Closed hanxuer closed 8 months ago
Hi! Thanks for the bug report. I will try to reproduce, and have an in-depth look at this. At first glance, I don't believe this has been introduced recently as the code you're pointing to hasn't been changed much.
I can reproduce a crash when trying to display metadata.
Also the check command gives this output, which demonstrates that we can see that there's something wrong in the file.
$ flvmeta.exe -C poc.flv
0x00000003: error E11003: header version should be 1, 121 found instead
0x00000004: error E11007: header reserved flags are not zero
0x00000005: error E11008: header offset should be 9, 3825205257 found instead
0x00000009: error E12010: first previous tag size should be 0, 3909091698 found instead
0x0000000e: fatal F20016: tag body length (14617727 bytes) exceeds file size
5 error(s), 0 warning(s)
At first glance, I don't believe this has been introduced recently as the code you're pointing to hasn't been changed much.
Nevermind, I found the bug.
It has been introduced in 5ad3d503. Problem is at https://github.com/noirotm/flvmeta/blob/0d3eb281dd4bc17344fa53b05a78294f599c9327/src/flv.c#L250
The flv_read_video_tag
function should not call flv_close
as it violates the ownership contract that only the owner of the flv_stream
should be able to close it, and not the flv_stream
itself.
I unfortunately overlooked this in my code review.
The more I review code in this project, the more I want to rewrite it in Rust 😄
At first glance, I don't believe this has been introduced recently as the code you're pointing to hasn't been changed much.
Nevermind, I found the bug.
It has been introduced in 5ad3d50. Problem is at
https://github.com/noirotm/flvmeta/blob/0d3eb281dd4bc17344fa53b05a78294f599c9327/src/flv.c#L250
The
flv_read_video_tag
function should not callflv_close
as it violates the ownership contract that only the owner of theflv_stream
should be able to close it, and not theflv_stream
itself.I unfortunately overlooked this in my code review.
The more I review code in this project, the more I want to rewrite it in Rust 😄
Thank you for attention to this issue.I am confident that you work will significantly bolster the project's stability 😊
Reopening issue to make sure the fix actually does the job.
@hanxuer Could you please confirm if https://github.com/noirotm/flvmeta/commit/b54861c940f2ebc67bf88c4f6841256dba8fb0ac fixed the issue?
Hello, I would like to bring to your attention that I have encountered a potential issue in the new version about the flvmeta 1.2.2 0d3eb28.I'm not sure if this is. This observation was made during testing on Ubuntu 18.04. Thank you for your understanding.
compiler with asan
poc:https://github.com/hanxuer/crashes/raw/main/flvmeta/01/poc reproduce: ./flvmeta/build/src/flvmeta ./poc
Asan report
gdb backtrace
source code