Opened 5 years ago
Closed 5 years ago
#7527 closed defect (fixed)
segfault in libavformat/hlsenc.c hls_delete_old_segments()
Reported by: | caspy | Owned by: | |
---|---|---|---|
Priority: | important | Component: | avformat |
Version: | git-master | Keywords: | hls crash |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
ffmpeg will segfault when output as HLS with hls_flag +delete_segments and strftime_mkdir/use_localtime_mkdir.
How to reproduce:
% ffmpeg -i rtmp://127.0.0.1/test/test -c copy -f hls -hls_time 1 -hls_list_size 1 -use_localtime 1 -use_localtime_mkdir 1 -hls_flags "delete_segments" -hls_segment_filename "/tmp/%s/%s.ts" /tmp/index.m3u8 ffmpeg version: found in release/4.0, but git-master branch share same code
Notes:
in libavformat/hlsenc.c:
in hls_delete_old_segments():
'dirname' is created as NULL
then, few lines bellow, it is assigned only if 'if (segment && !hls->use_localtime_mkdir) { .. dirname = .. }'
and few more lines bellow it is accessed (crash is here) as 'av_stristr(dirname, "%v")'
Change History (8)
comment:1 by , 5 years ago
Keywords: | crash added; delete_segments strftime_mkdir use_localtime_mkdir removed |
---|
follow-up: 4 comment:3 by , 5 years ago
this patch fixes the issue.
ps: purely for experience, why this condition was implemented originally?
comment:4 by , 5 years ago
Replying to caspy:
this patch fixes the issue.
ps: purely for experience, why this condition was implemented originally?
reference this commit :9ec52a0a9b086d8a916a580ad594c126cd810a45
or maybe need check the option for var_stream_map.
follow-up: 6 comment:5 by , 5 years ago
https://patchwork.ffmpeg.org/patch/10889/
This is better than the first patch.
follow-up: 7 comment:6 by , 5 years ago
Replying to stevenliu:
https://patchwork.ffmpeg.org/patch/10889/
This is better than the first patch.
this patch fixes the issue too.
please, take a look few lines bellow, there is one more unconditional access to 'dirname' in subtitles block:
if ((segment->sub_filename[0] != '\0')) { ... av_strlcpy(sub_path, dirname, sub_path_size); av_strlcat(sub_path, segment->sub_filename, sub_path_size);
but i do not use subtitles and know nothing about them. so, i will not be able to test this part.
comment:7 by , 5 years ago
Replying to caspy:
Replying to stevenliu:
https://patchwork.ffmpeg.org/patch/10889/
This is better than the first patch.
this patch fixes the issue too.
please, take a look few lines bellow, there is one more unconditional access to 'dirname' in subtitles block:
if ((segment->sub_filename[0] != '\0')) { ... av_strlcpy(sub_path, dirname, sub_path_size); av_strlcat(sub_path, segment->sub_filename, sub_path_size);
yes you are right, let me think about how to fix it.
but i do not use subtitles and know nothing about them. so, i will not be able to test this part.
comment:8 by , 5 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
fixed by commit id: 43cc2e39c0092d5f34bc89618188af71019b5e9f
Please provide the complete, uncut console output including backtrace, disassembly and register dump as explained on https://ffmpeg.org/bugreports.html