From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 9E476488A6 for ; Tue, 28 Jan 2025 08:51:13 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AF40A68BCC7; Tue, 28 Jan 2025 10:51:08 +0200 (EET) Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 33A3B68BBE9 for ; Tue, 28 Jan 2025 10:51:01 +0200 (EET) Received: by mail-lf1-f49.google.com with SMTP id 2adb3069b0e04-54021daa6cbso5745850e87.0 for ; Tue, 28 Jan 2025 00:51:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=martin-st.20230601.gappssmtp.com; s=20230601; t=1738054260; x=1738659060; darn=ffmpeg.org; h=mime-version:references:message-id:in-reply-to:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=ZOfNFebLeCy2Vm+hMxIOPFCSlosYLAtXsP6MClaUgjU=; b=SBDOBGes7xIKhLXm5UWxrgLPcayzIOUYSBkkzaH2zU5TkDNJ4PQCm0PjT3IjQtzwZG kR7qcOmN4sc6VQ50hxO8cu7TVNAiuJVdVgB6xdGP77z8C6CO0T/CkUZ2REWnO67BA77X mklw/oyVOAUGu4zbo3Kz8hIVGnMW4XxZ9H0LBRSueWRfy5TkkegImwCvHP3o3A2a+CiF dSGIjnKrSvBQxpgqSgFsen88UQVuTSffBhhdNpd/MvbnoD6yEqbBzNtuhHmjoWpqxvLj csTVoYaAMOqdsPLS7LoCwakogXULX5p50uL2Er0RuUF0I1joxtJMwmcqrvC1MJxkPBeL RJqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738054260; x=1738659060; h=mime-version:references:message-id:in-reply-to:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZOfNFebLeCy2Vm+hMxIOPFCSlosYLAtXsP6MClaUgjU=; b=fUdeMLoYxtE85dwT7RwMMQFLps0OhkK0fryaNEOk49fw4XOlJi0pLXzRbjKUfoz/Pa OvJ0ico2EIqauQUwFXE+MzEL52pGMyveE06p9NLnlfL5G8pDB7Zrra4s3vZSemwjKym6 vFPOQ00DWWJ4aL9ZbLv4nS/mP7gimUfauapQYFWhCcMD+6pe3r3RXaBmsre574HhNSJ/ w6Oh6pC8BINhio/4jk7T9pHpQtFf6sK+uvUA0JImZnPIq2GkfjhD6HvbXaVd7mdfvcex raqiyTnMS72yE9QiFJEMofv7QX2iZIaVR26Rh9QPcY4bdYpe8phigUdC331F0N+yIkon buLw== X-Gm-Message-State: AOJu0Ywp0E5gyfOAIp5zR5GxvjpjMvcGUIz9psWQipWvR8A0nO27QuNU w4JghmyX7KtamwpUCRXkUM5bGO8gnzZ5tiAumNojwmEuuy+GdU455OmHdqcvhqBsR3SpFKbuUV4 SIQ== X-Gm-Gg: ASbGncvn1Oz/YpASZ4W2I27673ab5seR5sSdG031NWYwRw9XahER2LDTnN5e9DsSHWh EJV6F24qY8Saql1MI2RKQa56e0Uc2YxJjEfzoF6vyw49b5x0AOU8QBxEVomo1NlZxKuF3HpCNlI vJu9thP6QlpG3BW40roVrW0tcdjQk4OexJiErHceJS1DtTGTEE3oWTYhX6EscMXgLxUOLsxZFVw iTKhmI3rsHQVpxfdk0eP1rk9AYyrkp3hPMk7Vj7h4WSplNCe/2oCo9cejGT9+2wsAtTW3EdLNvX WUBctBs4Zcbj5hczSFhQJnSEyMKERrYESoZ5mkkGWrJhLN3sooBCYdRZ/ZCq7wBT45ZGPOXXNJD Pw22ZaLFu5AY= X-Google-Smtp-Source: AGHT+IHbRrRLyNTpqlQuqbRDrduf9bbCihabXQFLWA1cegfd66x/5jR38PV8qMaLQtUDwmaQo/8AHw== X-Received: by 2002:a05:6512:7b:b0:540:1e51:b919 with SMTP id 2adb3069b0e04-5439c2539efmr13569114e87.31.1738054259894; Tue, 28 Jan 2025 00:50:59 -0800 (PST) Received: from tunnel335574-pt.tunnel.tserv24.sto1.ipv6.he.net (tunnel335574-pt.tunnel.tserv24.sto1.ipv6.he.net. [2001:470:27:11::2]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-543c8381572sm1539862e87.224.2025.01.28.00.50.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jan 2025 00:50:59 -0800 (PST) Date: Tue, 28 Jan 2025 10:50:58 +0200 (EET) From: =?ISO-8859-15?Q?Martin_Storsj=F6?= To: ffmpeg-devel@ffmpeg.org In-Reply-To: <20250123111927.68968-1-martin@martin.st> Message-ID: References: <20250123111927.68968-1-martin@martin.st> MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [FFmpeg-devel] [PATCH] rtmpproto: Avoid rare crashes in the fail: codepath in rtmp_open X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-15"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On Thu, 23 Jan 2025, Martin Storsj=F6 wrote: > When running the cleanup in rtmp_close on failures in rtmp_open, > we can in rare cases end up using rt->playpath, assuming that it > is still set. > > The crash could happen if we hit the fail codepath in rtmp_open > while publishing (rt->is_input =3D=3D 0) with rt->state set to > a value > STATE_FCPUBLISH. > > This would normally not happen while publishing; either we have > an error (and rt->state <=3D STATE_FCPUBLISH) or we reach > rt->state =3D STATE_PUBLISHING, and then we also return successfully > from rtmp_open. > > The unexpected combination of states could happen if the server > responds with e.g. "NetStream.Play.Stop" while expecting > "NetStream.Publish.Start"; this sets rt->state to STATE_STOPPED, > which also fulfills the condition "> STATE_FCPUBLISH". > > We don't need to free the rt->playpath/tcurl/flashver strings here; > they're handled via AVOption, and thus are freed automatically when > the protocol instance is freed (that's why they aren't freed > manually within the rtmp_close function either). > > We also don't need to free the AVDictionary with options; it's > owned by the caller. > > A smaller fix would be to just call rtmp_close before freeing > the strings and dictionary, but as we don't need to free them > at all, let's remove that redundant code. > --- > libavformat/rtmpproto.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/libavformat/rtmpproto.c b/libavformat/rtmpproto.c > index a34020b092..4095ae9421 100644 > --- a/libavformat/rtmpproto.c > +++ b/libavformat/rtmpproto.c > @@ -2925,10 +2925,6 @@ reconnect: > return 0; > > fail: > - av_freep(&rt->playpath); > - av_freep(&rt->tcurl); > - av_freep(&rt->flashver); > - av_dict_free(opts); > rtmp_close(s); > return ret; > } > -- = > 2.39.5 (Apple Git-154) Will push soon. // Martin _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".