From 5134326314e562de25f90046b1beb4e29e2ecf40 Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Date: Fri, 22 Mar 2019 22:56:41 +0100
Subject: [PATCH] If a HTTP server backlog becomes very large (>1 GB), kill the
 connection to avoid runaway OOM.

---
 shared/httpd.cpp | 20 ++++++++++++++++++--
 shared/httpd.h   |  3 ++-
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/shared/httpd.cpp b/shared/httpd.cpp
index 5442e7f..f447f54 100644
--- a/shared/httpd.cpp
+++ b/shared/httpd.cpp
@@ -182,7 +182,7 @@ ssize_t HTTPD::Stream::reader_callback(uint64_t pos, char *buf, size_t max)
 	unique_lock<mutex> lock(buffer_mutex);
 	has_buffered_data.wait(lock, [this] { return should_quit || !buffered_data.empty(); });
 	if (should_quit) {
-		return 0;
+		return -1;
 	}
 
 	ssize_t ret = 0;
@@ -196,6 +196,7 @@ ssize_t HTTPD::Stream::reader_callback(uint64_t pos, char *buf, size_t max)
 			buf += len;
 			ret += len;
 			max -= len;
+			buffered_data_bytes -= s.size();
 			buffered_data.pop_front();
 			used_of_buffered_data = 0;
 		} else {
@@ -213,7 +214,7 @@ ssize_t HTTPD::Stream::reader_callback(uint64_t pos, char *buf, size_t max)
 
 void HTTPD::Stream::add_data(const char *buf, size_t buf_size, HTTPD::Stream::DataType data_type, int64_t time, AVRational timebase)
 {
-	if (buf_size == 0) {
+	if (buf_size == 0 || should_quit) {
 		return;
 	}
 	if (data_type == DATA_TYPE_KEYFRAME) {
@@ -225,6 +226,17 @@ void HTTPD::Stream::add_data(const char *buf, size_t buf_size, HTTPD::Stream::Da
 
 	lock_guard<mutex> lock(buffer_mutex);
 
+	if (buffered_data_bytes + buf_size > (1ULL << 30)) {
+		// More than 1GB of backlog; the client obviously isn't keeping up,
+		// so kill it instead of going out of memory. Note that this
+		// won't kill the client immediately, but will cause the next callback
+		// to kill the client.
+		should_quit = true;
+		buffered_data.clear();
+		has_buffered_data.notify_all();
+		return;
+	}
+
 	if (framing == FRAMING_METACUBE) {
 		int flags = 0;
 		if (data_type == DATA_TYPE_HEADER) {
@@ -249,6 +261,7 @@ void HTTPD::Stream::add_data(const char *buf, size_t buf_size, HTTPD::Stream::Da
 			hdr.csum = htons(metacube2_compute_crc(&hdr));
 			buffered_data.emplace_back((char *)&hdr, sizeof(hdr));
 			buffered_data.emplace_back((char *)&packet, sizeof(packet));
+			buffered_data_bytes += sizeof(hdr) + sizeof(packet);
 		}
 
 		metacube2_block_header hdr;
@@ -257,8 +270,10 @@ void HTTPD::Stream::add_data(const char *buf, size_t buf_size, HTTPD::Stream::Da
 		hdr.flags = htons(flags);
 		hdr.csum = htons(metacube2_compute_crc(&hdr));
 		buffered_data.emplace_back((char *)&hdr, sizeof(hdr));
+		buffered_data_bytes += sizeof(hdr);
 	}
 	buffered_data.emplace_back(buf, buf_size);
+	buffered_data_bytes += buf_size;
 
 	// Send a Metacube2 timestamp every keyframe.
 	if (framing == FRAMING_METACUBE && data_type == DATA_TYPE_KEYFRAME) {
@@ -277,6 +292,7 @@ void HTTPD::Stream::add_data(const char *buf, size_t buf_size, HTTPD::Stream::Da
 		hdr.csum = htons(metacube2_compute_crc(&hdr));
 		buffered_data.emplace_back((char *)&hdr, sizeof(hdr));
 		buffered_data.emplace_back((char *)&packet, sizeof(packet));
+		buffered_data_bytes += sizeof(hdr) + sizeof(packet);
 	}
 
 	has_buffered_data.notify_all();
diff --git a/shared/httpd.h b/shared/httpd.h
index 2a62859..6c9a254 100644
--- a/shared/httpd.h
+++ b/shared/httpd.h
@@ -106,7 +106,8 @@ private:
 		bool should_quit = false;  // Under <buffer_mutex>.
 		std::condition_variable has_buffered_data;
 		std::deque<std::string> buffered_data;  // Protected by <buffer_mutex>.
-		size_t used_of_buffered_data = 0;  // How many bytes of the first element of <buffered_data> that is already used. Protected by <mutex>.
+		size_t used_of_buffered_data = 0;  // How many bytes of the first element of <buffered_data> that is already used. Protected by <buffer_mutex>.
+		size_t buffered_data_bytes = 0;  // The sum of all size() in buffered_data. Protected by <buffer_mutex>.
 		size_t seen_keyframe = false;
 		StreamType stream_type;
 	};
-- 
2.39.2