From: Andre Noll Date: Thu, 23 Apr 2009 15:18:03 +0000 (+0200) Subject: [udp_send] Refuse to stream files with invalid chunk tables. X-Git-Tag: v0.3.4~16^2 X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=a2872df1d181fe8ed736fcf2bda09134c380d5d2 [udp_send] Refuse to stream files with invalid chunk tables. If an audio file contains a chunk so large that even the maximal possible number of slices is not sufficient to put this chunk into a single FEC group, we must refuse to send this file. It's likely a corrupt file anyway. The old code in num_slices() was buggy as it returned the number of slices needed to send the file as an uint8_t, so the return value was actually the number of needed slices mod 256. This could trigger the assert() in setup_next_fec_group() which checks that the group contains at least one chunk. This patch changes num_slices() to detect this situation more reliably. As it is likely caused by a bad audio file rather than by a networking problem, we do _not_ kick the fec client, but deactivate it for the current file only. This requires the new "error" member of struct fec_client which indicates a temporarily disabled fec client. --- diff --git a/error.h b/error.h index 94a41202..17f3703f 100644 --- a/error.h +++ b/error.h @@ -347,6 +347,7 @@ extern const char **para_errlist[]; #define VSS_ERRORS \ PARA_ERROR(NOFD, "did not receive open fd from afs"), \ + PARA_ERROR(BAD_CT, "invalid chunk table or bad FEC configuration") #define CRYPT_ERRORS \ diff --git a/vss.c b/vss.c index 10780cbf..6304fc53 100644 --- a/vss.c +++ b/vss.c @@ -124,13 +124,15 @@ struct fec_group { /** The group duration divided by the number of slices. */ struct timeval slice_duration; /** Group contains the audio file header that occupies that many slices. */ - unsigned num_header_slices; + uint8_t num_header_slices; }; /** * Describes one connected FEC client. */ struct fec_client { + /** If negative, this client is temporarily disabled. */ + int error; /** Parameters requested by the client. */ struct fec_client_parms *fcp; /** Used by the core FEC code. */ @@ -215,15 +217,24 @@ static int need_audio_header(struct fec_client *fc, struct vss_task *vsst) return 1; } -static uint8_t num_slices(long unsigned bytes, struct fec_client *fc) +static int num_slices(long unsigned bytes, struct fec_client *fc, uint8_t *result) { - uint16_t m = fc->fcp->max_slice_bytes - FEC_HEADER_SIZE; - return (bytes + m - 1) / m; + unsigned long m = fc->fcp->max_slice_bytes - FEC_HEADER_SIZE; + unsigned rv, redundant_slices = fc->fcp->slices_per_group + - fc->fcp->data_slices_per_group; + + if (!m) + return -E_BAD_CT; + rv = (bytes + m - 1) / m; + if (rv + redundant_slices > 255) + return -E_BAD_CT; + *result = rv; + return 1; } static int setup_next_fec_group(struct fec_client *fc, struct vss_task *vsst) { - int i, k, data_slices; + int ret, i, k, data_slices; size_t len; const char *buf, *start_buf; struct timeval tmp, *chunk_tv = vss_chunk_time(); @@ -236,12 +247,15 @@ static int setup_next_fec_group(struct fec_client *fc, struct vss_task *vsst) if (fc->first_stream_chunk < 0) { uint32_t largest = afh_get_largest_chunk_size(&mmd->afd.afhi) + vsst->header_len; - uint8_t needed = num_slices(largest, fc), want; + uint8_t needed, want; + + ret = num_slices(largest, fc, &needed); + if (ret < 0) + return ret; if (needed > fc->fcp->data_slices_per_group) PARA_WARNING_LOG("fec parms insufficient for this audio file\n"); want = PARA_MAX(needed, fc->fcp->data_slices_per_group); if (want != k) { - int ret; fec_free(fc->parms); fc->src_data = para_realloc(fc->src_data, want * sizeof(char *)); ret = fec_new(want, want + fc->fcp->slices_per_group @@ -266,9 +280,11 @@ static int setup_next_fec_group(struct fec_client *fc, struct vss_task *vsst) } if (g->first_chunk >= mmd->afd.afhi.chunks_total) return 0; - if (need_audio_header(fc, vsst)) - g->num_header_slices = num_slices(vsst->header_len, fc); - else + if (need_audio_header(fc, vsst)) { + ret = num_slices(vsst->header_len, fc, &g->num_header_slices); + if (ret < 0) + return ret; + } else g->num_header_slices = 0; afh_get_chunk(g->first_chunk, &mmd->afd.afhi, vsst->map, &start_buf, &len); @@ -338,11 +354,18 @@ static int setup_next_fec_group(struct fec_client *fc, struct vss_task *vsst) static int compute_next_fec_slice(struct fec_client *fc, struct vss_task *vsst) { + assert(fc->error >= 0); if (fc->first_stream_chunk < 0 || fc->current_slice_num == fc->fcp->slices_per_group + fc->num_extra_slices) { int ret = setup_next_fec_group(fc, vsst); - if (ret <= 0) - return ret; + if (ret == 0) + return 0; + if (ret < 0) { + PARA_ERROR_LOG("%s\n", para_strerror(-ret)); + PARA_ERROR_LOG("FEC client temporarily disabled\n"); + fc->error = ret; + return fc->error; + } } write_fec_header(fc, vsst); fec_encode(fc->parms, fc->src_data, fc->enc_buf + FEC_HEADER_SIZE, @@ -447,6 +470,8 @@ static void compute_slice_timeout(struct timeval *timeout) list_for_each_entry(fc, &fec_client_list, node) { struct timeval diff; + if (fc->error < 0) + continue; if (next_slice_is_due(fc, &diff)) { timeout->tv_sec = 0; timeout->tv_usec = 0; @@ -468,6 +493,9 @@ static void set_eof_barrier(struct vss_task *vsst) goto out; list_for_each_entry(fc, &fec_client_list, node) { struct timeval group_duration; + + if (fc->error < 0) + continue; tv_scale(fc->group.num_chunks, chunk_tv, &group_duration); if (tv_diff(&timeout, &group_duration, NULL) < 0) timeout = group_duration; @@ -665,8 +693,10 @@ static void vss_pre_select(struct sched *s, struct task *t) for (i = 0; senders[i].name; i++) if (senders[i].shutdown_clients) senders[i].shutdown_clients(); - list_for_each_entry_safe(fc, tmp, &fec_client_list, node) + list_for_each_entry_safe(fc, tmp, &fec_client_list, node) { fc->first_stream_chunk = -1; + fc->error = 0; + } mmd->stream_start.tv_sec = 0; mmd->stream_start.tv_usec = 0; } @@ -809,6 +839,8 @@ static void vss_send(struct vss_task *vsst) &due, 1) < 0) return; list_for_each_entry_safe(fc, tmp_fc, &fec_client_list, node) { + if (fc->error < 0) + continue; if (!next_slice_is_due(fc, NULL)) continue; if (compute_next_fec_slice(fc, vsst) <= 0)