Opened 4 years ago

Closed 4 years ago

#1383 closed defect (fixed)

HTTP playback will crash if URL can't be opened for whatever reasons

Reported by: jyavenard Owned by:
Priority: critical Component: avformat
Version: unspecified Keywords: http
Cc: Blocked By:
Blocking: Reproduced by developer: yes
Analyzed by developer: no

Description

Problem was introduced by commit ba354a8c

backtrace:
ffplay http://stream7.france24.yacast.net/iphone/france24/fr/iPad.f24_fr.m3u8

ffplay(80831,0x10679b000) malloc: * error for object 0x101120f00: pointer being freed was not allocated
* set a breakpoint in malloc_error_break to debug

Program received signal SIGABRT, Aborted.
[Switching to process 80831 thread 0x6a03]
0x00007fff95723ce2 in __pthread_kill ()
(gdb) thread apply all bt full

Thread 6 (process 80831):
#0  0x00007fff95723ce2 in __pthread_kill ()
No symbol table info available.
#1  0x00007fff920db7d2 in pthread_kill ()
No symbol table info available.
#2  0x00007fff920cca7a in abort ()
No symbol table info available.
#3  0x00007fff9212b84c in free ()
No symbol table info available.

Thread 5 (process 80831):
#0  0x00007fff95723e42 in __semwait_signal ()
No symbol table info available.
#1  0x00007fff9208fdea in nanosleep ()
No symbol table info available.
#2  0x0000000100e25386 in RunTimer ()
No symbol table info available.
#3  0x0000000100de9368 in SDL_RunThread ()
No symbol table info available.
#4  0x0000000100e20e09 in RunThread ()
No symbol table info available.
#5  0x00007fff920d98bf in _pthread_start ()
No symbol table info available.
#6  0x00007fff920dcb75 in thread_start ()
No symbol table info available.

Thread 4 (process 80831):
#0  0x00007fff95724192 in __workq_kernreturn ()
No symbol table info available.
#1  0x00007fff920db594 in _pthread_wqthread ()
No symbol table info available.
#2  0x00007fff920dcb85 in start_wqthread ()
No symbol table info available.

Thread 3 (process 80831):
#0  0x00007fff95724192 in __workq_kernreturn ()
No symbol table info available.
#1  0x00007fff920db594 in _pthread_wqthread ()
No symbol table info available.
#2  0x00007fff920dcb85 in start_wqthread ()
No symbol table info available.

Thread 2 (process 80831):
#0  0x00007fff957247e6 in kevent ()
No symbol table info available.
#1  0x00007fff8da9978a in _dispatch_mgr_invoke ()
No symbol table info available.
#2  0x00007fff8da9831a in _dispatch_mgr_thread ()
No symbol table info available.

Thread 1 (process 80831):
#0  0x00007fff95723e42 in __semwait_signal ()
No symbol table info available.
#1  0x00007fff9208fdea in nanosleep ()
No symbol table info available.
#2  0x0000000100e252b6 in SDL_Delay ()
No symbol table info available.
#3  0x0000000100de5abe in SDL_WaitEvent ()
No symbol table info available.
#4  0x0000000100007f94 in SDL_main ()
No symbol table info available.
#5  0x00007fff8f7afd0e in __-[NSNotificationCenter addObserver:selector:name:object:]_block_invoke_1 ()
No symbol table info available.
#6  0x00007fff8e4a67ba in _CFXNotificationPost ()
No symbol table info available.
#7  0x00007fff8f79bfc3 in -[NSNotificationCenter postNotificationName:object:userInfo:] ()
No symbol table info available.
#8  0x00007fff92b4c4e3 in -[NSApplication _postDidFinishNotification] ()
No symbol table info available.
#9  0x00007fff92b4c249 in -[NSApplication _sendFinishLaunchingNotification] ()
No symbol table info available.
#10 0x00007fff92b4af10 in -[NSApplication(NSAppleEventHandling) _handleAEOpenEvent:] ()
No symbol table info available.
#11 0x00007fff92b4ac71 in -[NSApplication(NSAppleEventHandling) _handleCoreEvent:withReplyEvent:] ()
No symbol table info available.
#12 0x00007fff8e4f0541 in -[NSObject performSelector:withObject:withObject:] ()
No symbol table info available.
#13 0x00007fff8f7d27c7 in __-[NSAppleEventManager setEventHandler:andSelector:forEventClass:andEventID:]_block_invoke_1 ()
No symbol table info available.
#14 0x00007fff8f7d174e in -[NSAppleEventManager dispatchRawAppleEvent:withRawReply:handlerRefCon:] ()
No symbol table info available.
#15 0x00007fff8f7d15dc in _NSAppleEventManagerGenericHandler ()
No symbol table info available.
#16 0x00007fff923b9c25 in aeDispatchAppleEvent ()
No symbol table info available.
#17 0x00007fff923b9b03 in dispatchEventAndSendReply ()
No symbol table info available.
#18 0x00007fff923b99f7 in aeProcessAppleEvent ()
No symbol table info available.
#19 0x00007fff8c6ded7d in AEProcessAppleEvent ()
No symbol table info available.
#20 0x00007fff92b4807d in _DPSNextEvent ()
No symbol table info available.
#21 0x00007fff92b47735 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
No symbol table info available.
#22 0x00007fff92b44071 in -[NSApplication run] ()
No symbol table info available.
#23 0x00000001005ff320 in ff_get_cpu_flags_x86 ()
No symbol table info available.
#24 0x00000001000018b4 in start ()
No symbol table info available.

sorry for the poor quality of the backtrace.

here is the one from MythTV using identical call to ffplay when trying to play a URL and calling
ffurl_open(&context, filename, AVIO_FLAG_READ, NULL, NULL);

where filename is "http://stream7.france24.yacast.net/iphone/france24/fr/iPad.f24_fr.m3u8"

#0  0x00007fff95723ce2 in __pthread_kill ()
#1  0x00007fff920db7d2 in pthread_kill ()
#2  0x00007fff920cca7a in abort ()
#3  0x00007fff9212b84c in free ()
#4  0x000000010008ba60 in ffurl_close (h=0x2d03) at avio.c:332
#5  0x00000001000a5912 in http_open_cnx (h=0x7fff5fbfcff0) at http.c:192
#6  0x000000010008be28 in ffurl_connect (uc=0x2d03, options=0x7fff5fbfae28) at avio.c:184
#7  0x000000010008c347 in ffurl_open (puc=0x7fff5fbfd4a0, filename=0x6 <Address 0x6 out of bounds>, flags=0, int_cb=0x7fff5fbfae28, options=0x0) at avio.c:244
#8  0x00000001013b5bc8 in HLSRingBuffer::TestForHTTPLiveStreaming (filename=@0x7fff5fbfd708) at httplivestreambuffer.cpp:1627
#9  0x00000001010bb608 in RingBuffer::Create (xfilename=@0x7fff5fbfdcb0, write=false, usereadahead=true, timeout_ms=2000, stream_only=false) at ringbuffer.cpp:119
#10 0x000000010147cd14 in TV::HandleStateChange (this=0x110138390, mctx=0x110138f30, ctx=0x110138f30) at tv_play.cpp:2283
#11 0x0000000101485dec in TV::Playback (this=0x110138390, rcinfo=@0x11013a2b0) at tv_play.cpp:2032
#12 0x00000001014e2cda in TV::StartTV (tvrec=0x7fff5fbff450, flags=0) at tv_play.cpp:335
#13 0x000000010000c6db in main (argc=7, argv=0x7fff5fbffa88) at main.cpp:256

The commit mentioned above also introduced a compilation regression when compiling with HTTPS support.

The addition of url_shutdown wasn't added in this particular spot

Following patch is required:

diff --git a/libavformat/http.c b/libavformat/http.c
index ddba5f5..79ff7f4 100644
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -655,6 +655,7 @@ URLProtocol ff_https_protocol = {
     .url_seek            = http_seek,
     .url_close           = http_close,
     .url_get_file_handle = http_get_file_handle,
+    .url_shutdown        = http_shutdown,
     .priv_data_size      = sizeof(HTTPContext),
     .priv_data_class     = &https_context_class,
     .flags               = URL_PROTOCOL_FLAG_NETWORK,

Change History (2)

comment:1 Changed 4 years ago by jyavenard

Sorry, I made a mistake associating the commit ba354a8c ; that one introduced the https issue.

Git bisect find that this is the culprit for the regression. I'm not 100% sure that it is completely the problem as git bisect often acts weird when working through merge with remote forks

3bdb438e6517ec342e93298de571688584050d68 is the first bad commit
commit 3bdb438e6517ec342e93298de571688584050d68
Author: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Date:   Mon May 28 15:03:19 2012 +0200

    http: Add support for using persistent connections
    
    Add a new AVOption 'multiple_requests', which indicates if we want
    to use persistent connections (ie. Connection: keep-alive).
    
    Signed-off-by: Martin Storsjö <martin@martin.st>

:040000 040000 c28dfba01c195adc1a6b7f7d7c53fb60372d1b66 2970eae70045726d784ffbedceec6fde48d3a010 M	libavformat

reverting that commit gives me bus error but no av_free error. As such, I'm not convinced that the problem can be entirely attributed to this commit

comment:2 Changed 4 years ago by michael

  • Keywords http added
  • Reproduced by developer set
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.