There was a race condition where client was being finalized and
concurrently in some other thread the rtsp ctrl timout was relying on
client data that was being freed.
When rtsp ctrl timeout is setup, a WeakRef on Client is set.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/merge_requests/121>
We always need to take the lock while accessing it as otherwise another
thread might've removed it in the meantime. Also when destroying and
creating a new one, ensure that the mutex is not shortly unlocked in
between as during that time another one might potentially be created
already.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/merge_requests/119>
They previously used the same state but different mechanisms and
functions, which was difficult to follow, error prone and simply
confusing.
Also adjust the test for the post-session timeout a bit to be less racy
now that the timing has slightly changed.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/merge_requests/115>
There might be other sessions that are running over the same RTSP
connection and we should not simply close the client directly if one of
them is torn down.
By default the connection will be closed once the client closes it or
the OS does. This behaviour can be adjusted with the
post-session-timeout property, which allows to close it automatically
from the server side after all sessions are gone and the given timeout
is reached.
This reverts the previous commit.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/merge_requests/115>
When using the basic authentication scheme, we wouldn't validate that
the authorization field of the credentials is not NULL and pass it on
to g_hash_table_lookup(). g_str_hash() however is not NULL-safe and will
dereference the NULL pointer and crash.
A specially crafted (read: invalid) RTSP header can cause this to
happen.
As a solution, check for the authorization to be not NULL before
continuing processing it and if it is simply fail authentication.
This fixes CVE-2020-6095 and TALOS-2020-1018.
Discovered by Peter Wang of Cisco ASIG.
Move the usage of priv->watch_context to beginning of function
gst_rtsp_client_finalize. Instead of use it after
g_main_context_unref (priv->watch_context).
We cannot take the RTSPStream lock while holding a transport backlog
lock, as remove_transport may be called externally, which will
take first the RTSPStream lock then the transport backlog lock.
This ensures we don't end up calling any of transports' callbacks
with a potentially unreffed user_data (in practice, a client that
may have been removed)
In order to address the race condition pointed out at
https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/merge_requests/108#note_403579
we get rid of the send thread pool, and instead spawn and manage
a single thread to pull samples from app sinks and add them to
the transport's backlogs.
Additionally, we now also always go through the backlogs in order
to simplify the logic.
Fixes#97
We cannot hold stream->lock while pushing data, but need
to consistently check the state of the backlog both from
the send_tcp_message function and the on_message_sent function,
which may or may not be called from the same thread.
This commit introduces internal API to allow for potentially
recursive locking of transport streams, addressing a race
condition where the RTSP stream could push items out of order
when popping them from the backlog.
It's taken ownership of by the media, and returned with `transfer none`
from the GstRTSPMedia::create_pipeline() vfunc. If we don't sink it
first then any bindings will wrongly take ownership of the pipeline once
it arrives in bindings code.
+ Take the watch lock prior to using priv->watch
+ Flush both the watch and connection before closing / unreffing
gst_rtsp_connection_close() is not threadsafe on its own, this is
a workaround at the client level, where we control both the watch
and the connection
This is a TCP connection timeout for client connections, in seconds.
If a positive value is set for this property, the client connection
will be kept alive for this amount of seconds after the last session
timeout. For negative values of this property the connection timeout
handling is delegated to the system (just as it was before).
Fixes#83
The internal index of our appsinks, while it can be used to
determine whether a message is RTP or RTCP, is not necessarily
the same as the interleaved channel. Let the stream-transport
determine the channel to check backpressure for, the same way
it determines the channel according to whether it is sending
RTP or RTCP.
The commit "rtsp-client: define all seek accuracy flags from
setup_play_mode" changed the behaviour of when doing a seek.
Before that commit, having the flush flag set would result in a seek
(forced seek).
Even if no seek was needed. One reason to force seek is to flush old buffers
created in Describe requests.
Thus adding force seek also for flush flag will result in play request
with fresh buffers.
Only attempt to use the various timing values iif gst_rtsp_stream_get_info()
returns TRUE. Also avoid the whole clock signalling block if we're not
dealing with senders.
CID: 1439524
CID: 1439536
CID: 1439520
When removing transports an assertion was that the transports passed in
for removal are present in the list, however that can't be assumed.
As an example if a transport was removed from a thread running
send_tcp_message, the main thread can try to remove the same transport
again if it gets a handle_pause_request. This will not effect the
transport list but it will effect n_tcp_transports as it will be
decrement and then have the wrong value.
By passing NULL to `g_signal_new` instead of a marshaller, GLib will
actually internally optimize the signal (if the marshaller is available
in GLib itself) by also setting the valist marshaller. This makes the
signal emission a bit more performant than the regular marshalling,
which still needs to box into `GValue` and call libffi in case of a
generic marshaller.
Note that for custom marshallers, one would use
`g_signal_set_va_marshaller()` with the valist marshaller instead.
The documentation of gst_rtsp_mount_points_add_factory() says "Any
previous mount point will be freed" which was true when it was
implemented using a GHashTable. But in 2012 it got rewrote using a
GSequence and since then it could have 2 factories for the same path.
Which one gets used is random, depending on the sorting order of 2
identical items.
The previous implementation stopped sending TCP messages to
all clients when a single one stopped consuming them, which
obviously created problems for shared media.
Instead, we now manage a backlog in stream-transport, and slow
clients are removed once this backlog exceeds a maximum duration,
currently hardcoded.
Fixes#80
This can be made to work in certain circumstances when
cross-compiling, so default to not building g-i stuff
when cross-compiling, but allow it if introspection was
enabled explicitly via -Dintrospection=enabled.
See gstreamer/gstreamer#454 and gstreamer/gstreamer#381.
For shared media we got race conditions. Concurrently rtsp clients might
suspend or unsuspend the shared media and thus change the state without
the clients expecting that.
By introducing a lock that can be taken by callers such as rtsp_client
one can force rtsp clients calling, eg. PLAY, SETUP and that uses shared media,
to handle the media sequentially thus allowing one client to finish its
rtsp call before another client calls on the same media.
https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/issues/86Fixes#86
Extra time to add to the timeout, in seconds. This only
affects the time until a session is considered timed out
and is not signalled in the RTSP request responses.
Only the value of the timeout property is signalled in the
request responses.
If one thread is inside the send_tcp_message function and are done
sending rtp or rtcp messages so the n_outstanding variable is zero
however have not exit the loop sending the messages. While sending its
messages, transports have been added or removed to the transport list,
so the cache should be updated. If now an additional thread comes to
the function send_tcp_message and trying to send rtp messages it will
first destroy the rtp cache that is still being iterated trough by the
first thread.
Fixes#81
When unsuspending and going to PLAYING, unblock all streams instead of
only those that are linked (the linked streams are the ones for which
SETUP has been called). GST_FLOW_NOT_LINKED will be returned when
pushing buffers on unlinked streams.
This change is because playback using single-threaded demuxers like
matroska-demux could be blocked if SETUP was not called for all media.
Demuxers that use GstFlowCombiner (including gstoggdemux, gstavidemux,
gstflvdemux, qtdemux, and matroska-demux) will handle
GST_FLOW_NOT_LINKED automatically.
Fixes#39