[Ffmpeg-devel] Three ffserver patches for review

Luca Abeni lucabe72
Wed Apr 18 12:56:11 CEST 2007

Hi all,

I fixed some ffserver crashes (only visible when streaming from 
RTP/RTSP). I post three patches, which need the ffserver's maintainer 
approval because I am not sure if they break http streaming or some 
external application.

remove the ff_rtsp_callback() from ffserver.c. This callback does not 
seem to be used by anyone, and it is not clear how it should be used / 
why it is useful. I removed it because rtsp_cmd_teardown() calls it 
passing some rtp_c fields as parameters, after performing 
close_connection(rtp_c), which does av_free(rtp_c).
The problem could be solved by moving close_connection() after the call 
to ff_rtsp_callback(), but since it is not possible to test 
ff_rtsp_callback(), I do not know if the change would break it.
At least, this patch makes it clear that if someone cares about 
ff_rtsp_callback() he should fix rtsp_cmd_teardown().

rtsp_cmd_teardown() calls
url_fprintf(c->pb, "Session: %s\r\n", rtp_c->session_id)
after freeing rtp_c. This patch fixes the bug by copying 
rtp_c->session_id before freeing rtp_c.

when ffserver is initialized, it allocates the AVStream->priv_data field 
for containing "feed information" in every AVStream, even if they do not 
use any feed. This is ok if the input stream is a "live feed" coming 
from ffmpeg, but is not ok for regular files.
In fact, the priv_data field is copied into an AVStream that is created 
when an RTP connection is set up, and when the RTP connection terminates 
  libavcodec av_frees the field... If you start and stop an RTP stream 
coming from a file 2 times, libavcodec tries to free some memory that 
has already been freed!
The crash can be easily reproduced, by starting to receive an RTP stream 
with vlc, stopping the stream, starting it again, and stopping it a 
second time. On the second stop, ffserver segfaults.
I think the patch is safe, but I do not know if it breaks some case that 
I did not consider...

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: remove_ffserver_callbacks.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070418/ad6aa468/attachment.asc>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fix_possible_ffserver_crash.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070418/ad6aa468/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: do_not_allocate_feed_data_for_files.diff
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070418/ad6aa468/attachment-0001.asc>

More information about the ffmpeg-devel mailing list