Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] stability issue, crash after clicking to play a video (conspiracy theory: crafted packets have been inserted, not verified!) #590

Closed
2 tasks done
openfnord opened this issue Dec 11, 2024 · 4 comments
Closed
2 tasks done

[Bug] stability issue, crash after clicking to play a video (conspiracy theory: crafted packets have been inserted, not verified!) #590

openfnord opened this issue Dec 11, 2024 · 4 comments

Comments

@openfnord
Copy link

Checklist (Your issue will be automatically closed if you delete this part)

  • I make sure that there are no existing issues - open or closed - which I could contribute my information to.
  • I am able to reproduce the bug with the latest version given here: CLICK THIS LINK.
  • [X ] I have attached the error report in the issue.

Describe the bug
Version 4.0.1 from f-droid.org

Frequency
The bug repeated when I used the same VPN-output server and clicked the same video. The page showing the video choice after a search term worked. Touch-Clicking the same video always brought the bug with the enclosed report.
Some stuff like "5 gadgets that are good inventions in 2024" something like that I clicked.
StartupUniversity

Steps to reproduce the bug

Device (e.g. Pixel 9 Pro)
Samsung S10 with newest e.foundation

Error report
{"user_action":"requested stream","request":"https://www.youtube.com/watch?v=QywXvNkdZ9k","content_language":"en-US","content_country":"US","app_language":"en_US","service":"YouTube (Anonymous)","package":"InfinityLoop1309.NewPipeEnhanced","version":"4.0.1","os":"Linux Android 13 - 33","time":"2024-12-11 15:53","exceptions":["org.schabi.newpipe.extractor.exceptions.NotLoginException: com.yausername.youtubedl_android.YoutubeDLException: WARNING: ffmpeg-location /data/app/~~9pLw3PImh-YD4i3WrgLUqQ==/InfinityLoop1309.NewPipeEnhanced-xa0xyXsGTQpKkBqqvoFyWQ==/lib/arm64/libffmpeg.so does not exist! Continuing without ffmpeg\nERROR: [youtube] QywXvNkdZ9k: Sign in to confirm you\u2019re not a bot. Use --cookies-from-browser or --cookies for the authentication. See https://github.com/yt-dlp/yt-dlp/wiki/FAQ#how-do-i-pass-cookies-to-yt-dlp for how to manually pass cookies. Also see https://github.com/yt-dlp/yt-dlp/wiki/Extractors#exporting-youtube-cookies for tips on effectively exporting YouTube cookies\n\n\tat org.schabi.newpipe.util.YtdlpHelper.getFallbackStreams(YtdlpHelper.java:104)\n\tat org.schabi.newpipe.util.ExtractorHelper.lambda$getStreamInfo$3(ExtractorHelper.java:132)\n\tat org.schabi.newpipe.util.ExtractorHelper.$r8$lambda$YTHJjScxCJNO1LTCqs3IKy35iyY(Unknown Source:0)\n\tat org.schabi.newpipe.util.ExtractorHelper$$ExternalSyntheticLambda5.call(Unknown Source:4)\n\tat io.reactivex.rxjava3.internal.operators.single.SingleFromCallable.subscribeActual(SingleFromCallable.java:43)\n\tat io.reactivex.rxjava3.core.Single.subscribe(Single.java:4813)\n\tat io.reactivex.rxjava3.internal.operators.single.SingleDoOnSuccess.subscribeActual(SingleDoOnSuccess.java:35)\n\tat io.reactivex.rxjava3.core.Single.subscribe(Single.java:4813)\n\tat io.reactivex.rxjava3.internal.operators.maybe.MaybeFromSingle.subscribeActual(MaybeFromSingle.java:41)\n\tat io.reactivex.rxjava3.core.Maybe.subscribe(Maybe.java:5330)\n\tat io.reactivex.rxjava3.internal.operators.maybe.MaybeConcatArray$ConcatMaybeObserver.drain(MaybeConcatArray.java:153)\n\tat io.reactivex.rxjava3.internal.operators.maybe.MaybeConcatArray$ConcatMaybeObserver.request(MaybeConcatArray.java:78)\n\tat io.reactivex.rxjava3.internal.operators.flowable.FlowableElementAtMaybe$ElementAtSubscriber.onSubscribe(FlowableElementAtMaybe.java:66)\n\tat io.reactivex.rxjava3.internal.operators.maybe.MaybeConcatArray.subscribeActual(MaybeConcatArray.java:42)\n\tat io.reactivex.rxjava3.core.Flowable.subscribe(Flowable.java:15868)\n\tat io.reactivex.rxjava3.internal.operators.flowable.FlowableElementAtMaybe.subscribeActual(FlowableElementAtMaybe.java:36)\n\tat io.reactivex.rxjava3.core.Maybe.subscribe(Maybe.java:5330)\n\tat io.reactivex.rxjava3.internal.operators.maybe.MaybeToSingle.subscribeActual(MaybeToSingle.java:46)\n\tat io.reactivex.rxjava3.core.Single.subscribe(Single.java:4813)\n\tat io.reactivex.rxjava3.internal.operators.single.SingleSubscribeOn$SubscribeOnObserver.run(SingleSubscribeOn.java:89)\n\tat io.reactivex.rxjava3.core.Scheduler$DisposeTask.run(Scheduler.java:644)\n\tat io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:65)\n\tat io.reactivex.rxjava3.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:56)\n\tat java.util.concurrent.FutureTask.run(FutureTask.java:264)\n\tat java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:307)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)\n\tat java.lang.Thread.run(Thread.java:1012)\nCaused by: com.yausername.youtubedl_android.YoutubeDLException: WARNING: ffmpeg-location /data/app/~~9pLw3PImh-YD4i3WrgLUqQ==/InfinityLoop1309.NewPipeEnhanced-xa0xyXsGTQpKkBqqvoFyWQ==/lib/arm64/libffmpeg.so does not exist! Continuing without ffmpeg\nERROR: [youtube] QywXvNkdZ9k: Sign in to confirm you\u2019re not a bot. Use --cookies-from-browser or --cookies for the authentication. See https://github.com/yt-dlp/yt-dlp/wiki/FAQ#how-do-i-pass-cookies-to-yt-dlp for how to manually pass cookies. Also see https://github.com/yt-dlp/yt-dlp/wiki/Extractors#exporting-youtube-cookies for tips on effectively exporting YouTube cookies\n\n\tat com.yausername.youtubedl_android.YoutubeDL.execute(YoutubeDL.kt:214)\n\tat com.yausername.youtubedl_android.YoutubeDL.getInfo(YoutubeDL.kt:110)\n\tat org.schabi.newpipe.util.YtdlpHelper.getFallbackStreams(YtdlpHelper.java:37)\n\t... 27 more\n"],"user_comment":""}

Additional context
The bug repeated when I used the same VPN-output server and clicked the same video. The page showing the video choice after a search term worked. Touch-Clicking the same video always brought the bug with the enclosed report.
Some stuff like "5 gadgets that are good inventions in 2024" something like that I clicked.

Then I changed the VPN-Server address and the bug did not happen any more.
My conspiracy theory is that some evil side inserted packets into the data stream in order to hack the app.
But this is just conspiracy....
@openfnord
Copy link
Author

openfnord commented Dec 11, 2024
edited
Loading

Could also be unexpected text from youtube " you are a bot". I am quite paranoid ...
Nevertheless the player should be resilient against false data and not crash.
Every crash is a possibility for exploitation! This is how they deliver Trojans to your device ;-)

@InfinityLoop1308
Copy link
Owner

Your VPN server is blocked by YouTube so it shows a error. This is not a crash, which make the whole app get killed.
Sign in or change another server to solve the problem.

@InfinityLoop1308
Copy link
Owner

If you believe there was a crash, attach a screen recording.

@openfnord
Copy link
Author

I got the crash diolog from pipepipe that said it crashed.
So a parser in pipepipe does not work properly. It is not about the behavior of yt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@openfnord @InfinityLoop1308