From patchwork Fri Oct 16 12:55:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?5b6Q5oWn5Lmm?= X-Patchwork-Id: 23011 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id E503344988B for ; Fri, 16 Oct 2020 15:55:32 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BD2DD68B9B8; Fri, 16 Oct 2020 15:55:32 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0744768B870 for ; Fri, 16 Oct 2020 15:55:26 +0300 (EEST) Received: by mail-pf1-f193.google.com with SMTP id j18so1474222pfa.0 for ; Fri, 16 Oct 2020 05:55:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=kYjihVE4Fvq7sPYfORekeY33ONZpi2VYsslkzpjxCyM=; b=ukV27Zk0WF+4VJRPw50y08MMdPqaDULq+c5z7fpSYN/EDz0vfd+UD1TvHkJGPg4cuB UvXNwUzcsnCiTce7g6eSy1DxuT5jcc6G+55QoYbj6xCUF50f/rKNdRkj4fGj5rX8JHp/ 8/7OWO0a274v6Eg3t1UBoTinBEFTBtv2o95SrBBvPLapI2h4e6mAFfvonO6Ns5koOsgh pW8NdFtcXkocZ4RxdgGeWK71SqHfvdSiIEauPQURiQlG+LOtadXjNXq2wLpb9JTN9ij5 juqYMnPtlIUG98lM7wZnmYcjEp87t/TfZs1hIHjEq4X4zO0VzQABweqoNjtbrL9AY7I/ ilpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=kYjihVE4Fvq7sPYfORekeY33ONZpi2VYsslkzpjxCyM=; b=tDl/Lbx18vJsuEm8wVA5vwRo9H3DLZDv4E8i6ybUsb+FwOkFvzC0kRBvBMI473sMxQ nF5xoJzXXB1y3OZ+YQmjcH531SJxSv8AUz0IAJkh/haB3BFRqpp9UXaJ/bxmPGXde7gt QDw/Zj2UtJG+jAK0u9dOb9RRxQUZupKUSqrXjzPZwzWt9v4OuNHV1iSNAQ+FYyGojsrJ xng4veUCR3L7208WOT//iu8f+cphH0V3vDGEcpJaP4HdyefbJslxiqRjyg2CGx306R4U MfMIRNRiSYMCYQS3jpDc+NQpNRy6Q0qegx66ze+/3AzkueHmuYSadZ+V+jU6Fh4R1YI9 wmPw== X-Gm-Message-State: AOAM5315caF/O79uQWunKTj6iAIQUOmTdKSP6WDxGiyXKbPkYlNEE0lq 5MaVgdkaFzVtDSY9AYjMHbrTfFcwWfo= X-Google-Smtp-Source: ABdhPJw4huv90iEIgeuiD+v6r8lpYP2hiW+kyyD/1HsA4B+t4qmK/cGHmK9n7D9E704OTn6v6DiobQ== X-Received: by 2002:a65:46c4:: with SMTP id n4mr3040795pgr.362.1602852923712; Fri, 16 Oct 2020 05:55:23 -0700 (PDT) Received: from localhost.localdomain ([47.89.83.18]) by smtp.gmail.com with ESMTPSA id e4sm2985335pjt.31.2020.10.16.05.55.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Oct 2020 05:55:23 -0700 (PDT) From: javashu2012@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Fri, 16 Oct 2020 20:55:12 +0800 Message-Id: <20201016125512.84739-1-javashu2012@gmail.com> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v1] libavformat/hls: During operation, the user exits and interrupts, causing pls->segment to be released, resulting in a null pointer crash X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: bevis Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: bevis Signed-off-by: bevis --- libavformat/hls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/hls.c b/libavformat/hls.c index 72e28ab94f..0a522a4595 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -1979,17 +1979,18 @@ static int hls_read_header(AVFormatContext *s) pls->ctx->interrupt_callback = s->interrupt_callback; url = av_strdup(pls->segments[0]->url); ret = av_probe_input_buffer(&pls->pb, &in_fmt, url, NULL, 0, 0); - av_free(url); if (ret < 0) { /* Free the ctx - it isn't initialized properly at this point, * so avformat_close_input shouldn't be called. If * avformat_open_input fails below, it frees and zeros the * context, so it doesn't need any special treatment like this. */ - av_log(s, AV_LOG_ERROR, "Error when loading first segment '%s'\n", pls->segments[0]->url); + av_log(s, AV_LOG_ERROR, "Error when loading first segment '%s'\n", url); avformat_free_context(pls->ctx); pls->ctx = NULL; + av_free(url); goto fail; } + av_free(url); pls->ctx->pb = &pls->pb; pls->ctx->io_open = nested_io_open; pls->ctx->flags |= s->flags & ~AVFMT_FLAG_CUSTOM_IO;