From ea7e2c28491ae61cc1b7aaa207ce38a74fa36487 Mon Sep 17 00:00:00 2001
From: Jacob Su <suzp1984@gmail.com>
Date: Fri, 21 Jun 2024 15:59:15 +0800
Subject: [PATCH] Fix security scan problems. v6.0.131 (#4100)

1. fix redundant null check, there is no potential risks by the way,
just redundant null check.
2. Potential use pointer after free, that's not true. So we can ignore
this one, or find a way to make stupid security tool happy.

---------

Co-authored-by: winlin <winlinvip@gmail.com>
---
 trunk/doc/CHANGELOG.md                | 1 +
 trunk/src/app/srs_app_http_stream.cpp | 8 +++-----
 trunk/src/app/srs_app_source.cpp      | 8 ++++----
 trunk/src/core/srs_core_version6.hpp  | 2 +-
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/trunk/doc/CHANGELOG.md b/trunk/doc/CHANGELOG.md
index 8e5f2d4e7b..044c8221b7 100644
--- a/trunk/doc/CHANGELOG.md
+++ b/trunk/doc/CHANGELOG.md
@@ -7,6 +7,7 @@ The changelog for SRS.
 <a name="v6-changes"></a>
 
 ## SRS 6.0 Changelog
+* v6.0, 2024-06-21, Merge [#4100](https://github.com/ossrs/srs/pull/4100): Fix security scan problems. v6.0.131 (#4100)
 * v6.0, 2024-06-21, Merge [#4097](https://github.com/ossrs/srs/pull/4097): SmartPtr: Support load test for source by srs-bench. v6.0.130 (#4097)
 * v6.0, 2024-06-15, Merge [#4089](https://github.com/ossrs/srs/pull/4089): SmartPtr: Support shared ptr for live source. v6.0.129 (#4089)
 * v6.0, 2024-06-14, Merge [#4085](https://github.com/ossrs/srs/pull/4085): SmartPtr: Support shared ptr for RTC source. v6.0.128 (#4085)
diff --git a/trunk/src/app/srs_app_http_stream.cpp b/trunk/src/app/srs_app_http_stream.cpp
index 03e8064c7f..20fbec3d37 100755
--- a/trunk/src/app/srs_app_http_stream.cpp
+++ b/trunk/src/app/srs_app_http_stream.cpp
@@ -1204,11 +1204,9 @@ srs_error_t SrsHttpStreamServer::hijack(ISrsHttpMessage* request, ISrsHttpHandle
     }
     
     // use the handler if exists.
-    if (ph) {
-        if (streamHandlers.find(sid) != streamHandlers.end()) {
-            entry = streamHandlers[sid];
-            *ph = entry->stream;
-        }
+    if (streamHandlers.find(sid) != streamHandlers.end()) {
+        entry = streamHandlers[sid];
+        *ph = entry->stream;
     }
     
     // trigger edge to fetch from origin.
diff --git a/trunk/src/app/srs_app_source.cpp b/trunk/src/app/srs_app_source.cpp
index 03fc657f62..603296bf6f 100755
--- a/trunk/src/app/srs_app_source.cpp
+++ b/trunk/src/app/srs_app_source.cpp
@@ -199,15 +199,15 @@ void SrsFastVector::push_back(SrsSharedPtrMessage* msg)
     // increase vector.
     if (count >= nb_msgs) {
         int size = srs_max(SRS_PERF_MW_MSGS * 8, nb_msgs * 2);
-        SrsSharedPtrMessage** buf = new SrsSharedPtrMessage*[size];
+        SrsSharedPtrMessage** buf = msgs;
+        msgs = new SrsSharedPtrMessage*[size];
         for (int i = 0; i < nb_msgs; i++) {
-            buf[i] = msgs[i];
+            msgs[i] = buf[i];
         }
         srs_info("fast vector incrase %d=>%d", nb_msgs, size);
         
         // use new array.
-        srs_freepa(msgs);
-        msgs = buf;
+        srs_freepa(buf);
         nb_msgs = size;
     }
     
diff --git a/trunk/src/core/srs_core_version6.hpp b/trunk/src/core/srs_core_version6.hpp
index 3ff7d6edd4..ac4d68f7fa 100644
--- a/trunk/src/core/srs_core_version6.hpp
+++ b/trunk/src/core/srs_core_version6.hpp
@@ -9,6 +9,6 @@
 
 #define VERSION_MAJOR       6
 #define VERSION_MINOR       0
-#define VERSION_REVISION    130
+#define VERSION_REVISION    131
 
 #endif