From patchwork Fri Jul 10 19:13:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Moritz Barsnick X-Patchwork-Id: 20950 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 655EB44BD67 for ; Fri, 10 Jul 2020 22:13:35 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 35EF868826C; Fri, 10 Jul 2020 22:13:35 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6132E6809CD for ; Fri, 10 Jul 2020 22:13:29 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1594408407; bh=llQ2JV0QMoed3r8Awpg/O7Rj0BSOLXyyPGUUG/qAqxw=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=bu9k+iyqmtx1PuxtKQit6lK7h37lrUZvuaw1+wFL3b/CRr8+zhGOM8XpehHsrot4G e53ZvsGVRfRJOfQPyHBOAY5woTX5FPu7uRDJzcqNBtuwqbzwn0Tr3R5dxTpOSjxiAp PbuQioeV5LhrH+G2aU4YrvnqvLpqibsWORt/RIhQ= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from sunshine.barsnick.net ([89.182.224.158]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MplXp-1kfLJ40cH7-00qDFm; Fri, 10 Jul 2020 21:13:27 +0200 Date: Fri, 10 Jul 2020 21:13:27 +0200 From: Moritz Barsnick To: FFmpeg development discussions and patches Message-ID: <20200710191327.GB16321@sunshine.barsnick.net> References: <20180627082151.9794-1-barsnick@gmx.net> <20190919154230.19017-1-barsnick@gmx.net> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20190919154230.19017-1-barsnick@gmx.net> X-Provags-ID: V03:K1:slcflB5TAJ7+nrTuk+8vjd9QMOX4r7IJFPLL/h8WCi1KmXEHpK2 pxKv5/QsCU+Oucl0A4So+q6Y0Db5n6fayTNa/IVh9WZH/yPUd8eYJoDQv+hpFQbaLi3j3kh kq4/V5Aw3Yc/b99ceLrhUW6mEOcMIFuZayzyJl3CCu365ga9OltRheiT0sluDdvoxdkqGNW iFfuXrk/Ny5bMYoLRKKXg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:sM+LB9DabpY=:iqc5de9jHrJYJnsGzevVhD xF0A1bRfXX9AuvvoevvmWPnPnrs7Q5QnchoXMAwSUwol7YpCkqYZq2EtFz7BPn9IMdhKqh4J9 Kf4j9xDT112Q4bvOBF+5AGVQ/NaQzQkd+ZXqU7g2WdYikE1nnl6CCJQkgTiCWTL6aQjt/uw/S AgUX4DPc8oHy0w8BxkLhktarGyDOa8Qg7s037f/KkG6djya4X3sSETIwAW7VObir955L+Kliu 4DCfpySlS5EL2jy9UTpyddzgGqJCCiCjrhCOecjfu1J6KF6oDpPd3j0TXJPJM6LrLTVOHGFLs 3s3YiBFz/oDj3krZFN4kW6P23yc/KZOPT1Fzr3hZbtQBcS2RCcdmTqFymLYEZUU7WX0VMaYY8 4gSygmWkhrgn6zN0fYPWWoQtaV4sV0fAJDKHYNnSyZj6vdt0u0XmY918FsV2nARItZAHIpskm OmdtKpJx+YGq+ewUtrvmYSosdiuAO3Tqz5UgLySw9qQibnxfgxzHZw1uO4NmoISrfP7EXe5GR HDtePdUNhVFTZpVzGnOJiHcNIraYylcZdRUnmK3Zt7dNLdGNxPfUbRPFHyb/q52iYXdDSUBGP k9Lzdj6q3zbrJViQ8axxHSAW3oN3rAXQTAK2+gQ4tvAFFoADET6qtd8J58lLxmO+Xqrki0is0 D63lrs1OGhjae94HYHhhQuM84EKIpeJDW+Y11GwkO1aaOjjKw3ggdYofWYCvpNpal6Sp+tAaN REUfiB0uTevgNHn5ffnrm/essRaysH8z4nqs6Ym+DWvfF+EmmrPKiy7zAxM0TXftIkQhLUb9G eeLDEqfbMJnDUunwQh5ekeKzP92NHjPZ2Jp7oEOHiZgoJhi2Sq8htlLOSXtJqjIPY25i7Spr6 8zlIw8H9IUfmlKnyBbcoNRlzX4pSJotrqudwzQ7rninIKo6p0x/hbkOB0fh9+2KUt55qFwNb5 CvoTfLMi0lmIY1sF8wADrG58upJ+V6cDdr4qc60fkJ1CEZbHDM4aOMI355lzxc1VGZcGWN0kX caGJtKvgJQMM/f5O8CbR0iJjkrXHQM2f6+q/FELm0aNT5dpwzWbes+FGa4pDohyA6RxJJaf6+ NOhjtvmBYkMD8AHUke1NQxpRsCr8euFAJNPQbp1by1AkpTyRDD4U/F7Tv6kdOpb2DzDDQpuG7 UbkxbjwoRqT+8PxxOEc6rT2EBLGwl+vRkDKU9v4+7puGYgj5M6KxB5X0i1wnBha5f2ErzsxMA MGTSZdgC/ZfkKWl0a Subject: [FFmpeg-devel] [PATCH v4] avdevice/xcbgrab: check return values of xcb query functions X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Since xcbgrab is getting some attention recently... Fixes a segfault, as reported in #7312. To reproduce: Terminal 1: $ Xvfb :1 -nolisten tcp -screen 0 800x600x24 Terminal 2: $ ffmpeg -f x11grab -i :1 -f null - or rather $ gdb -ex r --args ffmpeg_g -f x11grab -i :1 -f null - Then terminate Xvfb while ffmpeg is running. Cheers, Moritz From 3bbf40dd08bb67e993cca97880aec032644fd02b Mon Sep 17 00:00:00 2001 From: Moritz Barsnick Date: Fri, 10 Jul 2020 13:26:55 +0200 Subject: [PATCH] avdevice/xcbgrab: check return values of xcb query functions Fixes #7312, segmentation fault on close of X11 server xcb_query_pointer_reply() and xcb_get_geometry_reply() can return NULL if e.g. the X server closes or the connection is lost. This needs to be checked in order to cleanly exit, because the returned pointers are dereferenced later. Furthermore, their return values need to be free()d, also in error code paths. Signed-off-by: Moritz Barsnick --- libavdevice/xcbgrab.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) -- 2.26.2 diff --git a/libavdevice/xcbgrab.c b/libavdevice/xcbgrab.c index 6f6b2dbf15..be4e0d14f9 100644 --- a/libavdevice/xcbgrab.c +++ b/libavdevice/xcbgrab.c @@ -346,8 +346,10 @@ static void xcbgrab_draw_mouse(AVFormatContext *s, AVPacket *pkt, return; cursor = xcb_xfixes_get_cursor_image_cursor_image(ci); - if (!cursor) + if (!cursor) { + free(ci); return; + } cx = ci->x - ci->xhot; cy = ci->y - ci->yhot; @@ -425,7 +427,16 @@ static int xcbgrab_read_packet(AVFormatContext *s, AVPacket *pkt) pc = xcb_query_pointer(c->conn, c->screen->root); gc = xcb_get_geometry(c->conn, c->screen->root); p = xcb_query_pointer_reply(c->conn, pc, NULL); + if (!p) { + av_log(c, AV_LOG_ERROR, "Failed to query xcb pointer\n"); + return AVERROR_EXTERNAL; + } geo = xcb_get_geometry_reply(c->conn, gc, NULL); + if (!geo) { + av_log(c, AV_LOG_ERROR, "Failed to get xcb geometry\n"); + free(p); + return AVERROR_EXTERNAL; + } } if (c->follow_mouse && p->same_screen)