[Live-devel] Two possible problems in RTSPServer class

Vadim Kosarev vad at vad.pp.ru
Fri Apr 20 02:05:15 PDT 2012


Hello Ross!

1. I have seen possible ServerMediaSession object leak in
RTSPServer::RTSPClientSession::handleCmd_SETUP method.
This method changes client session object member variable
fOurServerMediaSession (pointer to ServerMediaSession) and calls
fOurServerMediaSession->incrementReferenceCount() if this
ServerMediaSession is really changed. But this method does not call
decrementReferenceCount() on previously stored ServerMediaSession (if
any). So if an RTSP client will send two SETUP commands referring
different streams then ServerMediaSession object of stream of first
SETUP command will have excess reference counter increment that will
prevent this ServerMediaSession object from being deleted. Maybe there
are no such RTSP client but I think any protection against harmful
behaviour of other software is welcome.

2. Also I have seen possible ServerMediaSession object relations bug
in RTSPServer::addServerMediaSession/RTSPServer::removeServerMediaSession
methods.
Method addServerMediaSession adds a ServerMediaSession object to
hashmap fServerMediaSessions and call removeServerMediaSession on
ServerMediaSession object previously set in the hashmap (if both
objects have same stream name). Method removeServerMediaSession
removes from the hashmap new ServerMediaSession object just added by
addServerMediaSession. This breaks objects relations. I think
removeServerMediaSession must check if specified ServerMediaSession
object still in the hashmap before call fServerMediaSessions->Remove.

I have found these bugs when I start code ServerMediaSession objects
replacing on live source properties changing.


More information about the live-devel mailing list