Recherche avancée

Sur d’autres sites (3253)

• Heroic Defender of the Stack

  27 janvier 2011, par Multimedia Mike — Programming

  Problem Statement

  I have been investigating stack smashing and countermeasures (stack smashing prevention, or SSP). Briefly, stack smashing occurs when a function allocates a static array on the stack and writes past the end of it, onto other local variables and eventually onto other function stack frames. When it comes time to return from the function, the return address has been corrupted and the program ends up some place it really shouldn’t. In the best case, the program just crashes ; in the worst case, a malicious party crafts code to exploit this malfunction.

  Further, debugging such a problem is especially obnoxious because by the time the program has crashed, it has already trashed any record (on the stack) of how it got into the errant state.

  Preventative Countermeasure

  GCC has had SSP since version 4.1. The computer inserts SSP as additional code when the -fstack-protector command line switch is specified. Implementation-wise, SSP basically inserts a special value (the literature refers to this as the ’canary’ as in "canary in the coalmine") at the top of the stack frame when entering the function, and code before leaving the function to make sure the canary didn’t get stepped on. If something happens to the canary, the program is immediately aborted with a message to stderr about what happened. Further, gcc’s man page on my Ubuntu machine proudly trumpets that this functionality is enabled per default ever since Ubuntu 6.10.

  And that’s really all there is to it. Your code is safe from stack smashing by default. Or so the hand-wavy documentation would have you believe.

  Not exactly

  Exercising the SSP

  I wanted to see the SSP in action to make sure it was a real thing. So I wrote some code that smashes the stack in pretty brazen ways so that I could reasonably expect to trigger the SSP (see later in this post for the code). Here’s what I learned that wasn’t in any documentation :

  SSP is only emitted for functions that have static arrays of 8-bit data (i.e., [unsigned] chars). If you have static arrays of other data types (like, say, 32-bit ints), those are still fair game for stack smashing.

  Evaluating the security vs. speed/code size trade-offs, it makes sense that the compiler wouldn’t apply this protection everywhere (I can only muse about how my optimization-obsessive multimedia hacking colleagues would absolute freak out if this code were unilaterally added to all functions). So why are only static char arrays deemed to be "vulnerable objects" (the wording that the gcc man page uses) ? A security hacking colleague suggested that this is probably due to the fact that the kind of data which poses the highest risk is arrays of 8-bit input data from, e.g., network sources.

  The gcc man page also lists an option -fstack-protector-all that is supposed to protect all functions. The man page’s definition of "all functions" perhaps differs from my own since invoking the option does not have differ in result from plain, vanilla -fstack-protector.

  The Valgrind Connection

  "Memory trouble ? Run Valgrind !" That may as well be Valgrind’s marketing slogan. Indeed, it’s the go-to utility for finding troublesome memory-related problems and has saved me on a number of occasions. However, it must be noted that it is useless for debugging this type of problem. If you understand how Valgrind works, this makes perfect sense. Valgrind operates by watching all memory accesses and ensuring that the program is only accessing memory to which it has privileges. In the stack smashing scenario, the program is fully allowed to write to that stack space ; after all, the program recently, legitimately pushed that return value onto the stack when calling the errant, stack smashing function.

  Valgrind embodies a suite of tools. My idea for an addition to this suite would be a mechanism which tracks return values every time a call instruction is encountered. The tool could track the return values in a separate stack data structure, though this might have some thorny consequences for some more unusual program flows. Instead, it might track them in some kind of hash/dictionary data structure and warn the programmer whenever a ’ret’ instruction is returning to an address that isn’t in the dictionary.

  Simple Stack Smashing Code

  Here’s the code I wrote to test exactly how SSP gets invoked in gcc. Compile with ’gcc -g -O0 -Wall -fstack-protector-all -Wstack-protector stack-fun.c -o stack-fun’.

  stack-fun.c :

  PLAIN TEXT

  C :

  1. /* keep outside of the stack frame */
  2. static int i ;
  3.  
  4. void stack_smasher32(void)
  5. {
  6.  int buffer32[8] ;
  7.  // uncomment this array and compile without optimizations
  8.  // in order to force this function to compile with SSP
  9. // char buffer_to_trigger_ssp[8] ;
  10.  
  11.  for (i = 0 ; i <50 ; i++)
  12.   buffer32[i] = 0xA5 ;
  13. }
  14.  
  15. void stack_smasher8(void)
  16. {
  17.  char buffer8[8] ;
  18.  for (i = 0 ; i <50 ; i++)
  19.   buffer8[i] = 0xA5 ;
  20. }
  21.  
  22. int main()
  23. {
  24. // stack_smasher8() ;
  25.  stack_smasher32() ;
  26.  return 0 ;
  27. }

  The above incarnation should just produce the traditional "Segmentation fault". However, uncommenting and executing stack_smasher8() in favor of stack_smasher32() should result in "*** stack smashing detected *** : ./stack-fun terminated", followed by the venerable "Segmentation fault".

  As indicated in the comments for stack_smasher32(), it’s possible to trick the compiler into emitting SSP for a function by inserting an array of at least 8 bytes (any less and SSP won’t emit, as documented, unless gcc’s ssp-buffer-size parameter is tweaked). This has to be compiled with no optimization at all (-O0) or else the compiler will (quite justifiably) optimize away the unused buffer and omit SSP.

  For reference, I ran my tests on Ubuntu 10.04.1 with gcc 4.4.3 compiling the code for both x86_32 and x86_64.

• Time FFMPEG takes to encode a video file

  1er avril 2020, par amateur

  I have recently been working with FFMPEG to do some manipulation on video files, becoming aware of the syntax etc and have found it very helpful. I am looking for some feedback though on the speed it takes to encode file. For example, I run the following command against a video file, 1 hour in length, file extension .mov and 4GB in size, and the command takes just over 4 hours to run. It produces a file 2.2GB in size. I am running it on a high spec i7 laptop.

  &#xA;&#xA;

      ffmpeg -i "C:\MyInputFile.mov" -b:v 4500k -bufsize 4500k -r 50 -bsf:a aac_adtstoasc -vf scale=1920:1080 "C:\MyOutputFile.mp4"

Please see following the log created at the start of the encoding. I dont have the full log unless I let it run again for 4 hours!

    -i "C:\MyInputFile.mov" -b:v 4500k -bufsize 4500k -r 50 -bsf:a aac_adtstoasc -vf scale=1920:1080 "C:\MyOutputFile.mp4"
ffmpeg version 4.2.2 Copyright (c) 2000-2019 the FFmpeg developers
  built with gcc 9.2.1 (GCC) 20200122
  configuration: --enable-gpl --enable-version3 --enable-sdl2 --enable-fontconfig --enable-gnutls --enable-iconv --enable-libass --enable-libdav1d --enable-libbluray --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-libopus --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libtheora --enable-libtwolame --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libzimg --enable-lzma --enable-zlib --enable-gmp --enable-libvidstab --enable-libvorbis --enable-libvo-amrwbenc --enable-libmysofa --enable-libspeex --enable-libxvid --enable-libaom --enable-libmfx --enable-amf --enable-ffnvcodec --enable-cuvid --enable-d3d11va --enable-nvenc --enable-nvdec --enable-dxva2 --enable-avisynth --enable-libopenmpt
  libavutil      56. 31.100 / 56. 31.100
  libavcodec     58. 54.100 / 58. 54.100
  libavformat    58. 29.100 / 58. 29.100
  libavdevice    58.  8.100 / 58.  8.100
  libavfilter     7. 57.100 /  7. 57.100
  libswscale      5.  5.100 /  5.  5.100
  libswresample   3.  5.100 /  3.  5.100
  libpostproc    55.  5.100 / 55.  5.100
Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'C:\MyInputFile.mov':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    creation_time   : 2019-06-24T18:14:35.000000Z
    timecode        : 10:00:00:00
  Duration: 01:09:20.12, start: 0.000000, bitrate: 8092 kb/s
    Stream #0:0(eng): Video: mpeg4 (Advanced Simple Profile) (mp4v / 0x7634706D), yuv420p(pc, smpte170m/unknown/smpte170m), 1024x576 [SAR 1:1 DAR 16:9], 6553 kb/s, 25 fps, 25 tbr, 25k tbn, 1k tbc (default)
    Metadata:
      creation_time   : 2019-06-24T18:14:35.000000Z
      handler_name    : Apple Video Media Handler
      encoder         : MPEG-4 Video
    Stream #0:1(eng): Audio: pcm_s16le (sowt / 0x74776F73), 48000 Hz, stereo, s16, 1536 kb/s (default)
    Metadata:
      creation_time   : 2019-06-24T18:14:36.000000Z
      handler_name    : Apple Sound Media Handler
    Stream #0:2(eng): Data: none (tmcd / 0x64636D74) (default)
    Metadata:
      creation_time   : 2019-06-24T19:32:28.000000Z
      handler_name    : Time Code Media Handler
      timecode        : 10:00:00:00
Stream mapping:
  Stream #0:0 -> #0:0 (mpeg4 (native) -> h264 (libx264))
  Stream #0:1 -> #0:1 (pcm_s16le (native) -> aac (native))
Press [q] to stop, [?] for help
[libx264 @ 000001d8655322c0] VBV maxrate unspecified, assuming CBR
[libx264 @ 000001d8655322c0] using SAR=1/1
[libx264 @ 000001d8655322c0] using cpu capabilities: MMX2 SSE2Fast SSSE3 SSE4.2 AVX FMA3 BMI2 AVX2
[libx264 @ 000001d8655322c0] profile High, level 4.2, 4:2:0, 8-bit
[libx264 @ 000001d8655322c0] 264 - core 159 - H.264/MPEG-4 AVC codec - Copyleft 2003-2019 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1
chroma_qp_offset=-2 threads=6 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=cbr mbtree=1 bitrate=4500 ratetol=1.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 vbv_maxrate=4500 vbv_bufsize=4500 nal_hrd=none filler=0 ip_ratio=1.40 aq=1:1.00
Output #0, mp4, to ' C:\MyOutputFile.mp4':
  Metadata:
    major_brand     : qt
    minor_version   : 537199360
    compatible_brands: qt
    timecode        : 10:00:00:00
    encoder         : Lavf58.29.100
    Stream #0:0(eng): Video: h264 (libx264) (avc1 / 0x31637661), yuv420p(progressive), 1920x1080 [SAR 1:1 DAR 16:9], q=-1--1, 4500 kb/s, 0.02 fps, 12800 tbn, 50 tbc (default)
    Metadata:
      creation_time   : 2019-06-24T18:14:35.000000Z
      handler_name    : Apple Video Media Handler
      encoder         : Lavc58.54.100 libx264
    Side data:
      cpb: bitrate max/min/avg: 0/0/4500000 buffer size: 4500000 vbv_delay: -1
    Stream #0:1(eng): Audio: aac (LC) (mp4a / 0x6134706D), 48000 Hz, stereo, fltp, 128 kb/s (default)
    Metadata:
      creation_time   : 2019-06-24T18:14:36.000000Z
      handler_name    : Apple Sound Media Handler
      encoder         : Lavc58.54.100 aac
frame=  273 fps= 21 q=31.0 size=    2048kB time=00:00:05.44 bitrate=3084.1kbits/s dup=136 drop=0 speed=0.415x


  &#xA;&#xA;

  Is there any modification I can make to the command to encode it in less time ?

  &#xA;

• ffmpeg is reading SDP from RTSP stream but unable to save a screenshot. is it network or utility issue ?

  8 juillet 2017, par Paul Serikov

  My task is to get a screenshot from IP camera rtsp stream via ffmpeg.
  I got following error when I’m trying to do that on DigitalOcean droplet :

  root@docker-512mb-fra1-01:~# ffmpeg -hide_banner -loglevel debug -i rtsp://10.132.193.9//ch0.h264 -f image2 latest.jpg
  
  Splitting the commandline.
  
  Reading option '-hide_banner' ... matched as option 'hide_banner' (do not show program banner) with argument '1'.
  
  Reading option '-loglevel' ... matched as option 'loglevel' (set logging level) with argument 'debug'.
  
  Reading option '-i' ... matched as input url with argument 'rtsp://10.132.193.9//ch0.h264'.
  
  Reading option '-f' ... matched as option 'f' (force format) with argument 'image2'.
  
  Reading option 'latest.jpg' ... matched as output url.
  
  Finished splitting the commandline.
  
  Parsing a group of options: global .
  
  Applying option hide_banner (do not show program banner) with argument 1.
  
  Applying option loglevel (set logging level) with argument debug.
  
  Successfully parsed a group of options.
  
  Parsing a group of options: input url rtsp://10.132.193.9//ch0.h264.
  
  Successfully parsed a group of options.
  
  Opening an input file: rtsp://10.132.193.9//ch0.h264.
  
  [rtsp @ 0x1298440] SDP:
  
  v=0
  
  o=- 1499314217993040 1 IN IP4 192.168.1.128
  
  s=H.264 Program Stream, streamed by the LIVE555 Media Server
  
  i=ch0.h264
  
  t=0 0
  
  a=DevVer:pusher2
  
  a=GroupName:IPCAM
  
  a=NickName:CIF
  
  a=CfgSection:PROG_CHN0
  
  a=tool:LIVE555 Streaming Media v2011.08.13
  
  a=type:broadcast
  
  a=control:*
  
  a=range:npt=0-
  
  a=x-qt-text-nam:H.264 Program Stream, streamed by the LIVE555 Media Server
  
  a=x-qt-text-inf:ch0.h264
  
  m=video 0 RTP/AVP 96
  
  c=IN IP4 0.0.0.0
  
  b=AS:4000
  
  a=rtpmap:96 H264/90000
  
  a=control:trackID=1
  
  a=fmtp:96 packetization-mode=1;profile-level-id=64001F;sprop-parameter-sets=Z2QAH6wrUCgC3IA=,aO48MA==
  
  a=framesize:96 1280-720
  
  a=cliprect:0,0,1280,720
  
  m=audio 0 RTP/AVP 97
  
  a=rtpmap:97 mpeg4-generic/8000/2
  
  a=fmtp:97 streamtype=5;profile-level-id=1;cpresent=0;mode=AAC-hbr;sizelength=13;indexlength=3;indexdeltalength=3;config=1590
  
  a=control:trackID=2
  
  
  
  Failed to parse interval end specification ''
  
  [rtsp @ 0x1298440] video codec set to: h264
  
  [rtsp @ 0x1298440] RTP Packetization Mode: 1
  
  [rtsp @ 0x1298440] RTP Profile IDC: 64 Profile IOP: 0 Level: 1f
  
  [rtsp @ 0x1298440] Extradata set to 0x1298a20 (size: 23)
  
  [rtsp @ 0x1298440] audio codec set to: aac
  
  [rtsp @ 0x1298440] audio samplerate set to: 8000
  
  [rtsp @ 0x1298440] audio channels set to: 2
  
  [udp @ 0x129e7e0] end receive buffer size reported is 131072
  
  [udp @ 0x129e680] end receive buffer size reported is 131072
  
  [udp @ 0x12bf380] end receive buffer size reported is 131072
  
  [udp @ 0x12bf1c0] end receive buffer size reported is 131072
  
  [rtsp @ 0x1298440] hello state=0
  
  [rtsp @ 0x1298440] UDP timeout, retrying with TCP
  
  [rtsp @ 0x1298440] hello state=0
  
  [rtsp @ 0x1298440] Could not find codec parameters for stream 0 (Video: h264, 1 reference frame, none(left), 1280x720, 1/180000): unspecified pixel format
  
  Consider increasing the value for the 'analyzeduration' and 'probesize' options
  
  Input #0, rtsp, from 'rtsp://10.132.193.9//ch0.h264':
  
    Metadata:
  
      title           : H.264 Program Stream, streamed by the LIVE555 Media Server
  
      comment         : ch0.h264
  
    Duration: N/A, start: 0.000000, bitrate: N/A
  
      Stream #0:0, 0, 1/90000: Video: h264, 1 reference frame, none(left), 1280x720, 1/180000, 90k tbr, 90k tbn, 180k tbc
  
      Stream #0:1, 0, 1/8000: Audio: aac, 8000 Hz, stereo, fltp
  
  Successfully opened the file.
  
  Parsing a group of options: output url latest.jpg.
  
  Applying option f (force format) with argument image2.
  
  Successfully parsed a group of options.
  
  Opening an output file: latest.jpg.
  
  Successfully opened the file.
  
  detected 1 logical cores
  
  [graph 0 input from stream 0:0 @ 0x1298280] Setting 'video_size' to value '1280x720'
  
  [graph 0 input from stream 0:0 @ 0x1298280] Setting 'pix_fmt' to value '-1'
  
  [buffer @ 0x12f9680] Unable to parse option value "-1" as pixel format
  
  [graph 0 input from stream 0:0 @ 0x1298280] Setting 'time_base' to value '1/90000'
  
  [graph 0 input from stream 0:0 @ 0x1298280] Setting 'pixel_aspect' to value '0/1'
  
  [graph 0 input from stream 0:0 @ 0x1298280] Setting 'sws_param' to value 'flags=2'
  
  [graph 0 input from stream 0:0 @ 0x1298280] Setting 'frame_rate' to value '180000/2'
  
  [buffer @ 0x12f9680] Unable to parse option value "-1" as pixel format
  
  [buffer @ 0x12f9680] Error setting option pix_fmt to value -1.
  
  [graph 0 input from stream 0:0 @ 0x1298280] Error applying options to the filter.
  
  Error opening filters!
  
  Exiting normally, received signal 2.

  As you see, ffmpeg is able to read SDP metadata, but for some reason is unable to save a screenshot

  Also same command works fine on my laptop with same VPN configuration !

  Just in case, IP camera doesn’t have a public IP address and accessible via VPN.

  What could be wrong and how to debug ?

  I tried to increase -analyzeduration and -probesize options from default 5s to 30s, but it doesn’t work.