Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GB28181: Fix memory overlap for small packets. #3315

Merged
merged 1 commit into from
Dec 17, 2022
Merged

GB28181: Fix memory overlap for small packets. #3315

merged 1 commit into from
Dec 17, 2022

Conversation

winlinvip
Copy link
Member

@winlinvip winlinvip commented Dec 15, 2022
edited
Loading

In a certain scenario, when the package is relatively small and there is overlapping in the reserved area, memcpy should not be used, but memmove should be used instead.

srs_error_t SrsLazyGbMediaTcpConn::do_cycle() {
    uint32_t reserved = 0;
    for (;;) {
        uint16_t length = 0; // If it's 30
        if ((err = conn_->read_fully(buffer_ + reserved, length, NULL)) != srs_success) {

        reserved = b.left(); // If it's 20
        if (reserved) {
            b.read_bytes((char*)buffer_, reserved); // Crash here.
            pack_->media_reserved_++;
        }

When this situation occurs, b.read_bytes is actually equivalent to memcpy, which copies the last 20 bytes of b (30 bytes) to the beginning, resulting in overlap. It is equivalent to the following situation:

int length = 30;
char buffer[length];

char* p = buffer + 10;
int reserved = 20;
memcpy(buffer, p, reserved);

Solution: Changing it to memmove will solve the issue and support overlap.

Once again, thanks to @chen-guanghua for introducing the asan tool, which helped uncover many potential issues.

TRANS_BY_GPT3

@winlinvip winlinvip linked an issue Dec 15, 2022 that may be closed by this pull request
GB: The camera's SIP-related information has been configured, but it cannot go online properly. #3300
Closed
@winlinvip winlinvip changed the title GB28181: Fix memory overlap for small packets. v5.0.110 GB28181: Fix memory overlap for small packets. Dec 17, 2022
@winlinvip winlinvip merged commit 56040ca into ossrs:5.0release Dec 17, 2022
winlinvip added a commit that referenced this pull request Dec 18, 2022
@winlinvip
Merge branch v5.0.112 into develop
2f7e474 
1. SRT: Fix srt to rtmp crash when sps or pps empty. v5.0.112 (#3323)
2. GB28181: Fix memory overlap for small packets. v5.0.111 (#3315)
3. FLV: Support set default has_av and disable guessing. v5.0.110 (#3311)
4. FLV: Drop packet if header flag is not matched. v5.0.109 (#3306)
5. FLV: Reset has_audio or has_video if only sequence header. (#3310)
winlinvip added a commit that referenced this pull request Dec 18, 2022
@winlinvip
Merge 5.0: FLV header and SRT bugfix. v6.0.6
2daf637 
1. SRT: Fix srt to rtmp crash when sps or pps empty. v5.0.112 (#3323)
2. GB28181: Fix memory overlap for small packets. v5.0.111 (#3315)
3. FLV: Support set default has_av and disable guessing. v5.0.110 (#3311)
4. FLV: Drop packet if header flag is not matched. v5.0.109 (#3306)
5. FLV: Reset has_audio or has_video if only sequence header. (#3310)
@winlinvip winlinvip added the TransByAI Translated by AI/GPT. label Jul 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@duiniuluantanqin duiniuluantanqin Awaiting requested review from duiniuluantanqin

Assignees
No one assigned
Labels
TransByAI Translated by AI/GPT.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GB: The camera's SIP-related information has been configured, but it cannot go online properly.
1 participant
@winlinvip