Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

GB28181: Fix memory overlap for small packets. #3315

Merged
merged 1 commit into from
Dec 17, 2022
Merged

GB28181: Fix memory overlap for small packets. #3315

merged 1 commit into from
Dec 17, 2022

Conversation

winlinvip
Copy link
Member

@winlinvip winlinvip commented Dec 15, 2022
edited
Loading

In a certain scenario, when the package is relatively small and there is overlapping in the reserved area, memcpy should not be used, but memmove should be used instead.

srs_error_t SrsLazyGbMediaTcpConn::do_cycle() {
    uint32_t reserved = 0;
    for (;;) {
        uint16_t length = 0; // If it's 30
        if ((err = conn_->read_fully(buffer_ + reserved, length, NULL)) != srs_success) {

        reserved = b.left(); // If it's 20
        if (reserved) {
            b.read_bytes((char*)buffer_, reserved); // Crash here.
            pack_->media_reserved_++;
        }

When this situation occurs, b.read_bytes is actually equivalent to memcpy, which copies the last 20 bytes of b (30 bytes) to the beginning, resulting in overlap. It is equivalent to the following situation:

int length = 30;
char buffer[length];

char* p = buffer + 10;
int reserved = 20;
memcpy(buffer, p, reserved);

Solution: Changing it to memmove will solve the issue and support overlap.

Once again, thanks to @chen-guanghua for introducing the asan tool, which helped uncover many potential issues.

TRANS_BY_GPT3

@winlinvip winlinvip linked an issue Dec 15, 2022 that may be closed by this pull request
GB: The camera's SIP-related information has been configured, but it cannot go online properly. #3300
Closed
@winlinvip winlinvip changed the title GB28181: Fix memory overlap for small packets. v5.0.110 GB28181: Fix memory overlap for small packets. Dec 17, 2022
@winlinvip winlinvip force-pushed the bugfix/gb-memory-overlap branch from 86d3d87 to 9759e4f Compare December 17, 2022 06:54
@winlinvip winlinvip merged commit 56040ca into ossrs:5.0release Dec 17, 2022
winlinvip added a commit that referenced this pull request Dec 18, 2022
@winlinvip
Merge branch v5.0.112 into develop
2f7e474 
1. SRT: Fix srt to rtmp crash when sps or pps empty. v5.0.112 (#3323)
2. GB28181: Fix memory overlap for small packets. v5.0.111 (#3315)
3. FLV: Support set default has_av and disable guessing. v5.0.110 (#3311)
4. FLV: Drop packet if header flag is not matched. v5.0.109 (#3306)
5. FLV: Reset has_audio or has_video if only sequence header. (#3310)
winlinvip added a commit that referenced this pull request Dec 18, 2022
@winlinvip
Merge 5.0: FLV header and SRT bugfix. v6.0.6
2daf637 
1. SRT: Fix srt to rtmp crash when sps or pps empty. v5.0.112 (#3323)
2. GB28181: Fix memory overlap for small packets. v5.0.111 (#3315)
3. FLV: Support set default has_av and disable guessing. v5.0.110 (#3311)
4. FLV: Drop packet if header flag is not matched. v5.0.109 (#3306)
5. FLV: Reset has_audio or has_video if only sequence header. (#3310)
@winlinvip winlinvip added the TransByAI Translated by AI/GPT. label Jul 29, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@duiniuluantanqin duiniuluantanqin Awaiting requested review from duiniuluantanqin

Assignees
No one assigned
Labels
TransByAI Translated by AI/GPT.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GB: The camera's SIP-related information has been configured, but it cannot go online properly.
1 participant
@winlinvip