From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id EE8BF495CA for ; Tue, 28 Jan 2025 17:59:40 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A4C0468B9F2; Tue, 28 Jan 2025 19:59:37 +0200 (EET) Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4DC1468B972 for ; Tue, 28 Jan 2025 19:59:31 +0200 (EET) Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-53e3c47434eso6354046e87.3 for ; Tue, 28 Jan 2025 09:59:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=martin-st.20230601.gappssmtp.com; s=20230601; t=1738087170; x=1738691970; darn=ffmpeg.org; h=mime-version:references:message-id:in-reply-to:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=dTqkIiHQV7XCw4SJb0Rn/mOu0uXM5LWoYI4Jb9CryVg=; b=f4sOMFRMdz3bcok+4QVOeuHO7DizeALzKXpXoNXAokzG/BHZ2KKQZcJqJBwWzAKqDP A279aw28McprBvyJx+txKrqNQBB/i6lBDZD4aFQf0ulYmWw/2gSS/k/HrMlc/sjqNqCG OWVjKz0T+hUBdwS/xMuy5sVHRM+E1n1wtxADIxugqNggiTFhQzMVGAf0ondzlhF5o6fg NZcp+tSw1WIiUypi5PmX34VrOWixTwqVXWi+1lB3xohHQfMd5TKoK1eLOOhgUQ7phFd8 YHlFHBqTQA3NWUZqkl2pbh+YLD3k2F3EGn7i1bBPde4zR71nP5ABiz9C4ol9SCpc/3jT 7m4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738087170; x=1738691970; h=mime-version:references:message-id:in-reply-to:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dTqkIiHQV7XCw4SJb0Rn/mOu0uXM5LWoYI4Jb9CryVg=; b=J9/6VwyqMjwhnD4UAXaCLK8JrAupzY5cLb1+ob7cjykrWXpKp4QaFuFU8fdyjASSS9 A7ldSp1akVMoNwYHENC7d363Pjfy6gMSFCLTOYlMu7xj+vrPgtVPn+0F8EFjuYAEAXIb fe7fbKOnOBft6nzwtv6ArLToJzx3EBNIKicNotFcTVRruXkIGmk/YxNPuY2PUeFFS28Z ZCldf3ksKAVBQfFgV6WviQGyTzranee8+8cc7GRZdx9xOXI9wxwpjwxleMmhx8fk5JKm 2XgCdMiQmOX/lqVOFTxIrpm/CeQAvmZHlWcUL8d/lLud9boufUgD6JoatLy6PSpk6WN+ v64A== X-Gm-Message-State: AOJu0YwbpCDyQ8c0DSL7CX4mctivTKilD41meNwxF0cbV+XRcoxFtzaz vN0Uc2mJOq39gCHO6f9ATlLFw5KDNV4EVy24tidr8nFljt9MSiqQOuh4kL+MI2k+F4x/GW5q2Wm 50A== X-Gm-Gg: ASbGncu1mcleGI+lgWPVT4M88wh+aW0Peg6gdE1uOnabCH0MHKjoa+AhMYKu0OhMxwn r5VCwkVF/+unl/KGfIAjxm7OKzx9cbnTivOOcOJekdUw5QzliB8ebffOT3ipbTQBICiqzfPwsC8 bN0v/z+hVOLMf2qyQDmPnyFenaUNsc/0Zp2tgNaXJwYDz51nQGSoWuqJ+CQUl17Kg65ynwI4j6I o3NOSXBlDZanEFWJ6EyUdJ4tHrm5MIUfVP5dRjYbTuhfBLa1MN6kgpJqreuWp+kLiDUH9GQMCRc 7lFd8lquNqa5k6NMiJ2d0vX3Lz+B4MuchMP5L3GR+mp8ixzlalG2xp/ueNseky6i+toTeUtkGWx rpFWK1lCymLg= X-Google-Smtp-Source: AGHT+IHTwxSz4jUPGPMSNFPVDIXgObCw5kaouc+E5uwzIb1Q7ueuunlvAmubOE1McMPbcLUhULwXsg== X-Received: by 2002:a05:6512:e8c:b0:540:22bd:e25c with SMTP id 2adb3069b0e04-5439c280739mr15701061e87.50.1738087170165; Tue, 28 Jan 2025 09:59:30 -0800 (PST) Received: from tunnel335574-pt.tunnel.tserv24.sto1.ipv6.he.net (tunnel335574-pt.tunnel.tserv24.sto1.ipv6.he.net. [2001:470:27:11::2]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-543c8379a9bsm1736349e87.191.2025.01.28.09.59.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jan 2025 09:59:29 -0800 (PST) Date: Tue, 28 Jan 2025 19:59:29 +0200 (EET) From: =?ISO-8859-15?Q?Martin_Storsj=F6?= To: ffmpeg-devel@ffmpeg.org In-Reply-To: Message-ID: References: <20250123111927.68968-1-martin@martin.st> MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [FFmpeg-devel] [PATCH] rtmpproto: Avoid rare crashes in the fail: codepath in rtmp_open X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-15"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On Tue, 28 Jan 2025, Martin Storsj=F6 wrote: > On Thu, 23 Jan 2025, Martin Storsj=F6 wrote: > >> When running the cleanup in rtmp_close on failures in rtmp_open, >> we can in rare cases end up using rt->playpath, assuming that it >> is still set. >> = >> The crash could happen if we hit the fail codepath in rtmp_open >> while publishing (rt->is_input =3D=3D 0) with rt->state set to >> a value > STATE_FCPUBLISH. >> = >> This would normally not happen while publishing; either we have >> an error (and rt->state <=3D STATE_FCPUBLISH) or we reach >> rt->state =3D STATE_PUBLISHING, and then we also return successfully >> from rtmp_open. >> = >> The unexpected combination of states could happen if the server >> responds with e.g. "NetStream.Play.Stop" while expecting >> "NetStream.Publish.Start"; this sets rt->state to STATE_STOPPED, >> which also fulfills the condition "> STATE_FCPUBLISH". >> = >> We don't need to free the rt->playpath/tcurl/flashver strings here; >> they're handled via AVOption, and thus are freed automatically when >> the protocol instance is freed (that's why they aren't freed >> manually within the rtmp_close function either). >> = >> We also don't need to free the AVDictionary with options; it's >> owned by the caller. >> = >> A smaller fix would be to just call rtmp_close before freeing >> the strings and dictionary, but as we don't need to free them >> at all, let's remove that redundant code. >> --- >> libavformat/rtmpproto.c | 4 ---- >> 1 file changed, 4 deletions(-) >> = >> diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c >> index a34020b092..4095ae9421 100644 >> --- a/libavformat/rtmpproto.c >> +++ b/libavformat/rtmpproto.c >> @@ -2925,10 +2925,6 @@ reconnect: >> return 0; >> = >> fail: >> - av_freep(&rt->playpath); >> - av_freep(&rt->tcurl); >> - av_freep(&rt->flashver); >> - av_dict_free(opts); >> rtmp_close(s); >> return ret; >> } >> -- = >> 2.39.5 (Apple Git-154) > > Will push soon. Pushed. // Martin _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".