[Live-devel] Invalid read in HandleCmd_DESCRIBE

Meng Ruijie ruijie_meng at u.nus.edu
Thu Jun 8 00:08:58 PDT 2023 

Hi,

We found one memory issue about an invalid read in the function handleCmd_DECRIBE in live.2023.05.10. Here is the bug report from the Valgrind:

---

==1744== Invalid read of size 1
==1744==    at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1744==    by 0x4E2FD14: __vfprintf_internal (vfprintf-internal.c:1688)
==1744==    by 0x4E42F99: __vsnprintf_internal (vsnprintf.c:114)
==1744==    by 0x4EE4F40: __snprintf_chk (snprintf_chk.c:38)
==1744==    by 0x130589: snprintf (stdio2.h:67)
==1744==    by 0x130589: RTSPServer::RTSPClientConnection::handleCmd_DESCRIBE_afterLookup(ServerMediaSession*) (RTSPServer.cpp:434)
==1744==    by 0x12EE20: RTSPServer::RTSPClientConnection::handleCmd_DESCRIBE(char const*, char const*, char const*) (RTSPServer.cpp:397)
==1744==    by 0x12F847: RTSPServer::RTSPClientConnection::handleRequestBytes(int) (RTSPServer.cpp:862)
==1744==    by 0x170C70: GenericMediaServer::ClientConnection::incomingRequestHandler() (GenericMediaServer.cpp:324)
==1744==    by 0x188D19: BasicTaskScheduler::SingleStep(unsigned int) (BasicTaskScheduler.cpp:153)
==1744==    by 0x18A3C2: BasicTaskScheduler0::doEventLoop(char volatile*) (BasicTaskScheduler0.cpp:82)
==1744==    by 0x12CA2E: main (testOnDemandRTSPServer.cpp:462)
==1744==  Address 0x1ffeffeda0 is on thread 1's stack
==1744==  232 bytes below stack pointer
==1744==
==1744==
==1744== Process terminating with default action of signal 2 (SIGINT)
==1744==    at 0x170DD0: snprintf (stdio2.h:67)
==1744==    by 0x170DD0: GenericMediaServer::createNewClientSessionWithId() (GenericMediaServer.cpp:403)
==1744==    by 0x12F926: RTSPServer::RTSPClientConnection::handleRequestBytes(int) (RTSPServer.cpp:881)
==1744==    by 0x170C70: GenericMediaServer::ClientConnection::incomingRequestHandler() (GenericMediaServer.cpp:324)
==1744==    by 0x188D19: BasicTaskScheduler::SingleStep(unsigned int) (BasicTaskScheduler.cpp:153)
==1744==    by 0x18A3C2: BasicTaskScheduler0::doEventLoop(char volatile*) (BasicTaskScheduler0.cpp:82)
==1744==    by 0x12CA2E: main (testOnDemandRTSPServer.cpp:462)
==1744==
==1744== HEAP SUMMARY:
==1744==     in use at exit: 679,238 bytes in 423 blocks
==1744==   total heap usage: 1,708 allocs, 1,285 frees, 8,952,007 bytes allocated
==1744==
==1744== LEAK SUMMARY:
==1744==    definitely lost: 0 bytes in 0 blocks
==1744==    indirectly lost: 0 bytes in 0 blocks
==1744==      possibly lost: 0 bytes in 0 blocks
==1744==    still reachable: 679,238 bytes in 423 blocks
==1744==         suppressed: 0 bytes in 0 blocks
==1744== Rerun with --leak-check=full to see details of leaked memory
==1744==
==1744== Use --track-origins=yes to see where uninitialised values come from
==1744== For lists of detected and suppressed errors, rerun with: -s
==1744== ERROR SUMMARY: 10 errors from 4 contexts (suppressed: 0 from 0)
==1755==    at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1755==    by 0x4E2FD14: __vfprintf_internal (vfprintf-internal.c:1688)
==1755==    by 0x4E42F99: __vsnprintf_internal (vsnprintf.c:114)
==1755==    by 0x4EE4F40: __snprintf_chk (snprintf_chk.c:38)
==1755==    by 0x130A91: snprintf (stdio2.h:67)
==1755==    by 0x130A91: RTSPServer::RTSPClientSession::handleCmd_PLAY(RTSPServer::RTSPClientConnection*, ServerMediaSubsession*, char const*) (RTSPServer.cpp:1978)
==1755==    by 0x131FCC: RTSPServer::RTSPClientSession::handleCmd_withinSession(RTSPServer::RTSPClientConnection*, char const*, char const*, char const*, char const*) (RTSPServer.cpp:1739)
==1755==    by 0x12F299: RTSPServer::RTSPClientConnection::handleRequestBytes(int) (RTSPServer.cpp:996)
==1755==    by 0x170C70: GenericMediaServer::ClientConnection::incomingRequestHandler() (GenericMediaServer.cpp:324)
==1755==    by 0x188D19: BasicTaskScheduler::SingleStep(unsigned int) (BasicTaskScheduler.cpp:153)
==1755==    by 0x18A3C2: BasicTaskScheduler0::doEventLoop(char volatile*) (BasicTaskScheduler0.cpp:82)
==1755==    by 0x12CA2E: main (testOnDemandRTSPServer.cpp:462)
==1755==  Address 0x1ffeffedd0 is on thread 1's stack
==1755==  232 bytes below stack pointer
==1755==
==1755==
==1755== Process terminating with default action of signal 2 (SIGINT)
==1755==    at 0x4ECBF7A: select (select.c:41)
==1755==    by 0x188BC5: BasicTaskScheduler::SingleStep(unsigned int) (BasicTaskScheduler.cpp:90)
==1755==    by 0x18A3C2: BasicTaskScheduler0::doEventLoop(char volatile*) (BasicTaskScheduler0.cpp:82)
==1755==    by 0x12CA2E: main (testOnDemandRTSPServer.cpp:462)
==1755==
==1755== HEAP SUMMARY:
==1755==     in use at exit: 1,251,900 bytes in 452 blocks
==1755==   total heap usage: 3,013 allocs, 2,561 frees, 5,545,849 bytes allocated
==1755==
==1755== LEAK SUMMARY:
==1755==    definitely lost: 160 bytes in 1 blocks
==1755==    indirectly lost: 0 bytes in 0 blocks
==1755==      possibly lost: 0 bytes in 0 blocks
==1755==    still reachable: 1,251,740 bytes in 451 blocks
==1755==         suppressed: 0 bytes in 0 blocks
==1755== Rerun with --leak-check=full to see details of leaked memory
==1755==
==1755== Use --track-origins=yes to see where uninitialised values come from
==1755== For lists of detected and suppressed errors, rerun with: -s
==1755== ERROR SUMMARY: 31 errors from 6 contexts (suppressed: 0 from 0)


------
Kind Regards,
Ruijie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20230608/57d802e1/attachment-0001.htm>

More information about the live-devel mailing list