[Ffmpeg-devel] Three ffserver patches for review
Luca Abeni
lucabe72
Wed Apr 18 12:56:11 CEST 2007
Hi all,
I fixed some ffserver crashes (only visible when streaming from
RTP/RTSP). I post three patches, which need the ffserver's maintainer
approval because I am not sure if they break http streaming or some
external application.
remove_ffserver_callbacks.diff:
remove the ff_rtsp_callback() from ffserver.c. This callback does not
seem to be used by anyone, and it is not clear how it should be used /
why it is useful. I removed it because rtsp_cmd_teardown() calls it
passing some rtp_c fields as parameters, after performing
close_connection(rtp_c), which does av_free(rtp_c).
The problem could be solved by moving close_connection() after the call
to ff_rtsp_callback(), but since it is not possible to test
ff_rtsp_callback(), I do not know if the change would break it.
At least, this patch makes it clear that if someone cares about
ff_rtsp_callback() he should fix rtsp_cmd_teardown().
fix_possible_ffserver_crash.diff:
rtsp_cmd_teardown() calls
url_fprintf(c->pb, "Session: %s\r\n", rtp_c->session_id)
after freeing rtp_c. This patch fixes the bug by copying
rtp_c->session_id before freeing rtp_c.
do_not_allocate_feed_data_for_files.diff:
when ffserver is initialized, it allocates the AVStream->priv_data field
for containing "feed information" in every AVStream, even if they do not
use any feed. This is ok if the input stream is a "live feed" coming
from ffmpeg, but is not ok for regular files.
In fact, the priv_data field is copied into an AVStream that is created
when an RTP connection is set up, and when the RTP connection terminates
libavcodec av_frees the field... If you start and stop an RTP stream
coming from a file 2 times, libavcodec tries to free some memory that
has already been freed!
The crash can be easily reproduced, by starting to receive an RTP stream
with vlc, stopping the stream, starting it again, and stopping it a
second time. On the second stop, ffserver segfaults.
I think the patch is safe, but I do not know if it breaks some case that
I did not consider...
Thanks,
Luca
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: remove_ffserver_callbacks.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070418/ad6aa468/attachment.asc>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fix_possible_ffserver_crash.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070418/ad6aa468/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: do_not_allocate_feed_data_for_files.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070418/ad6aa468/attachment-0001.asc>
More information about the ffmpeg-devel
mailing list