Opened 4 years ago

Closed 4 years ago

#8687 closed defect (fixed)

HLS playlist with segment URL without path part causes SIGSEGV

Reported by: Mattias Wadman Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: hls
Cc: liuqi05@kuaishou.com Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

Summary of the bug:

HLS playlist with segment URL without path part causes SIGSEGV

ffmpeg version: master at b5aee6086b717b83bce8f6be4324fabaddec6209 (2020-05-27)

How to reproduce:

/build # cat test.m3u8
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-TARGETDURATION:1
#EXTINF:11.811,
http://a
/build # gdb --args ./ffprobe_g -i test.m3u8
GNU gdb (GDB) 8.3.1
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./ffprobe_g...
(gdb) r
Starting program: /build/ffprobe_g -i test.m3u8
warning: Error disabling address space randomization: Operation not permitted
ffprobe version N-97964-gb5aee6086b Copyright (c) 2007-2020 the FFmpeg developers
  built with gcc 9.2.0 (Alpine 9.2.0)
  configuration: --enable-debug --disable-optimizations
  libavutil      56. 49.100 / 56. 49.100
  libavcodec     58. 88.100 / 58. 88.100
  libavformat    58. 43.100 / 58. 43.100
  libavdevice    58.  9.103 / 58.  9.103
  libavfilter     7. 83.100 /  7. 83.100
  libswscale      5.  6.101 /  5.  6.101
  libswresample   3.  6.100 /  3.  6.100
[hls @ 0x55b973e0c440] Skip ('#EXT-X-VERSION:3')

Program received signal SIGSEGV, Segmentation fault.
0x000055b972e475af in av_stristart (str=0x0, pfx=0x55b972f43388 "/", ptr=0x0) at src/libavutil/avstring.c:47
47	    while (*pfx && av_toupper((unsigned)*pfx) == av_toupper((unsigned)*str)) {
(gdb) l
42	    return !*pfx;
43	}
44
45	int av_stristart(const char *str, const char *pfx, const char **ptr)
46	{
47	    while (*pfx && av_toupper((unsigned)*pfx) == av_toupper((unsigned)*str)) {
48	        pfx++;
49	        str++;
50	    }
51	    if (!*pfx && ptr)
(gdb) bt
#0  0x000055b972e475af in av_stristart (str=0x0, pfx=0x55b972f43388 "/", ptr=0x0) at src/libavutil/avstring.c:47
#1  0x000055b971f17ab5 in trim_double_dot_url (buf=0x7ffc983db350 "\354\003", rel=0x7ffc983da350 "http://a", size=4096) at src/libavformat/url.c:107
#2  0x000055b971f17ddd in ff_make_absolute_url (buf=0x7ffc983db350 "\354\003", size=4096, base=0x55b973e0cbc0 "/Users/wader/src/ffmpeg-master/test.m3u8",
    rel=0x7ffc983da350 "http://a") at src/libavformat/url.c:153
#3  0x000055b971ddd4b4 in parse_playlist (c=0x55b973e0cf00, url=0x55b973e0cbc0 "/Users/wader/src/ffmpeg-master/test.m3u8", pls=0x55b9757c9a00,
    in=0x7f3400745380) at src/libavformat/hls.c:908
#4  0x000055b971de0112 in hls_read_header (s=0x55b973e0c440) at src/libavformat/hls.c:1830
#5  0x000055b971f19db8 in avformat_open_input (ps=0x7ffc983dc508, filename=0x7ffc983ddf02 "/Users/wader/src/ffmpeg-master/test.m3u8", fmt=0x0,
    options=0x55b973b02c08 <format_opts>) at src/libavformat/utils.c:627
#6  0x000055b9719ed16f in open_input_file (ifile=0x7ffc983dc590, filename=0x7ffc983ddf02 "/Users/wader/src/ffmpeg-master/test.m3u8", print_filename=0x0)
    at src/fftools/ffprobe.c:2870
#7  0x000055b9719ed789 in probe_file (wctx=0x55b9757c7040, filename=0x7ffc983ddf02 "/Users/wader/src/ffmpeg-master/test.m3u8", print_filename=0x0)
    at src/fftools/ffprobe.c:3003
#8  0x000055b9719efbc1 in main (argc=3, argv=0x7ffc983dc658) at src/fftools/ffprobe.c:3722
(gdb) p pfx
$1 = 0x561bbf32c388 "/"
(gdb) p str
$2 = 0x0
(gdb) f 1
#1  0x0000561bbe300ab5 in trim_double_dot_url (buf=0x7ffedc617020 "\354\003", rel=0x7ffedc616020 "http://a", size=4096) at src/libavformat/url.c:107
107	    if (!av_stristart(p, "/", NULL) && root != rel)
(gdb) p p
$3 = 0x0
(gdb) f 2
#2  0x0000561bbe300ddd in ff_make_absolute_url (buf=0x7ffedc617020 "\354\003", size=4096, base=0x561bc01f5bc0 "/Users/wader/src/ffmpeg-master/test.m3u8",
    rel=0x7ffedc616020 "http://a") at src/libavformat/url.c:153
153	        trim_double_dot_url(buf, rel, size);
(gdb) p buf
$4 = 0x7ffedc617020 "\354\003"
(gdb) p rel
$5 = 0x7ffedc616020 "http://a"

If i add a slash to the segment URL i get valid error:

/build # cat test.m3u8
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-TARGETDURATION:1
#EXTINF:11.811,
http://a/
/build # gdb --args ./ffprobe_g -i test.m3u8
GNU gdb (GDB) 8.3.1
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-alpine-linux-musl".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./ffprobe_g...
r
(gdb) r
Starting program: /build/ffprobe_g -i /Users/wader/src/ffmpeg-master/test.m3u8
warning: Error disabling address space randomization: Operation not permitted
ffprobe version N-97964-gb5aee6086b Copyright (c) 2007-2020 the FFmpeg developers
  built with gcc 9.2.0 (Alpine 9.2.0)
  configuration: --enable-debug --disable-optimizations
  libavutil      56. 49.100 / 56. 49.100
  libavcodec     58. 88.100 / 58. 88.100
  libavformat    58. 43.100 / 58. 43.100
  libavdevice    58.  9.103 / 58.  9.103
  libavfilter     7. 83.100 /  7. 83.100
  libswscale      5.  6.101 /  5.  6.101
  libswresample   3.  6.100 /  3.  6.100
[hls @ 0x55dc945e2440] Skip ('#EXT-X-VERSION:3')
[hls @ 0x55dc945e2440] Opening 'http://a/' for reading
[http @ 0x7f60466d0cc0] Protocol 'http' not on whitelist 'file,crypto,data'!
[hls @ 0x55dc945e2440] Failed to open segment 0 of playlist 0
[hls @ 0x55dc945e2440] Skip ('#EXT-X-VERSION:3')
    Last message repeated 80 times

Change History (2)

comment:1 by Steven Liu, 4 years ago

Cc: liuqi05@kuaishou.com added

try this patchset:
https://patchwork.ffmpeg.org/project/ffmpeg/list/?series=1335

maybe them can fix your both tickets.

comment:2 by Steven Liu, 4 years ago

Resolution: fixed
Status: newclosed

fix by commit : 029ff31af6801dd2bca1b543575e17eaaa6b0772

Note: See TracTickets for help on using tickets.