Opened 6 years ago

Closed 5 years ago

#2180 closed defect (fixed)

http: cookie bugs

Reported by: gjdfgh Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: http cookie
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


  1. if a cookies string is set, but no domain matches, lavf sends "Cookie: (null)". This is because it passes NULL to snprintf() somewhere.
  1. ffmpeg erreneously includes the port number as part of the domain name for cookies, if the port number is included in the URL. For example, I was testing with the URL "http://localhost:10000/", and cookies for "localhost" were ignored. Using "localhost:10000" as domain name in the cookies string works, but I believe the port number should not be part of the domain name. At least wget disagrees.

Change History (8)

comment:1 Changed 6 years ago by cehoyos

Please provide a failing command line including complete, uncut console output.

comment:2 Changed 6 years ago by gjdfgh

But I'm not using ffmpeg by command line.

comment:3 Changed 6 years ago by cehoyos

Then please explain how the problem can be reproduced and why it is not reproducible with ffmpeg (the application).

comment:4 Changed 6 years ago by gjdfgh

$ ffmpeg -cookies "NAME=VALUE; path=/; domain=localhost; secure " -i http://localhost:10000/test.mkv
ffmpeg version N-49529-gb45a3e1 Copyright (c) 2000-2013 the FFmpeg developers
  built on Feb  2 2013 13:06:37 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --prefix=/tmp/fftemp
  libavutil      52. 17.100 / 52. 17.100
  libavcodec     54. 91.100 / 54. 91.100
  libavformat    54. 61.104 / 54. 61.104
  libavdevice    54.  3.103 / 54.  3.103
  libavfilter     3. 35.100 /  3. 35.100
  libswscale      2.  2.100 /  2.  2.100
  libswresample   0. 17.102 /  0. 17.102

Receiving side:

$ nc -l -p 10000
GET /test.mkv HTTP/1.1
User-Agent: Lavf54.61.104
Accept: */*
Range: bytes=0-
Connection: close
Host: localhost:10000
Cookie: (null)

"(null)" is obviously not a valid cookie value. This demonstrates the two issues I pointed out.

Also, I've noticed an unrelated cookie issue: with some sites, ffmpeg seems to accumulate "bad cookies". You can try with mpv and vimeo links. On every seek (http reconnect), ffmpeg prints an additional warning reading "[http @ 0x8a43da0]Invalid cookie found, no value, path or domain specified" (e.g. the 10th seek will print 10 such messages). However, I'm far too lazy to analyze this.

comment:5 Changed 5 years ago by cehoyos

  • Keywords http cookie added

Is this still reproducible with current FFmpeg git head?

comment:6 Changed 5 years ago by gjdfgh

I still get "Cookie: (null)" with a0e9dfb5ae5ed45090065612744e4bec10f033bf.

comment:7 Changed 5 years ago by michael

How can this issue be reproduced ?
(its not likely this can/will be fixed if it cannot be reproduced)

comment:8 Changed 5 years ago by cehoyos

  • Resolution set to fixed
  • Status changed from new to closed

Fixed by you in 76c8fbc5

Note: See TracTickets for help on using tickets.