Nexus: %20N header crashes Kodi

[matthuisman]

Crash https://rbmn-live.akamaized.net/hls/live/590964/BoRB-AT/master.m3u8|user-agent=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/98.0.4758.102%20Safari/537.36

Removed characters until I got something that worked https://rbmn-live.akamaized.net/hls/live/590964/BoRB-AT/master.m3u8|user-agent=Mozilla/5.0%20%28Windows%20

Then trying below breaks: https://rbmn-live.akamaized.net/hls/live/590964/BoRB-AT/master.m3u8|user-agent=Mozilla/5.0%20%28Windows%20N

However, below works: https://rbmn-live.akamaized.net/hls/live/590964/BoRB-AT/master.m3u8|user-agent=Mozilla/5.0%20%28Windows%20A

not a length issue as below works fine https://rbmn-live.akamaized.net/hls/live/590964/BoRB-AT/master.m3u8|user-agent=Mozilla/5.0%20%28Windowsabcdefgsdfdsfsdtersfddsfsdte

and also non-encoded works fine: https://rbmn-live.akamaized.net/hls/live/590964/BoRB-AT/master.m3u8|user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36

finally I tried https://rbmn-live.akamaized.net/hls/live/590964/BoRB-AT/master.m3u8|user-agent=%20N and that causes CRASH. and so does %20n but all other letters seem ok. Weird!

[phunkyfish]

Note that this crash occurs on Nexus only. It works ok on Matrix.

@matthuisman do you know if this is kodi issue or an add-on issue?

@basilgello FYI

[matthuisman]

i use the same pipe headers fine with IA and built-in ffmpeg. Just crashes with ffmpeg direct only

[basilgello]

Interesting. But where's the stacktrace?

[phunkyfish]

@basilgello do the URLS cause a crash for you on non-windows?

[matthuisman]

@basilgello how can i get stacktrace without a debug build?

[phunkyfish]

You will need a debug build.

[matthuisman]

i dont really want to setup the build environment on this pc so might just leave it for now.

Most of the time stacktrace isn't required for bug issues I hope? Most end-users wouldn't know where to start with that

[phunkyfish]

We should be able to build you a debug build in Jenkins.

[phunkyfish]

Here is a debug build and a PDB. The add-on should be included in the build. I don’t know if the add-on is also built with debug. I guess we’ll find out.

https://mirrors.kodi.tv/test-builds/windows/win64/KodiSetup-20230306-038f4e73-Nexus-x64.exe

https://mirrors.kodi.tv/test-builds/windows/win64/KodiSetup-20230306-038f4e73-Nexus-x64.pdb

If add-on is not debug I’ll find someone in the team to build it for us. I assume you would only need the PDB for the add-on.

[matthuisman]

couldnt get any crash log out of kodi. maybe I need visual studio?

Anyway - here is test strm that can be used to reproduce that should work any where in the world Windows x64. crashes on Kodi 20 and 21 (v.20.5.0) Fine on 19 (v19.0.3) test.strm.txt

below works on all (no %20N in user-agent) test2.strm.txt

[basilgello]

I can not reproduce the crash on Debian. However, this closely reminds me the parsing error in urldecode.

[phunkyfish]

Yes, likely here:

https://github.com/xbmc/inputstream.ffmpegdirect/blob/278312774bb9d7f8936c7463a1d363e9b88a3221/src/stream/url/URL.cpp#L791

But that same code is in Kodi:

https://github.com/xbmc/xbmc/blob/eac2e81c62aec2099404d2eb66ccb64a67e9bcfd/xbmc/URL.cpp#L647

[phunkyfish]

couldnt get any crash log out of kodi. maybe I need visual studio?

Anyway - here is test strm that can be used to reproduce that should work any where in the world Windows x64. crashes on Kodi 20 and 21 (v.20.5.0) Fine on 19 (v19.0.3) test.strm.txt

below works on all (no %20N in user-agent) test2.strm.txt

Yes, you would need VS and load the PDB file while running the binary. VS Code should also be able to do this.

[basilgello]

Why whole VS? WinDbg / cdb no??? I can try setting VM to reproduce the issue

[phunkyfish]

I’m not familiar with Windows debug tools at all. If you can do that @basilgello then great.

[matthuisman]

any updates on this? really wanting to try using ffmpeg direct for timeshift :)

[matthuisman]

googled %20n crash and found https://www.reddit.com/r/networking/comments/28o8xi/comment/cicwz2m/?utm_source=share&utm_medium=web2x&context=3

Looks like a printf / sprintf issue

[phunkyfish]

Bonus points if you can tell me which is the offending statement!

[matthuisman]

my guess is https://github.com/xbmc/inputstream.ffmpegdirect/blob/38aeb2f145897c06e36bd2fa057bcdf7a4a428bf/src/stream/FFmpegStream.cpp#L762C1-L762C80

[matthuisman]

purely because the last line in log is ffmpegdirect::FFmpegStream::Open - av_find_stream_info finished

[matthuisman]

changed the N to a M i get

2023-08-18 22:27:39.045 T:8796    debug <general>: AddOnLog: inputstream.ffmpegdirect: ffmpegdirect::FFmpegStream::Open - avformat_find_stream_info starting
2023-08-18 22:27:39.228 T:8796    debug <general>: AddOnLog: inputstream.ffmpegdirect: ffmpegdirect::FFmpegStream::Open - av_find_stream_info finished
2023-08-18 22:27:39.228 T:8796     info <general>: AddOnLog: inputstream.ffmpegdirect: ffmpeg[7A9FCB93]: Input #0, hls, from 'https://i.mjh.nz/tvnz-1.m3u8|user-agent=TESTM':

When its N, it doesnt get that last line. Also interesting TEST%20M comes out as TESTM (should be TEST M (with a space))