After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 768757 - hlsdemux: crash with encrypted stream with OpenSSL
hlsdemux: crash with encrypted stream with OpenSSL
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
git master
Other Linux
: Normal normal
: 1.9.2
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2016-07-13 06:18 UTC by Michael Olbrich
Modified: 2016-10-31 14:02 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
hlsdemux: don't call gst_hls_demux_decrypt_end() in gst_hls_demux_clear_pending_data() (1.44 KB, patch)
2016-07-13 06:18 UTC, Michael Olbrich 		none Details | Review

Description Michael Olbrich 2016-07-13 06:18:49 UTC 
Created attachment 331382 [details] [review]
hlsdemux: don't call gst_hls_demux_decrypt_end() in  gst_hls_demux_clear_pending_data()

With 8fd6eee3f68b07f7ba92a9c407fe75ae2ce00300 ("hlsdemux: Clear pending data when needed") hlsdemux crashes for
http://filmrommet.no/film/playlist.m3u8?id=12450%20TR=1%20type=m3u8

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 18438]
0x00007fffdeac6b7d in EVP_DecryptUpdate (ctx=ctx@entry=0x7fffd8134530, out=out@entry=0x7fffcc003890 "", outl=outl@entry=0x7fffde1cb9c0,
    in=0x7fffc0007cf0 "[*q\353\027\r\316\321\035Ň\306=\341A7*ì\324j\341\201\301\307ޡc̉\034\322\"\361@\234oXF:,\362\001*\212\016\211\211#\206w\204\ve\006\212걭QC\034\226!\306\330v\262\004\vJ\250\264rT\030\257\272`\232\323e\263*8z\205\327\031\237*\226>\225\020\275\r\001ks\377\066\204\233\r\263\225\311", <incomplete sequence \344>, inl=976) at evp_enc.c:423
423         if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
(gdb) bt

+ Trace 236461

  • #0 EVP_DecryptUpdate
    at evp_enc.c line 423
  • #1 decrypt_fragment
    at gsthlsdemux.c line 1134
  • #2 gst_hls_demux_decrypt_fragment
    at gsthlsdemux.c line 1242
  • #3 gst_hls_demux_data_received
    at gsthlsdemux.c line 670
  • #4 _src_chain
    at gstadaptivedemux.c line 2128
  • #5 gst_pad_chain_data_unchecked
    at gstpad.c line 4176
  • #6 gst_pad_push_data
    at gstpad.c line 4428
  • #7 gst_pad_push
    at gstpad.c line 4547
  • #8 gst_proxy_pad_chain_default
    at gstghostpad.c line 126
  • #9 gst_pad_chain_data_unchecked
    at gstpad.c line 4176
  • #10 gst_pad_push_data
    at gstpad.c line 4428
  • #11 gst_pad_push
    at gstpad.c line 4547
  • #12 gst_queue2_push_one
    at gstqueue2.c line 2824
  • #13 gst_queue2_loop
    at gstqueue2.c line 2946
  • #14 gst_task_func
    at gsttask.c line 332
  • #15 g_thread_pool_thread_proxy
    at gthreadpool.c line 307
  • #16 g_thread_proxy
    at gthread.c line 764
  • #17 start_thread
    at pthread_create.c line 309
  • #18 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 111 

ctx->cipher is NULL here. It's deleted immediately after creating it in gst_hls_demux_start_fragment().

Patch attached.
Comment 1 Jan Schmidt 2016-07-18 16:14:53 UTC 
Fixed, slightly differently:

commit af652af6f05c6eaf8d109692f3c9f178c6c9e6b5
Author: Jan Schmidt <jan@centricular.com>
Date:   Tue Jul 19 02:11:54 2016 +1000

    hlsdemux: Fix clearing of decryption state
    
    Don't clear decryption state immediately after
    initialising it in the start_fragment. Don't clear
    the state of all streams when we want to only clear
    the current stream.