Open
Description
Describe the bug
When a pull stream request (on_play) occurs at the same time the push stream is disconnected, the coroutine handling on_play may jump to http_unmount to release the SrsLiveStream instance. After on_play finishes and the coroutine jumps back, it encounters a heap-use-after-free crash.
http_hooks_on_play https://github.com/ossrs/srs/blob/6.0release/trunk/src/app/srs_app_http_stream.cpp#L650
Version
6.0release
To Reproduce
Steps to reproduce the behavior:
- Create a Python script to mock the on_play API, with a 5-second delay before responding.
- Start pushing a stream.
- Start pulling the stream, then stop the push stream shortly after.
- SRS crashes.
Expected behavior
no crashes