nginx-rtmp-module icon indicating copy to clipboard operation
nginx-rtmp-module copied to clipboard
verified publisher icon arut

fix: add NULL-checks for shared buffer allocation in ngx_rtmp_live_av

Open Fahnenfluchtige opened this issue 6 months ago • 0 comments

The Svace static analysis tool identified a potential issue in the function ngx_rtmp_live_av, where the return value of ngx_rtmp_append_shared_bufs and ngx_rtmp_alloc_shared_bufs is not checked properly. After allocation or appending the value is sending to the function ngx_rtmp_prepare_message (or ngx_rtmp_send_message) which can cause the null-dereference.

So the solution is to add null-checking, like there:

--- a/ngx_rtmp_live_module.c
+++ b/ngx_rtmp_live_module.c
@@ -803,6 +803,11 @@ ngx_rtmp_live_av(ngx_rtmp_session_t *s, ngx_rtmp_header_t *h,
     }
 */
     rpkt = ngx_rtmp_append_shared_bufs(cscf, NULL, in);
+    if (rpkt == NULL) {
+        ngx_log_error(NGX_LOG_ERR, s->connection->log, 0,
+                      "live: failed to append packet buffers");
+        return NGX_OK;
+    }
 
     ngx_rtmp_prepare_message(s, &ch, &lh, rpkt);

Fahnenfluchtige avatar Jun 10 '25 12:06 Fahnenfluchtige