Skip to content

Crash occurred after reloading the config. #475

New issue
New issue
Closed
Closed
Crash occurred after reloading the config.#475
Assignees
winlinvip
Labels
BugIt might be a bug.TransByAITranslated by AI/GPT.
Milestone
2.0
@xinqu

Description

@xinqu
xinqu
opened on Sep 6, 2015
  1. Because some code has been modified, the line numbers in the core file no longer match the latest line numbers. The specific code is:
    srs_app_rtmp_conn.cpp:
    for (int i = 0; i < (int)on_connect->args.size(); i++) {
  2. Corresponding to the latest code, line 1315
    It's not just this one crash point, but they are all related to the args parameter in the authentication module's config. Every time there is a crash, the args vector does not exist anymore.
  3. Steps to reproduce:
    a. Authentication connection continuously times out (timeout)
    b. Attempt to open the video, fail (due to authentication)
    c. Disable authentication configuration (set http_hook to off)
    d. Program crashes
    It is inferred that after the configuration refresh, the config uses a new pointer, and the old pointer points to memory that has been released. At that time, the authentication module was using the pointer for a long time, eventually accessing non-existent data, causing a crash.

It is relatively easy to reproduce when the authentication connection definitely times out. However, it is unclear whether there is a possibility of a crash if the configuration is refreshed when authentication is successful and there is a large-scale connection access.

  1. Core dump:
(gdb)
#0  0x00002ae73a0cd91e in std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) () from /usr/lib64/libstdc++.so.6
#1  0x000000000047cd3f in SrsRtmpConn::http_hooks_on_connect (this=0x817edc0) at src/app/srs_app_rtmp_conn.cpp:1353
#2  0x000000000047d813 in SrsRtmpConn::check_vhost (this=0x817edc0) at src/app/srs_app_rtmp_conn.cpp:592
#3  0x00000000004816fb in SrsRtmpConn::do_cycle (this=0x817edc0) at src/app/srs_app_rtmp_conn.cpp:158
#4  0x000000000047b173 in SrsConnection::cycle (this=0x817ee20) at src/app/srs_app_conn.cpp:64
#5  0x00000000004b766b in SrsThread::thread_cycle (this=0x817eea0) at src/app/srs_app_thread.cpp:187
#6  0x00000000004b74c8 in SrsThread::thread_fun (arg=0x817eea0) at src/app/srs_app_thread.cpp:225
#7  0x00000000005493b7 in _st_thread_main () at sched.c:327
#8  0x0000000000549b08 in st_thread_create (start=0, arg=0x0, joinable=0, stk_size=988114480) at sched.c:591
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

TRANS_BY_GPT3

Metadata

Metadata

Assignees

Labels

BugIt might be a bug.TransByAITranslated by AI/GPT.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions