Opened 7 years ago
Closed 6 years ago
#5869 closed defect (invalid)
ffserver crash when GET sdp file
| Reported by: | korovkin | Owned by: | |
|---|---|---|---|
| Priority: | important | Component: | ffserver |
| Version: | 3.1.5 | Keywords: | codecpar regression crash |
| Cc: | Michael Niedermayer, Sooman Jeong, belegdol@gmail.com, gosha-necr@yandex.ru | Blocked By: | |
| Blocking: | Reproduced by developer: | yes | |
| Analyzed by developer: | no |
Description
Summary of the bug:
when starting the following ffserver instance, running
curl "http://localhost:9203/live.sdp"
seg faults the server.
here is the BT of the crash: http://pastebin.com/Bav5ZpnP
HTTPPort 9203 HTTPBindAddress 0.0.0.0 RTSPPort 9204 RTSPBindAddress 0.0.0.0 MaxHTTPConnections 2000 MaxClients 1000 MaxBandwidth 1000 CustomLog - <Feed feed1.ffm> File feed1.ffm FileMaxSize 5M ACL allow 127.0.0.1 </Feed> <Stream live.mp3> Format rtp Feed feed1.ffm AudioCodec libmp3lame AudioBitRate 128 AudioChannels 2 AudioSampleRate 44100 NoVideo </Stream> <Stream stat.html> Format status # ACL allow localhost </Stream>
built on Ubuntu / OS X with version: 8b21b44e7e312589a6c4dbad1b4214f2a03fb54a
Change History (17)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Please understand that it makes no sense to use external resources for the backtrace and please also provide the complete, uncut console output.
Which change introduced the regression?
comment:3 by , 7 years ago
fair point. here is the crash running with lldb on : origin/release/3.1
the regression was probably introduced somewhere between origin/release/3.0 and origin/release/3.1, as with origin/release/3.0 it seems to be working.
git describe
n3.1.3-5-g8b21b44
lldb – ../ffserver_g -d -f ffmpeg.rtp.conf
(lldb) target create "../ffserver_g"
Current executable set to '../ffserver_g' (x86_64).
(lldb) settings set – target.run-args "-d" "-f" "ffmpeg.rtp.conf"
(lldb) run
Process 72859 launched: '../ffserver_g' (x86_64)
ffserver version n3.1.3-5-g8b21b44 Copyright (c) 2000-2016 the FFmpeg developers
built with Apple LLVM version 8.0.0 (clang-800.0.38)
configuration: --prefix=/usr/local --enable-gpl --enable-nonfree --enable-libfreetype --enable-libmp3lame --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libxvid --enable-ffplay --enable-libfdk-aac --enable-libfaac
libavutil 55. 28.100 / 55. 28.100
libavcodec 57. 48.101 / 57. 48.101
libavformat 57. 41.100 / 57. 41.100
libavdevice 57. 0.101 / 57. 0.101
libavfilter 6. 47.100 / 6. 47.100
libswscale 4. 1.100 / 4. 1.100
libswresample 2. 1.100 / 2. 1.100
libpostproc 54. 0.100 / 54. 0.100
Wed Sep 28 10:57:39 2016 FFserver started.
Wed Sep 28 10:57:43 2016 127.0.0.1 - - New connection: GET /live_001.sdp
ffserver_g was compiled with optimization - stepping may behave oddly; variables may not be available.
Process 72859 stopped
thread #1: tid = 0xba3df7, 0x0000000100b689c1 ffserver_g`av_freep(arg=0x0000000000000010) + 1 at mem.c:247, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
frame #0: 0x0000000100b689c1 ffserver_g`av_freep(arg=0x0000000000000010) + 1 at mem.c:247 [opt]
244
Unknown macro: { 245 void *val; 246 -> 247 memcpy(&val, arg, sizeof(val)); 248 memcpy(arg, &(void *){ NULL }, sizeof(val)); 249 av_free(val); 250 }
(lldb) bt
thread #1: tid = 0xba3df7, 0x0000000100b689c1 ffserver_g`av_freep(arg=0x0000000000000010) + 1 at mem.c:247, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
frame #0: 0x0000000100b689c1 ffserver_g`av_freep(arg=0x0000000000000010) + 1 at mem.c:247 [opt]
frame #1: 0x000000010078f4f7 ffserver_g`avcodec_parameters_from_context [inlined] codec_parameters_reset(par=0x0000000000000000) + 12 at utils.c:4020 [opt]
frame #2: 0x000000010078f4eb ffserver_g`avcodec_parameters_from_context(par=0x0000000000000000, codec=0x0000000102810c00) + 11 at utils.c:4080 [opt]
frame #3: 0x0000000100016399 ffserver_g`prepare_sdp_description(stream=<unavailable>, pbuffer=<unavailable>, my_ip=(s_addr = 0)) + 473 at ffserver.c:2999 [opt]
frame #4: 0x0000000100014d09 ffserver_g`handle_connection + 558 at ffserver.c:1688 [opt]
frame #5: 0x0000000100014adb ffserver_g`handle_connection(c=<unavailable>) + 17739 at ffserver.c:1006 [opt]
frame #6: 0x000000010000fb3c ffserver_g`main [inlined] http_server + 47 at ffserver.c:777 [opt]
frame #7: 0x000000010000fb0d ffserver_g`main(argc=<unavailable>, argv=<unavailable>) + 4205 at ffserver.c:4032 [opt]
frame #8: 0x00007fff912855ad libdyld.dylib`start + 1
frame #9: 0x00007fff912855ad libdyld.dylib`start + 1
(lldb)
comment:4 by , 7 years ago
OK we hit this bug on Linux Fedora https://bugzilla.rpmfusion.org/show_bug.cgi?id=4340
comment:5 by , 7 years ago
| Keywords: | codecpar regression crash added |
|---|
comment:7 by , 7 years ago
| Status: | new → open |
|---|---|
| Version: | unspecified → 3.1.5 |
Crash confirmed for 3.1 & 3.2.1
Which commits do need to be backported ?
comment:8 by , 7 years ago
| Cc: | added |
|---|---|
| Reproduced by developer: | set |
comment:9 by , 7 years ago
From running git bisect, I found that below commit cause this issue.
commit 9200514ad8717c63f82101dc394f4378854325bf
Author: Anton Khirnov <anton@khirnov.net>
Date: Wed Jun 18 20:42:52 2014 +0200
lavf: replace AVStream.codec with AVStream.codecpar
Currently, AVStream contains an embedded AVCodecContext instance, which
is used by demuxers to export stream parameters to the caller and by
muxers to receive stream parameters from the caller. It is also used
internally as the codec context that is passed to parsers.
In addition, it is also widely used by the callers as the decoding (when
demuxer) or encoding (when muxing) context, though this has been
officially discouraged since Libav 11.
comment:10 by , 7 years ago
| Cc: | added |
|---|
comment:11 by , 7 years ago
When I checked master git before, this issue reproduced with git master.
But, today, I found a recent commit resolves this issue on git master.
commit 472fee91bcf9b7bae81fd4c00bbe5151ca458a7c
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue Nov 29 18:48:40 2016 +0100
ffserver_config: Setup codecpar in add_codec()
fixes segfault in the status page code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
When I backport this commit on 3.1 branch, this issue was resolved.
Please backport upper mentioned commit.
Thanks.
comment:12 by , 7 years ago
Hi I found 3.1.6 packages are under testing on rpmfusion.org (http://download1.rpmfusion.org/free/fedora/updates/testing/24/armhfp/repoview/ffmpeg.html)
However, 3.1.6 version does not contain upper mentioned commit.
Since current issue is very critical, is it possible to back port the commit and make another release such as 3.1.7 ?
If it's not possible now, could you please let me know the expected schedule of next release?
comment:13 by , 7 years ago
| Cc: | added |
|---|
comment:14 by , 7 years ago
Friends!
I have exactly the same problem with ffmpeg on FreeBSD 11 amd64.
Version ffmpeg is: ffmpeg-3.2.2_4,1
It segfaults when client attempts to connect to rtsp service initiated by ffserver.
More details here on FreeBSD forums: https://forums.freebsd.org/threads/59518/
Guys, tell me please how fix that issue? I can't broadcast IP cams.
Thanks!
comment:15 by , 7 years ago
| Cc: | added |
|---|
comment:16 by , 7 years ago
Hi Michael,
Requested commit has not been backported to neither 3.1 nor 3.2 branch yet.
Since this issue is very critical, I'd like to request again to backport below commit.
commit 472fee91bcf9b7bae81fd4c00bbe5151ca458a7c
Author: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue Nov 29 18:48:40 2016 +0100
ffserver_config: Setup codecpar in add_codec()
fixes segfault in the status page code
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Thanks,
Sooman
comment:17 by , 6 years ago
| Resolution: | → invalid |
|---|---|
| Status: | open → closed |
Doesn't matter now, ffserver was removed from git master and is no longer maintained, closing bug as invalid
the same experiment works well on version 3.0 :
git describe
n3.0.3-1-g73b644c