UC [Live-devel] UC Bug Report (+solution) - RTSP server crashes during multi-subsession stream if only 1 subsession SETUP called

Thu Apr 20 01:30:11 PDT 2023

Hi Ross,

Thanks for your reply.

I am using a subclass of 'OnDemandServerMediaSubsession' and 'FramedSource', as you stated the 'startStream' within our subclass function isn't checking the 'streamToken' is NULL, I will add this as the fix.

Our source code is currently 05/2021 so will look to get this update as well.

Many Thanks

Thomas Collins MEng - Engineer
Applied Science, Security Technologies
Tel: 01684 894972 | Mob: 07968 513075 | Email: ticollins at qinetiq.com

Malvern Technology Centre WR14 3PS (CB A221)

www.QinetiQ.com 

-----Original Message-----
From: live-devel <live-devel-bounces at us.live555.com> On Behalf Of Ross Finlayson
Sent: 19 April 2023 18:43
To: LIVE555 Streaming Media - development & use <live-devel at us.live555.com>
Subject: Re: [Live-devel] UC Bug Report (+solution) - RTSP server crashes during multi-subsession stream if only 1 subsession SETUP called

Thomas,

Thanks for the note.  There might well be a bug in the code, but your suggested fix is not the correct solution.  The reason for this is that I want the server code to process each "fStreamStates[i].subsession” even if the corresponding "fStreamStates[i].streamToken” is NULL - i.e., even if the subsession has not been “SETUP” by the client.  For example, there might be medium/track-specific state that needs to be updated (e.g., when seeking), even though that particular medium/track is not currently being streamed.

If there is a bug, then it appears to be that some function - called by the “RTSPServer” code - is not checking whether the “streamToken” parameter is NULL before trying to access it.

So, could you please tell me where, specifically, this is happening for you?  I.e., where in the code a NULL “streamToken” parameter is trying to be accessed?

But first…

> as my source might not be the absolute latest.

You should really update to the latest version of the code, as this includes several (other) bugfixes, including possible security vulnerabilities that especially affect the RTSP server.  See:
	http://live555.com/liveMedia/faq.html#latest-version
and
	http://live555.com/liveMedia/faq.html#old-versions

Ross Finlayson
Live Networks, Inc.
http://www.live555.com/

_______________________________________________
live-devel mailing list
live-devel at lists.live555.com
http://lists.live555.com/mailman/listinfo/live-devel

This email and any attachments to it may be confidential and are
intended solely for the use of the individual to whom it is 
addressed. If you are not the intended recipient of this email,
you must neither take any action based upon its contents, nor 
copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. QinetiQ retains 
personal data relating to our customers and partners for the 
purposes of conducting a business relationship, communicating
and marketing to them as well as to providing invitations to 
upcoming events.  
Please see our Privacy Notice ( https://www.qinetiq.com/Privacy-Policy )
for further information.  In accordance with our Privacy Notice, you
have the right to withdraw your consent at any time. QinetiQ may 
monitor email traffic data and also the content of email for 
the purposes of security. QinetiQ Limited (Registered in England
& Wales: Company Number: 3796233) Registered office: Cody Technology 
Park, Ively Road, Farnborough, Hampshire, GU14 0LX  https://www.qinetiq.com.