[rtmpdump] [PATCH] rtmpdump tcURL buffer too small

Adam Malcontenti-Wilson adman.com at gmail.com
Tue Nov 8 11:02:19 CET 2011


Hi,
Increasing a fixed-size buffer seems a bit wasteful, and could
possibly become another bug in the future if urls somehow get even
longer. Calculating the size shouldn't be too difficult, and it can
also remove the step of having to copy from one buffer to another,
although will require anyone editing that code to update the
calculation step.
(5 characters assumed for port number, plus 5 extra characters = +10)
Proposed Patch:
diff --git a/rtmpdump.c b/rtmpdump.c
index 01decf9..22774a6 100644
--- a/rtmpdump.c
+++ b/rtmpdump.c
@@ -1152,13 +1152,14 @@ main(int argc, char **argv)

   if (tcUrl.av_len == 0)
     {
-      char str[512] = { 0 };
-
-      tcUrl.av_len = snprintf(str, 511, "%s://%.*s:%d/%.*s",
+      // Be sure to update this calculation when adding characters to
tcUrl snprintf to avoid truncation
+      tcUrl.av_len = strlen(RTMPProtocolStringsLower[protocol]) +
hostname.av_len + app.av_len + 10;
+      tcUrl.av_val = (char *) malloc(tcUrl.av_len + 1);
+      if (!tcUrl.av_val)
+          return RD_FAILED;
+      tcUrl.av_len = snprintf(tcUrl.av_val, tcUrl.av_len, "%s://%.*s:%d/%.*s",
 	  	   RTMPProtocolStringsLower[protocol], hostname.av_len,
 		   hostname.av_val, port, app.av_len, app.av_val);
-      tcUrl.av_val = (char *) malloc(tcUrl.av_len + 1);
-      strcpy(tcUrl.av_val, str);
     }

   int first = 1;

On Tue, Nov 8, 2011 at 10:00 AM, Robin Lewis <robin at robinlewis.com> wrote:
> Hi
> I found an issue where rtmpdump failed because a fixed-size buffer for tcURL
> was too small. The particular problem instance could be resolved by doubling
> the hard-coded buffer size, but it would be better eventually to work out
> the required size and malloc the buffer.
> I understand this issue has been noticed by others and discussed elsewhere
> (e.g. stream-recorder.com/forum/specify-tcurl-rtmpdump-might-not-work-t10355.html)
> My proposed basic patch is therefore:
> diff --git a/rtmpdump/rtmpdump.c b/rtmpdump/rtmpdump.c
> index 01decf9..e06fe85 100644
> --- a/rtmpdump/rtmpdump.c
> +++ b/rtmpdump/rtmpdump.c
> @@ -1152,9 +1152,9 @@ main(int argc, char **argv)
>    if (tcUrl.av_len == 0)
>      {
> -      char str[512] = { 0 };
> +      char str[1024] = { 0 };
> -      tcUrl.av_len = snprintf(str, 511, "%s://%.*s:%d/%.*s",
> +      tcUrl.av_len = snprintf(str, 1023, "%s://%.*s:%d/%.*s",
>                    RTMPProtocolStringsLower[protocol], hostname.av_len,
>                    hostname.av_val, port, app.av_len, app.av_val);
>        tcUrl.av_val = (char *) malloc(tcUrl.av_len + 1);
> _______________________________________________
> rtmpdump mailing list
> rtmpdump at mplayerhq.hu
> https://lists.mplayerhq.hu/mailman/listinfo/rtmpdump
>
>
-- 
Adam Malcontenti-Wilson


More information about the rtmpdump mailing list