From patchwork Tue Jul 14 12:14:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Moritz Barsnick X-Patchwork-Id: 21003 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 94AB844B32F for ; Tue, 14 Jul 2020 15:14:18 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 74AEA68AFA5; Tue, 14 Jul 2020 15:14:18 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CCC6D68AF9D for ; Tue, 14 Jul 2020 15:14:12 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1594728852; bh=cAOIuHqMQ1549JEqOQhZ1nOQuq6B4IvIBv29ch3NNR8=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=cXJ3jciQWGOI23lMmXd8y5l2Z+zwvw/AP4+xftTjAt06vHz2+0uIcUM9zsPjXCmaw D0rAYK0wPBO0yoiFGQmeiIWW6l3EuQDtd9LgpwujyKRKl1hPJ1vEQXA5YKQuv8BGmG G1x5c8UTg1T/mnmBvUkp4EwyZKNS5RqybSIl9Vnw= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from sunshine.barsnick.net ([89.182.225.22]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MVeMG-1kKekJ3bnA-00RZ3A; Tue, 14 Jul 2020 14:14:12 +0200 Date: Tue, 14 Jul 2020 14:14:07 +0200 From: Moritz Barsnick To: FFmpeg development discussions and patches Message-ID: <20200714121407.GA24772@sunshine.barsnick.net> References: <20180627082151.9794-1-barsnick@gmx.net> <20190919154230.19017-1-barsnick@gmx.net> <20200710191327.GB16321@sunshine.barsnick.net> <20200712145445.i6xjvmyu34lq6356@manj> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200712145445.i6xjvmyu34lq6356@manj> X-Provags-ID: V03:K1:h8AnrQX6eoGH8p2hy06FmLgWOiLETJ70WWNYtky6zzx/o1AETu8 eJMtuuOgL9tXphzFFiHvEWEayuYHgzVjuYAMUzF7xhN336ofBTTrvPmQfaAdBq0QVYaR148 86d9A6cAYdRjTgSITjBnflxuWayuVtI1Y+RST5s838sS59THBWzT8xtIRAuz4hP2EMdWHX7 +D7On8nm6kEgfoE9AomvQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:E9Flyw1e4G4=:tZvtRfmcYBC/C5SsfxHCiZ uAY9RIKei/GoIyOIRIZpmneVFsziCLzq/YhLPhw6yN88t4GFG0Hm+/RWTsZFcSi3+aUbCI8iB Durwo2xiVdLNGiiZPKgeRlUrD4XRPfawHhr8FE6WERizAgQm6+42WBfu9Slww+PQ37RmXou1h 8iA+sz9S84T0rgqqRLTUTC47qCSgsZhejUU8sy0YUMRJKw8GG/08EaRRcwcUkNLQq4nVea/VE i1oGf48e3a3YvllHyzNO4Q/0kdHcHK/9pY0JsJ7ewO6Z2XRmq7wZb8mVQIw/4P6ck+3ycCtOe /cA/uDMpbNWg1b5hEv7d8oEn5P2KVUJiQ19HNOcLGiZKOC1sVyZbgFeT46xRg7/Lb5zh/x41v EBkd4MFo7+hVg4hnqwWCqZ1Unajo9owo07NkAw678CvdeoutEU3wO68yZ0TkeB+JvrKPsOlnq UF6LniW3mWHn+bM9/vXn5eflzsEPggWhcyQnLA2VsgaBG7VSCuoPxl2Vq4HpZjvQhhkqFOK4j +MaBoSmgT46PSjzcTzZqJ3kppt7OgDePVnxvMw3hzgSemSVF5GnerMRpr0+YHcdXTJ4TrfdKE SP6JqXfQbjDs7RQ5/oGgJRlE3uwA9uzg2j0QqouXRKxLEk0qJLENLHIRiCnpvgrsWu1Epo06v RCwlsyRWETSDluitUU+OuOpB/Q+Nhp3MIqgbsAPR2LB2WWLR8tpQ+0X5X3ZuL460FrbSjyl0w PH3R6L/uBA3Yq3Ns7CkOSrQsPZrlGjfoHG0TTj7CIjMEpc6ViJO04Qxs1lAZ04HFQz/KENgTy pyc1N73AZbhHkK+yNuCreB6WgWT0YeQUYk7aQJ2ZrR7I3NANcAAQJnRa9oZ3XD3s6pz5ZL8qN +ibiy6llt9FpSxTKDcHjce78wA2ui4Rfg0IKEfTgzM8AhzD1lLO3yOfHsizUjL+X0uRYPAB9s IXsErDd3YxueZlN9bFi69ZGjoBXNFG0OXkw/hwnAjBCJBVB3HA0UEqFMm7iAuXdFHNviBjKfa Zh0wHSyKCTSGch8/4Zd+9i7rywBJpa012676nQwlmfNxVs8/aGyCk1PbtzhGQQAdQLHangygt woL+YbrJd0FVH+ga46M2g140qnb1NrJW7LQGR1PItQllAuDuo5UJztU8oprzEM/wHE/B1SFzO zpHbkUnKX+9d6+cEsrEcXyrj0I8owPOn2SP2OGdSNdm5BVHpz6y3ZwCEfA4/wE40EJUSJYgt/ jR5e0NoDGjTyDFx50 Subject: [FFmpeg-devel] [PATCH v5] avdevice/xcbgrab: check return values of xcb query functions X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" On Sun, Jul 12, 2020 at 10:54:45 -0400, Andriy Gelman wrote: > On Fri, 10. Jul 21:13, Moritz Barsnick wrote: > > Since xcbgrab is getting some attention recently... > > > > Fixes a segfault, as reported in #7312. > > > > To reproduce: > > Terminal 1: > > $ Xvfb :1 -nolisten tcp -screen 0 800x600x24 > > Terminal 2: > > $ ffmpeg -f x11grab -i :1 -f null - > > or rather > > $ gdb -ex r --args ffmpeg_g -f x11grab -i :1 -f null - > > Then terminate Xvfb while ffmpeg is running. > > The rest of the av_log calls use AVFormatContext*. > You may want to update to be consistent. Good point. I didn't mind the "xcbgrab indev" vs. "x11grab", but it's indeed inconsistent. Updated patch attached. Moritz From 269b43209394c0eceb83f5ae384792c32305333a Mon Sep 17 00:00:00 2001 From: Moritz Barsnick Date: Tue, 14 Jul 2020 14:07:33 +0200 Subject: [PATCH] avdevice/xcbgrab: check return values of xcb query functions Fixes #7312, segmentation fault on close of X11 server xcb_query_pointer_reply() and xcb_get_geometry_reply() can return NULL if e.g. the X server closes or the connection is lost. This needs to be checked in order to cleanly exit, because the returned pointers are dereferenced later. Furthermore, their return values need to be free()d, also in error code paths. Signed-off-by: Moritz Barsnick --- libavdevice/xcbgrab.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) -- 2.26.2 diff --git a/libavdevice/xcbgrab.c b/libavdevice/xcbgrab.c index 6f6b2dbf15..8bc320d055 100644 --- a/libavdevice/xcbgrab.c +++ b/libavdevice/xcbgrab.c @@ -346,8 +346,10 @@ static void xcbgrab_draw_mouse(AVFormatContext *s, AVPacket *pkt, return; cursor = xcb_xfixes_get_cursor_image_cursor_image(ci); - if (!cursor) + if (!cursor) { + free(ci); return; + } cx = ci->x - ci->xhot; cy = ci->y - ci->yhot; @@ -425,7 +427,16 @@ static int xcbgrab_read_packet(AVFormatContext *s, AVPacket *pkt) pc = xcb_query_pointer(c->conn, c->screen->root); gc = xcb_get_geometry(c->conn, c->screen->root); p = xcb_query_pointer_reply(c->conn, pc, NULL); + if (!p) { + av_log(s, AV_LOG_ERROR, "Failed to query xcb pointer\n"); + return AVERROR_EXTERNAL; + } geo = xcb_get_geometry_reply(c->conn, gc, NULL); + if (!geo) { + av_log(s, AV_LOG_ERROR, "Failed to get xcb geometry\n"); + free(p); + return AVERROR_EXTERNAL; + } } if (c->follow_mouse && p->same_screen)