The current running version 6.x of SRS has encountered an error. The error message indicates a heap-buffer-overflow at memory address 0x604000007910. The program counter (pc) was at 0x55bf19bddcab, with base pointer (bp) at 0x7f6225e5de30 and stack pointer (sp) at 0x7f6225e5de20. This error was logged on February 14, 2025, at 02:10:57.075. The error log entry, with ID 80557, indicates that there was a READ operation of size 8 bytes at the memory address 0x604000007910 by thread T1, and it is associated with the internal session or process ID i8224766.

[yangpengfei360]

!!! Before submitting a new bug report, please ensure you have searched for any existing bugs. Duplicate issues or
questions that are overly simple or already addressed in the documentation will be removed without any
response.

Describe the bug
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] =================================================================
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] ==80557==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000007910 at pc 0x55bf19bddcab bp 0x7f6225e5de30 sp 0x7f6225e5de20
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] READ of size 8 at 0x604000007910 thread T1
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #0 0x55bf19bddcaa in impl_SrsAutoFree::impl_SrsAutoFree() src/core/srs_core_autofree.hpp:79, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #1 0x55bf19bd8877 in SrsHttpStreamServer::http_unmount(SrsRequest*) src/app/srs_app_http_stream.cpp:1094, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #2 0x55bf19d25e6c in SrsHttpServer::http_unmount(SrsRequest*) src/app/srs_app_http_conn.cpp:557, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #3 0x55bf19b31d88 in SrsServer::on_unpublish(SrsRequest*) src/app/srs_app_server.cpp:1334, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #4 0x55bf19b90650 in SrsLiveSource::on_unpublish() src/app/srs_app_source.cpp:2649, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #5 0x55bf19b65960 in SrsRtmpConn::release_publish(SrsSharedPtr) src/app/srs_app_rtmp_conn.cpp:1151, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #6 0x55bf19b6206a in SrsRtmpConn::publishing(SrsSharedPtr) src/app/srs_app_rtmp_conn.cpp:964, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #7 0x55bf19b5b3a4 in SrsRtmpConn::stream_service_cycle() src/app/srs_app_rtmp_conn.cpp:658, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #8 0x55bf19b57f56 in SrsRtmpConn::service_cycle() src/app/srs_app_rtmp_conn.cpp:446, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #9 0x55bf19b55095 in SrsRtmpConn::do_cycle() src/app/srs_app_rtmp_conn.cpp:262, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #10 0x55bf19b6ba3f in SrsRtmpConn::cycle() src/app/srs_app_rtmp_conn.cpp:1609, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #11 0x55bf19be4244 in SrsFastCoroutine::cycle() src/app/srs_app_st.cpp:309, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #12 0x55bf19be4399 in SrsFastCoroutine::pfn(void*) src/app/srs_app_st.cpp:324, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #13 0x55bf19fb4b56 in _st_thread_main /home/ecs-user/srs-project/srs-service/srs/trunk/objs/Platform-SRS6-Linux-5.15.0-GCC11.4.0-x86_64/st-srs/sched.c:380, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #14 0x55bf19fb548b in st_thread_create /home/ecs-user/srs-project/srs-service/srs/trunk/objs/Platform-SRS6-Linux-5.15.0-GCC11.4.0-x86_64/st-srs/sched.c:666, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #15 0x55bf19ae0511 in srs_context_set_cid_of(void*, _SrsContextId const&) src/protocol/srs_protocol_log.cpp:91, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #16 0x55bf198d62b0 in _SrsContextId::_SrsContextId() src/core/srs_core.cpp:26, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #17 0x55bf19ae06b4 in impl_SrsContextRestore::~impl_SrsContextRestore() src/protocol/srs_protocol_log.cpp:104, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #18 0x55bf19b312b5 in SrsServer::do_on_tcp_client(ISrsListener*, void*&) src/app/srs_app_server.cpp:1267, r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] #19 0x7f62275fe34f (), r0=1093
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] 0x604000007910 is located 24 bytes to the right of 40-byte region [0x6040000078d0,0x6040000078f8)
[2025-02-14 02:10:57.075][ERROR][80557][i8224766][0] freed by thread T1 here:
[2025-02-14 02:10:57.115][ERROR][80557][i8224766][0] #0 0x55bf19892a27 in operator delete(void*) (/home/ecs-user/srs-project/srs-service/srs/trunk/objs/srs+0x48ba27), 0x00000
[2025-02-14 02:10:57.115][ERROR][80557][i8224766][0] previously allocated by thread T1 here:
[2025-02-14 02:10:57.158][ERROR][80557][i8224766][0] #0 0x55bf19891f07 in operator new(unsigned long) (/home/ecs-user/srs-project/srs-service/srs/trunk/objs/srs+0x48af07), 0x00000
[2025-02-14 02:10:57.158][ERROR][80557][i8224766][0] Thread T1 created by T0 here:
[2025-02-14 02:10:57.196][ERROR][80557][i8224766][0] #0 0x55bf198343c5 in pthread_create (/home/ecs-user/srs-project/srs-service/srs/trunk/objs/srs+0x42d3c5), 0x00000
[2025-02-14 02:10:57.196][ERROR][80557][i8224766][0] #1 0x55bf19e33678 in SrsThreadPool::execute(std::__cxx11::basic_string<char, std::char_traits, std::allocator >, SrsCplxError* ()(void), void*) src/app/srs_app_threads.cpp:825, r0=1093
[2025-02-14 02:10:57.196][ERROR][80557][i8224766][0] #2 0x55bf19fb3431 in run_in_thread_pool() src/main/srs_main_server.cpp:478, r0=1093
[2025-02-14 02:10:57.196][ERROR][80557][i8224766][0] #3 0x55bf19fb31ec in run_directly_or_daemon() src/main/srs_main_server.cpp:456, r0=1093
[2025-02-14 02:10:57.196][ERROR][80557][i8224766][0] #4 0x55bf19fb064a in do_main(int, char**, char**) src/main/srs_main_server.cpp:245, r0=1093
[2025-02-14 02:10:57.196][ERROR][80557][i8224766][0] #5 0x55bf19fb096b in main src/main/srs_main_server.cpp:256, r0=1093
[2025-02-14 02:10:57.232][ERROR][80557][i8224766][0] #6 0x7f622a7d1d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f), 0x00000
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] SUMMARY: AddressSanitizer: heap-buffer-overflow src/core/srs_core_autofree.hpp:79 in impl_SrsAutoFree::~impl_SrsAutoFree()
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Shadow bytes around the buggy address:
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8ed0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8ee0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8ef0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8f00: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8f10: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] =>0x0c087fff8f20: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8f30: fa fa fd fd fd fd fd fa fa fa fa fa fa fa fa fa
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8f40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8f60: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] 0x0c087fff8f70: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Shadow byte legend (one shadow byte represents 8 application bytes):
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Addressable: 00
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Partially addressable: 01 02 03 04 05 06 07
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Heap left redzone: fa
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Freed heap region: fd
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Stack left redzone: f1
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Stack mid redzone: f2
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Stack right redzone: f3
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Stack after return: f5
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Stack use after scope: f8
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Global redzone: f9
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Global init order: f6
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Poisoned by user: f7
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Container overflow: fc
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Array cookie: ac
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Intra object redzone: bb
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] ASan internal: fe
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Left alloca redzone: ca
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Right alloca redzone: cb
[2025-02-14 02:10:57.233][ERROR][80557][i8224766][0] Shadow gap: cc
[2025-02-15 02:59:43.765][INFO][83349][5e1xd6zq] SRS/6.0.134(Hang), MIT

Version
Desribe your SRS Server version here.
SRS/6.0.134(Hang)

To Reproduce
Steps to reproduce the behavior:
I have a device located in a factory that collects GB28181 information from Hikvision cameras. It is equipped with SRS/6.0.134(Hang). After collection, the data is pushed to an SRS server deployed on Alibaba Cloud ECS via RTMP. Initially, it operated normally, but recently, the process on Alibaba Cloud often crashes automatically. Upon analyzing the error logs from each crash, I discovered the aforementioned error.
4. See error

Expected behavior
The system normally receives RTMP pushes and converts them for HLS playback. However, recently, after running for a period of time, it consistently encounters the aforementioned exception.

TRANS_BY_GPT4

[duiniuluantanqin]

1. Check if a core dump file has been generated; if so, please upload it.
2. Test if recording the GB28181 stream as an MP4 file can be replicated; if successful, please upload the MP4 file.
3. Please send the configuration file as well.

TRANS_BY_GPT4

[houjiangen1]

I have compiled several times on the VPS, and after running for a while, this issue occurs with RTMP streaming and HLS playback.

TRANS_BY_GPT4