Package: cubemap
Version: 1.3.1-3
Severity: important
Tags: patch
Hi,
There's a bug in Cubemap where, if one makes a stream with path exactly
7 characters long (e.g. “/abc.ts”), it would match the check for ?backlog
at the end (since find() returns -1 on not found). This would cause
massively increased latency (depending on the size of the backlog), and also
problems with clients such as VLC which don't properly empty socket buffers.
The following trivial patch fixes the issue:
diff --git a/server.cpp b/server.cpp
index afaab9b..608ed6b 100644
--- a/server.cpp
+++ b/server.cpp
@@ -653,7 +653,7 @@ int Server::parse_request(Client *client)
string url = request_tokens[1];
client->url = url;
- if (url.find("?backlog") == url.size() - 8) {
+ if (url.size() > 8 && url.find("?backlog") == url.size() - 8) {
client->stream_pos = -2;
url = url.substr(0, url.size() - 8);
} else {
The patch has been included in Cubemap 1.3.2, which contains no other changes.
Please consider fixing it for stretch, as it's a confusing and potentially
pretty bad bug.
-- System Information:
Debian Release: 9.0
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64
(x86_64)
Foreign Architectures: i386
Kernel: Linux 4.11.2 (SMP w/40 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cubemap depends on:
ii adduser 3.115
ii init-system-helpers 1.48
ii libc6 2.24-10
ii libgcc1 1:6.3.0-18
pn libprotobuf7 <none>
ii libstdc++6 6.3.0-18
ii lsb-base 9.20161125
cubemap recommends no packages.
Versions of packages cubemap suggests:
ii logrotate 3.11.0-0.1
ii munin-node 2.0.33-1
