */
> >>> -            av_log(s, AV_LOG_ERROR, "Error when loading first segment
> >> '%s'\n", pls->segments[0]->url);
> >>> +            av_log(s, AV_LOG_ERROR, "Error when loading first segment
> >> '%s'\n", url);
> >>>             avformat_free_context(pls->ctx);
> >>>             pls->ctx = NULL;
> >>> +            av_free(url);
> >>>             goto fail;
> >>>         }
> >>> +        av_free(url);
> >>>         pls->ctx->pb       = &pls->pb;
> >>>         pls->ctx->io_open  = nested_io_open;
> >>>         pls->ctx->flags   |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;
> >>>
> >> The change itself seems fine to me (I wonder why this hasn't been
> >> noticed when writing/reviewing b5e39880fb), but your commit message is
> >> way too long: The first line should be a short description followed by a
> >> more detailed description lateron (in the next lines).
> >>
> >> How exactly did you find this?
> >>
> >> - Andreas
> >>
> >
> > It was found in the crash logs of online users, and it was also simulated
> > locally. In China, we have a very large number of users, and the hls
> > protocol is widely used, with hundreds of millions of views every day,
> and
> > every small problem becomes more obvious.
> maybe more than 1.5 billions right now. :D
>
> >
> >> _______________________________________________
> >> ffmpeg-devel mailing list
> >> ffmpeg-devel at ffmpeg.org
> >> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >>
> >> To unsubscribe, visit link above, or email
> >> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
> > _______________________________________________
> > ffmpeg-devel mailing list
> > ffmpeg-devel at ffmpeg.org
> > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> >
> > To unsubscribe, visit link above, or email
> > ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
> Thanks
> Steven
>
>
hi steven, This modification has not been confirmed, and it was
reinitiated. Is there any problem? What else do I need to do?

>
>
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".


More information about the ffmpeg-devel mailing list