Commit Graph

675 Commits

Author SHA1 Message Date
Tobias Stoeckmann
95d9a85ca3 ffserver: local OOB write with custom program name
When the command line for children is created, it is assumed that
my_program_name always ends with "ffserver", which doesn't have to
be true if ffserver is called through a symbolic link.

In such a case, it could be that not enough space for "ffmpeg" is
available at the end, leading to a buffer overflow.

One example would be:

$ ln -s /usr/bin/ffserver ~/f; ~/f

As this is only a local buffer overflow, i.e. is based on a weird
program call, this has NO security impact.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2017-01-08 03:50:56 +01:00
Michael Niedermayer
a5d25faa3f ffserver: Check chunk size
Fixes out of array access

Fixes: poc_ffserver.py
Found-by: Paul Cher <paulcher@icloud.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-05 21:30:12 +01:00
Michael Niedermayer
6c15618b90 ffserver: remove one avcodec_context_copy()
Reviewed-by: Andreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-03 14:05:15 +01:00
Michael Niedermayer
fbdf8f176e ffserver: set format bitexact flag, eliminate warnings about it not being set
Tested-by: Reto Kromer <lists@reto.ch>
Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-12-01 20:07:14 +01:00
Reynaldo H. Verdejo Pinochet
b5c899ab5e ffserver: fix broken HTML on generated status page
Dropped incompatible/obsoleted HTML tag attributes

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2016-11-30 15:47:49 -08:00
Andreas Cadhalpun
122190392b ffserver: use codec time_base for stream
This fixes producing swf and rm files as done by ffservertest.

Reviewed-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
2016-11-30 22:38:10 +01:00
Michael Niedermayer
8cbdaa4b01 ffserver: Add client requested urls to the status page
Fixes Ticket3791

Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-30 11:25:17 +01:00
Michael Niedermayer
606702ea34 ffsrever: Make the status page bitexact if any stream is bitexact
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-29 19:26:26 +01:00
Michael Niedermayer
0dbee67700 ffserver: Remove last use of AVStream size
Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-28 22:45:38 +01:00
Michael Niedermayer
da38da4595 ffserver: Remove some deprecated API use related to codec/codecpar
Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-28 22:45:33 +01:00
Michael Niedermayer
75b436d8b6 ffserver: Remove use of AVStream as a intermediate to store parameters
Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-28 22:45:28 +01:00
Michael Niedermayer
c8b24a685a ffserver: drop FeedData, its unused
Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-28 22:45:05 +01:00
Michael Niedermayer
9478bd87d4 ffserver: Remove extract_mpeg4_header()
This should not be needed, our AVParsers should do this
I do not have a testcase though, please help testing this and please
add fate tests if you can.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-27 14:08:00 +01:00
Michael Niedermayer
bc9eb0467a Revert "ffserver: use AVStream.codecpar in open_input_stream()"
Fixes null pointer dereference

Testcase is simply a ffmpeg instance sending a stream to ffserver while another ffmpeg reads from it

This reverts commit 6f0a1710d7.
2016-11-27 14:07:58 +01:00
Reynaldo H. Verdejo Pinochet
6f0a1710d7 ffserver: use AVStream.codecpar in open_input_stream()
AVStream.codec is deprecated

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-08 12:12:19 +01:00
Reynaldo H. Verdejo Pinochet
822e3e2ddb ffserver: user AVStream.codecpar in compute_status()
AVStream.codec is deprecated

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-08 12:12:15 +01:00
Reynaldo H. Verdejo Pinochet
afcbadf0ed ffserver: use AVStream.codecpar in find_stream_in_feed()
AVStream.codec is deprecated

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-08 12:12:12 +01:00
Reynaldo H. Verdejo Pinochet
1323349bef ffserver: get time_base from AVStream in print_stream_params()
AVStream.codec is deprecated

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-08 12:12:09 +01:00
Reynaldo H. Verdejo Pinochet
689f648a95 ffserver: use .codecpar instead of .codec in print_stream_params()
AVStream.codec is deprecated

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-08 12:12:04 +01:00
Reynaldo H. Verdejo Pinochet
311107a65d ffserver: check for codec match using AVStream.codecpar
Compare using AVCodecParameters instead of the deprecated
AVStream.codec field

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-08 12:11:57 +01:00
Michael Niedermayer
ef6a786401 ffserver: Fix one AVFormatContext misuse
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-07 20:41:44 +01:00
Michael Niedermayer
73ce1d864c ffserver: steal SPACE_CHARS, remove one reason for internal.h that way
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-07 19:27:40 +01:00
Michael Niedermayer
ecb40dee32 ffserver: eliminate hardcoded literal and duplicated array size
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-07 19:27:40 +01:00
Michael Niedermayer
10019c13e0 ffserver: use av_freep() for a case that is not clearly at the end of a function
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-07 19:27:40 +01:00
Michael Niedermayer
f67d22f0fd ffserver: Throw ffm.h out its not used except for a constant that is part of the format
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-07 19:27:40 +01:00
Michael Niedermayer
4c8d69e534 ffserver: drop a bunch of apparently unneeded internal headers
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-11-07 19:27:40 +01:00
Hendrik Leppkes
3bf142c773 cmdutils: remove the current working directory from the DLL search path on win32
Reviewed-by: Matt Oliver <protogonoi@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-08-08 18:36:55 +02:00
Gregor Riepl
d970f7ba31 ffserver: fixed deallocation bug in build_feed_streams
Signed-off-by: Gregor Riepl <onitake@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-05-27 00:22:06 +02:00
Derek Buitenhuis
6f69f7a8bf Merge commit '9200514ad8717c63f82101dc394f4378854325bf'
* commit '9200514ad8717c63f82101dc394f4378854325bf':
  lavf: replace AVStream.codec with AVStream.codecpar

This has been a HUGE effort from:
    - Derek Buitenhuis <derek.buitenhuis@gmail.com>
    - Hendrik Leppkes <h.leppkes@gmail.com>
    - wm4 <nfxjfg@googlemail.com>
    - Clément Bœsch <clement@stupeflix.com>
    - James Almer <jamrial@gmail.com>
    - Michael Niedermayer <michael@niedermayer.cc>
    - Rostislav Pehlivanov <atomnuker@gmail.com>

Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
2016-04-10 20:59:55 +01:00
Lior Mualem
baec6d8aff ffserver: Fixed ffserver to support large ffm files
ffm_read_write_index returns a 64bit value,

Github: Closes #185
2016-03-08 11:39:29 +01:00
Oliver Collyer
a2f8beef2d ffserver&ffm: Fixed issues preventing ffserver write_index and files_size from being set correctly which was breaking ffserver streaming.
I discovered that ffserver streaming was broken (it seems like it has been since 20th November) and I opened a ticket for this (https://trac.ffmpeg.org/ticket/5250 <https://trac.ffmpeg.org/ticket/5250>).

I spent yesterday learning git bisect (with the kind help of cehoyos) to painstakingly track down the cause. This was made more difficult due to the presence of a segfault in ffserver during the period where the bug was introduced so I first had to identify when and how that was fixed and then retrospectively apply that fix again for each step of the second git bisect to find the actual bug.

Anyway, the fruits of my labour are the innocent looking patch below to correct a couple of typos and define a valid range for two variables.

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2016-02-21 12:59:07 +01:00
Carl Eugen Hoyos
e5c16e38fe ffserver: Cast time_t value when using it in a format string.
Fixes ticket #5103.
2015-12-29 16:00:34 +01:00
Reynaldo H. Verdejo Pinochet
b25ac3c999 ffserver: add a doctype heading to our HTML pages
Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-27 00:09:16 -08:00
Reynaldo H. Verdejo Pinochet
daaa535867 ffserver: HTML encode msgs instead of blindly stripping chars out
Fixes weirdness like our "??filename? not found" 404.

None of the chars being used from the previously blacklisted
list needs to be scaped on an UTF-8 document context

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-27 00:09:16 -08:00
Reynaldo H. Verdejo Pinochet
0e5c1dc9a3 ffserver: make our 404 explicitly HTML5/UTF-8
Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-27 00:09:16 -08:00
Reynaldo H. Verdejo Pinochet
ae2ed20b59 ffserver: refactor build_feed_streams()
* Avoid excesive nesting that made it really hard to follow
* Drop unneeded vars
* Factor out codec compatibility check routine
* Ensure inputs are closed and contexts are freed as needed
  before returning

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-19 01:52:20 -08:00
Reynaldo H. Verdejo Pinochet
4ba148a6ea ffserver: refactor build_file_streams()
Avoid unneeded nesting, drop redundant var

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-19 01:52:20 -08:00
Reynaldo H. Verdejo Pinochet
532a283383 ffserver: unify exit path from build_feed_streams()
Exit from main on build_feed_streams() failures & use
standard EXIT_ codes on error out/normal exit.

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-19 01:52:20 -08:00
Reynaldo H. Verdejo Pinochet
0bdf84b6b0 ffserver: explicitly use time_t for uptime calc
Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-15 10:04:59 -08:00
Reynaldo H. Verdejo Pinochet
dadb95142b ffserver: free pathname before bailing out
Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-15 10:04:59 -08:00
Reynaldo H. Verdejo Pinochet
1fa81430ca ffserver: use EXIT_FAILURE on failed child fork()
Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-15 10:04:59 -08:00
Reynaldo H. Verdejo Pinochet
eb68c35670 ffserver: be explicit on failed fork() msg
Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-15 10:04:59 -08:00
Reynaldo H. Verdejo Pinochet
5a31f2318b ffserver: allocate AVStream's internal too
Avoids segfault at init_muxer() (mux.c) due to a
null pointer dereference on the recently
introduced AVStream->internal

Fixes: #5059 (https://trac.ffmpeg.org/ticket/5059)

Signed-off-by: Reynaldo H. Verdejo Pinochet <reynaldo@osg.samsung.com>
2015-12-15 10:04:49 -08:00
Michael Niedermayer
a00cc2e40d ffserver: Clear avio context after closing it in rtp_new_av_stream()
Suggested-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-30 23:31:12 +01:00
Michael Niedermayer
40063a900b ffserver: Clear avio context after closing it
Fixes: ==13287== Invalid read of size 4
==13287==    at 0x45161A: flush_buffer (aviobuf.c:143)
==13287==    by 0x451971: avio_flush (aviobuf.c:200)
==13287==    by 0x512CCF: av_write_trailer (mux.c:1016)
==13287==    by 0x41A5E0: close_connection (ffserver.c:853)
==13287==    by 0x421EDC: rtsp_cmd_interrupt (ffserver.c:3245)
==13287==    by 0x420B9C: rtsp_parse_request (ffserver.c:2854)
==13287==    by 0x41A9C2: handle_connection (ffserver.c:930)
==13287==    by 0x41A04B: http_server (ffserver.c:700)
==13287==    by 0x423A60: main (ffserver.c:3897)
==13287==  Address 0xb6cd258 is 88 bytes inside a block of size 192 free'd
==13287==    at 0x4C2B5D9: free (vg_replace_malloc.c:446)
==13287==    by 0x1004DAC: av_free (mem.c:239)
==13287==    by 0x454835: avio_close_dyn_buf (aviobuf.c:1170)
==13287==    by 0x41F385: http_prepare_data (ffserver.c:2368)
==13287==    by 0x41F59B: http_send_data (ffserver.c:2416)
==13287==    by 0x41ABE2: handle_connection (ffserver.c:986)
==13287==    by 0x41A04B: http_server (ffserver.c:700)
==13287==    by 0x423A60: main (ffserver.c:3897)

Reviewed-by: "Reynaldo H. Verdejo Pinochet" <reynaldo@osg.samsung.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-30 23:31:12 +01:00
Nicolas George
15206ffdbe ffserver: add NULL context to ff_rtsp_parse_line().
Needed after f62fe53/2c17fb6.
2015-11-29 17:02:04 +01:00
Michael Niedermayer
e33d372023 ffserver: Use AVOption API to access ffm demuxer instead of direct access depending on ABI
server_attached is newly added so the demuxer knows if there is an attached server
that can update the write index. This is needed to fix a infinite loop

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-20 20:03:12 +01:00
Michael Niedermayer
2ec18db75c ffserver: Replace one malloc(AVStream) by avformat_new_stream()
This fixes a null pointer dereference from the recently introduced
AVStream->internal

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-11 21:26:50 +01:00
Michael Niedermayer
64e220beb5 ffserver: Do not add or rescale AV_NOPTS_VALUE from the demuxer
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-11 15:13:37 +01:00
Ganesh Ajjanagadde
6c2dbff7f0 ffserver: fix incorrect strlcpy usage
Somewhat ironic that this "safe" interface is actually being used
unsafely here. This fixes the usage preventing potential null pointer
dereference, where the old code was doubly broken: ctime can return
NULL, and ctime can return an arbitrarily long buffer.

Reviewed-by: Mark Harris <mark.hsj@gmail.com>
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Ganesh Ajjanagadde <gajjanagadde@gmail.com>
2015-11-09 19:30:26 -05:00