[Live-devel] Heap-user-after-free in live.2023.06.20

Ross Finlayson finlayson at live555.com
Fri Jun 23 00:47:47 PDT 2023



> On Jun 23, 2023, at 12:32 AM, Meng Ruijie <ruijie_meng at u.nus.edu> wrote:
> 
> Hello,
> 
> There may be one heap-use-after-free while calling RTPInterface::sendDataOverTCP. The following is the bug report from the ASAN:
> 
> ----
> 
> ==17==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000f3a0e8 at pc 0x0000005d5ec8 bp 0x7ffff35fc420 sp 0x7ffff35fc418                                
> READ of size 1 at 0x62e000f3a0e8 thread T0                                                                                                                          
>     #0 0x5d5ec7 in RTPInterface::sendDataOverTCP(int, TLSState*, unsigned char const*, unsigned int, unsigned char) /home/ubuntu/experiments/live/liveMedia
> /RTPInterface.cpp:394:51                                                                                                                                            
>     #1 0x5d4296 in RTPInterface::sendRTPorRTCPPacketOverTCP(unsigned char*, unsigned int, int, unsigned char, TLSState*) /home/ubuntu/experiments/live/live
> Media/RTPInterface.cpp:371:10                                                                                                                                        
>     #2 0x5d4296 in RTPInterface::sendPacket(unsigned char*, unsigned int) /home/ubuntu/experiments/live/liveMedia/RTPInterface.cpp:254:10                  
>     #3 0x5d1188 in MultiFramedRTPSink::sendPacketIfNecessary() /home/ubuntu/experiments/live/liveMedia/MultiFramedRTPSink.cpp:395:21

These reported line numbers do not correspond to meaningful lines in our code.  In particular:
	- line 394 of “RTPInterface.cpp” is
		unsigned numBytesRemainingToSend = dataSize - numBytesSentSoFar
	  which references variables on the stack; not anything on the heap
	- line 371 of “RTPInterface.cpp” is not a call to “sendDataOverTCP()”
	- line 254 of "RTPInterface.cpp” is not a call to “sendRTPorRTCPPacketOverTCP()”
	- line 395 of "RTPInterface.cpp” is not a call to “sendPacket()”

Please make sure that you are using the latest, unmodified version of the code.  If you are, then please show us how you can reproduce this issue.


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/




More information about the live-devel mailing list