[Live-devel] Invalid read in HandleCmd_DESCRIBE
Ross Finlayson
finlayson at live555.com
Thu Jun 8 18:01:39 PDT 2023
> On Jun 8, 2023, at 9:24 PM, Meng Ruijie <ruijie_meng at u.nus.edu> wrote:
>
> We used the address sanitizer to reproduce this bug again. The following is the bug report. We also attached the relevant files, and you can reproduce this bug based on the README.
Thank you for the instructions on how to reproduce the problem. This is much more useful than just posting “valgrind” output.
Unfortunately, however, following your instructions, I wasn’t able to reproduce the problem at all. The only ‘error’ I saw was:
RTSPServer.cpp:661:33: runtime error: index -3 out of bounds for type 'unsigned char [20000]’
which is not actually an error. The code in “RTSPServer.cpp” does, indeed, initially point to entry -3 in an array, but this is just a hack in the code to make parsing of incoming RTSP requests easier. It never actually tries to dereference this address.
Using "aflnet-replay” to send (to “testOnDemandRTSPServer”) the "client-requests” that you provided, I was never able to reproduce the alleged "stack-use-after-return” error. Furthermore, the parameters provided to the call to “snprintf()” (in “handleCmd_DESCRIBE_afterLookup()”, in “RTSPServer.cpp” line 434) all looked OK (for each “DESCRIBE” command that was sent to the server).
It might be useful if you could simplify your "client-requests” so that it contains only the single “DESCRIBE” command (it will be a “DESCRIBE” command, not a “SETUP”, “PLAY”, or “TEARDOWN” command) that you believe causes this error.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
More information about the live-devel
mailing list