[rtmpdump] a bug in function SendRTMP

Howard Chu hyc at highlandsun.com
Tue Dec 8 12:16:12 CET 2009 

Lifeng Ren wrote:
>   I think I found a bug in function SendRTMP, which could lead to
> download failure.
>
> Steps to reproduce:
>
> - find a program whose playpath contains more than 128 characters.
>    (justin.tv <http://justin.tv> requires a auth token, which contains
> more than 400
>    characters)
>
> - FCSubscribe packets generated by rtmpdump will not contain '\xc3'
>    (but FCSubscribe packets generated by mozilla will contain '\xc3')
>
> - server will be confused, and rtmpdump will fail.
>
> Facts in the code
>
> - after connect succeed, m_chunkSize will change to some large value
>
> - SendRTMP depends on m_chunkSize. And this is wrong according to the
> spec of RTMP (pp.16 of rtmp_specification_1.0.pdf):
>
> "Chunk size is maintained independently for each direction."

Looks like you're right.

> So SendRTMP should always use 128 for nChunkSize. Here is the patch:

Alternatively we could set a larger chunk size for our writes. I don't see why 
we'd ever want to split any writes into chunks anyway, writes will happen very 
rarely and splitting just adds wasted overhead. Perhaps we should use 512 or 
1024...

> --- rtmp.cpp    (revision 58)
> +++ rtmp.cpp    (working copy)
> @@ -1830,12 +1830,10 @@
>     nSize = packet.m_nBodySize;
>     char *buffer = packet.m_body;
>
> +  int nChunkSize = 128<packet.m_nBodySize ? 128 : packet.m_nBodySize;
>     while (nSize)
>     {
> -    int nChunkSize = packet.m_packetType ==
> 0x14?m_chunkSize:packet.m_nBodySize;
>       int wrote;
> -    if (nSize < m_chunkSize)
> -      nChunkSize = nSize;
>
>       if (header) {
>         wrote=WriteN(header, nChunkSize+hSize);
>
> Some comments on this line:
>
> int nChunkSize = packet.m_packetType == 0x14?m_chunkSize:packet.m_nBodySize;
>
> - it is in the loop, but stay unchanged during the loop
>
> In other words, code here was a quick hack. So it is likely that it
> contain some bug.

nChunkSize doesn't stay unchanged; if a write is split into chunks then the 
tail chunk may be smaller.
   -- hyc

More information about the rtmpdump mailing list