Fix crash in rtspcl_auth_setup when response body is empty#47
Open
kenyonj wants to merge 1 commit intophilippe44:masterfrom
Open
Fix crash in rtspcl_auth_setup when response body is empty#47kenyonj wants to merge 1 commit intophilippe44:masterfrom
kenyonj wants to merge 1 commit intophilippe44:masterfrom
Conversation
When connecting to Shairport Sync devices that return an empty body (Content-Length: 0) for the /auth-setup request, the 'rsp' pointer was never assigned but was still freed at the end of the function, causing a malloc error: 'pointer being freed was not allocated'. This fix initializes 'rsp' to NULL and 'rsp_len' to 0, so that free(rsp) is safe when no response body is received. Fixes streaming to JukeAudio whole-house audio systems using Shairport Sync 4.1.1.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When connecting to Shairport Sync devices that return an empty body (Content-Length: 0) for the
/auth-setuprequest, thersppointer was never assigned but was still freed at the end of the function, causing a malloc error:pointer being freed was not allocated.The Fix
Initialize
rsptoNULLandrsp_lento0inrtspcl_auth_setup(), so thatfree(rsp)is safe when no response body is received.Testing
Tested successfully with JukeAudio whole-house audio systems running Shairport Sync 4.1.1. Before the fix, cliraop would crash immediately when trying to stream. After the fix, streaming works correctly.
Root Cause Analysis
The issue occurs in
src/rtsp_client.clines 503-504:When Shairport Sync returns a 200 OK with
Content-Length: 0to the auth-setup request, theexec_requestfunction never assignsrsp(since there's no body to read). However, line 529 still callsfree(rsp), which tries to free an uninitialized pointer.