From patchwork Wed Aug 5 12:37:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Moritz Barsnick X-Patchwork-Id: 21495 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id C26B144BB79 for ; Wed, 5 Aug 2020 15:37:46 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9817068B741; Wed, 5 Aug 2020 15:37:46 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2D66468B5D0 for ; Wed, 5 Aug 2020 15:37:41 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1596631060; bh=XjyRFL8V5UUpz057QFlH10UCKnyHxgCaq+yNgjayVac=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=I1ht2b106hPXIAGISKxD5dhKNagElbhQlnabhQwySUFNmp4gAGnoFjI3ANnVVr4xX MM+eNUAjBB8CPncWAIqTeejaBPU0rGWQ1+y2ri6cytaXaG71F+hnnfSCBYX/a+PnBF GDfnzS9Bcjib7jpAVW/uL5iz2Kf/EWx3xy8IKCzk= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from sunshine.barsnick.net ([89.182.224.167]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N33ET-1kkMor0rL3-013MPh; Wed, 05 Aug 2020 14:37:40 +0200 Date: Wed, 5 Aug 2020 14:37:36 +0200 From: Moritz Barsnick To: FFmpeg development discussions and patches Message-ID: <20200805123736.GA8049@sunshine.barsnick.net> References: <20180627082151.9794-1-barsnick@gmx.net> <20190919154230.19017-1-barsnick@gmx.net> <20200710191327.GB16321@sunshine.barsnick.net> <20200712145445.i6xjvmyu34lq6356@manj> <20200714121407.GA24772@sunshine.barsnick.net> <20200717035422.szish5akricdwxap@manj> <20200719211905.GC7781@akuma.local> <20200719234729.kxcrgfwd6daecix6@jackie> <20200720071855.GA1961@akuma.local> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20200720071855.GA1961@akuma.local> X-Provags-ID: V03:K1:t7VjQJMBlCgUTfGY8JIwdOjVVUc+FlsHH0twh7ayDy88BLno01x SxkO1T7FdhKKKu0Jtm6d7bflS/DGPZjTbJS5A5GT70/s8Yq3mNrbsiTwlynnd2CSq50ep91 3qp1pfc02IRvmQCrntL2DGbZxbHV9hGBUEovxCf+NxphVTzeJCNC2rI7RbvSaZE9JKJHurC nAf/nt5eTaPhf9w7BFi8Q== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:4iQHcRWeBTY=:zw3cxT8wLmLDfPojbDyfwP CpvcIKF1FmMxVonfEBcgVEDpeq6p2jhryZ6Y6ZB5OgMIs2Vax5I1mVoWRlH/pYcTxNwXbq6/i ZwBluD7yI+ZuoQquALhP4PTvBFTswH1RBxKEYac5rWoX2nLUcy5CjyHdj82SzDMtVp0tDECJs QbO7TLBx+uIA4mtyQqpa5+MR1/jwONh5DEVdKM3PDKasosKhsc/pJCabZXCFk4jwL3XlXW1JX k8dvVioA4BNvWSjm+sCUTWVi5HugYQG0+JfF4QQYQdqYrhuqFfRfhsQHngnzZZqChPWim2IUw kA6+PyPI5pqTQLrzXpQqD1Gm74gBiNA8u16bdtIzvYwFYgJn2ernF8WbG+XkMe3+/DA9Z/P5L Ca/Zhzmbyy9SEv3HpEd15S7DvIrZk9ucff2y3ertX8rfQUPTSFG1lNe9U2V1v9qi+JZu3JCSk 6ZcQb0dUZPQQ01IYC2HGT/49LS3lQJpwOsrCIDEgeRePaK50Li8W20PvJ3HmvVrsl1lCeUFk/ lm3YYwMIdndr8DSmISoYLltl5Ksp7Zi5P4RTJC8fzF3Xf1HeQLyyk7KPVgjizjAavYCTpAPSW UrfEtqJJkJ4o1stj6lcxW8Ed6pvKIAMjWhPxNTFBC1jDgCpJbAGixM/aWywONOPY0xGG96hJP E65B/844tk+rpFWfJurLtRBBS5TfjfsHrGCXNG3LNo4T57P5PngxZVEu80WV/iTnqM8tN3iiu WDgD43O4AQ2ikCauirvSaXHsdCc6clOEx6gJAJk/sEPjy39o0u2nwlvNUFq+OpnbnHPgjaKk7 0FhF4OLvaRHYl0/MA4XSnwmMIxbhXSfEy1VB8YvSHqlQPrx5nIbpG4Pv0geFOu+h/rAVgnQBv yBtjo9Eh0Rz4MN5X5zRAyLdWg221Iqskz6F0z+P8E/ngwQUxN9ZRIl4SpO7PXAcFsJQnxs00N MY/9k6kHweGK6uFSvTpJiA/3BuLYxmIUfBry1X7dzgtraZH+YBdS8WzaCpO88vnRE13UkJJqp Iak6G3LVEeXmXoTaH0Qnu8kTNW/mBtzxgac5RHsJIznP63Dwt/u19J7MiPXIh5a+ySODps3Xk bl9IgJo+amp1YaKWPA/uhaRNHxh8Y+eP7RruqqRxAQQP4gVCtIwqUGEO9iXOsZmJvxa83Cp2t NC1p8qq+UokyRBiS8tK8KXumBKIn4k/Pv6TmYYGghjAofcVSYCa+fPT20gDd+f3GSs2KtF6fH mLSM9WyW5J2rv47rr Subject: [FFmpeg-devel] [PATCH v6] avdevice/xcbgrab: check return values of xcb query functions X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" On Mon, Jul 20, 2020 at 09:18:55 +0200, Alexander Strasser wrote: > On 2020-07-19 19:47 -0400, Andriy Gelman wrote: > > > > This check seems dead code. Looking at xcb sources, cursor is just an offset in > > > > memory from ci so I don't think it can be null here. > > But anyway, this part of the patch doesn't really have anything to do with > > ticket #7312, and should be in a separate patch. > > Yes, it's definitely something that was changed in this patch > at all. So it's better not to touch it in this patch. Okay, so I "fixed" dead code. You guys can remove the dead code yourselves then, if you like. ;-) New patch for the original issue attached, not touching the dead code. Thanks, Moritz From e44b7f03354add2272a2739e04aafb38b7ce027f Mon Sep 17 00:00:00 2001 From: Moritz Barsnick Date: Wed, 5 Aug 2020 14:06:53 +0200 Subject: [PATCH] avdevice/xcbgrab: check return values of xcb query functions Fixes #7312, segmentation fault on close of X11 server xcb_query_pointer_reply() and xcb_get_geometry_reply() can return NULL if e.g. the X server closes or the connection is lost. This needs to be checked in order to cleanly exit, because the returned pointers are dereferenced later. Signed-off-by: Moritz Barsnick --- libavdevice/xcbgrab.c | 9 +++++++++ 1 file changed, 9 insertions(+) -- 2.26.2 diff --git a/libavdevice/xcbgrab.c b/libavdevice/xcbgrab.c index 6f6b2dbf15..8ef2a30d02 100644 --- a/libavdevice/xcbgrab.c +++ b/libavdevice/xcbgrab.c @@ -425,7 +425,16 @@ static int xcbgrab_read_packet(AVFormatContext *s, AVPacket *pkt) pc = xcb_query_pointer(c->conn, c->screen->root); gc = xcb_get_geometry(c->conn, c->screen->root); p = xcb_query_pointer_reply(c->conn, pc, NULL); + if (!p) { + av_log(s, AV_LOG_ERROR, "Failed to query xcb pointer\n"); + return AVERROR_EXTERNAL; + } geo = xcb_get_geometry_reply(c->conn, gc, NULL); + if (!geo) { + av_log(s, AV_LOG_ERROR, "Failed to get xcb geometry\n"); + free(p); + return AVERROR_EXTERNAL; + } } if (c->follow_mouse && p->same_screen)