Package: cubemap Version: 1.3.1-3 Severity: important Tags: patch Hi,
There's a bug in Cubemap where, if one makes a stream with path exactly 7 characters long (e.g. “/abc.ts”), it would match the check for ?backlog at the end (since find() returns -1 on not found). This would cause massively increased latency (depending on the size of the backlog), and also problems with clients such as VLC which don't properly empty socket buffers. The following trivial patch fixes the issue: diff --git a/server.cpp b/server.cpp index afaab9b..608ed6b 100644 --- a/server.cpp +++ b/server.cpp @@ -653,7 +653,7 @@ int Server::parse_request(Client *client) string url = request_tokens[1]; client->url = url; - if (url.find("?backlog") == url.size() - 8) { + if (url.size() > 8 && url.find("?backlog") == url.size() - 8) { client->stream_pos = -2; url = url.substr(0, url.size() - 8); } else { The patch has been included in Cubemap 1.3.2, which contains no other changes. Please consider fixing it for stretch, as it's a confusing and potentially pretty bad bug. -- System Information: Debian Release: 9.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.2 (SMP w/40 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cubemap depends on: ii adduser 3.115 ii init-system-helpers 1.48 ii libc6 2.24-10 ii libgcc1 1:6.3.0-18 pn libprotobuf7 <none> ii libstdc++6 6.3.0-18 ii lsb-base 9.20161125 cubemap recommends no packages. Versions of packages cubemap suggests: ii logrotate 3.11.0-0.1 ii munin-node 2.0.33-1