[Live-devel] Stack Use After Return in handleCmd_DESCRIBE
Ross Finlayson
finlayson at live555.com
Thu Jun 15 02:56:10 PDT 2023
> On Jun 15, 2023, at 1:22 AM, Martin Mirchev <mmirchev at comp.nus.edu.sg> wrote:
>
> Hello Mr. Finlayson,
> We still observe the stack-use-after-return bug in live.2023.06.14 while running in Ubuntu:20.04.
Sorry, but I wasn’t able to reproduce this (streaming any of "client-request-1” through "client-request-5”).
Note that - using your patched “config.linux” configuration file - I get a link error:
/usr/bin/ld: cannot find /usr/lib64/clang/11.1.0/lib/linux/libclang_rt.asan-x86_64.a: No such file or directory
However, I was able to use the "config.linux-gdb-sanitize” configuration file (introduced in the last LIVE555 release), running
./genMakefles linux-gdb-sanitize
This let me build “testOnDemandRTSPServer” (after applying your patch to “RTSPServer.cpp”), but I didn’t see any errors (again, with any of the “client-request-*” files).
Also, the file "bug-report.txt” in your attachment refers to a "heap-use-after-free” error, not a “stack use after return” error. And it appears to be referring to an old version of the LIVE555 code, not the latest version (2023.06.14).
I’m going to need to see more evidence that there’s a real error here.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
More information about the live-devel
mailing list