[rtmpdump] a bug in function SendRTMP

Lifeng Ren renlifeng at gmail.com
Tue Dec 8 09:41:20 CET 2009


 I think I found a bug in function SendRTMP, which could lead to
download failure.

Steps to reproduce:

- find a program whose playpath contains more than 128 characters.
  (justin.tv requires a auth token, which contains more than 400
  characters)

- FCSubscribe packets generated by rtmpdump will not contain '\xc3'
  (but FCSubscribe packets generated by mozilla will contain '\xc3')

- server will be confused, and rtmpdump will fail.

Facts in the code

- after connect succeed, m_chunkSize will change to some large value

- SendRTMP depends on m_chunkSize. And this is wrong according to the
spec of RTMP (pp.16 of rtmp_specification_1.0.pdf):

    "Chunk size is maintained independently for each direction."

So SendRTMP should always use 128 for nChunkSize. Here is the patch:

--- rtmp.cpp    (revision 58)
+++ rtmp.cpp    (working copy)
@@ -1830,12 +1830,10 @@
   nSize = packet.m_nBodySize;
   char *buffer = packet.m_body;

+  int nChunkSize = 128<packet.m_nBodySize ? 128 : packet.m_nBodySize;
   while (nSize)
   {
-    int nChunkSize = packet.m_packetType ==
0x14?m_chunkSize:packet.m_nBodySize;
     int wrote;
-    if (nSize < m_chunkSize)
-      nChunkSize = nSize;

     if (header) {
       wrote=WriteN(header, nChunkSize+hSize);

Some comments on this line:

int nChunkSize = packet.m_packetType == 0x14?m_chunkSize:packet.m_nBodySize;

- it is in the loop, but stay unchanged during the loop

In other words, code here was a quick hack. So it is likely that it
contain some bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mplayerhq.hu/pipermail/rtmpdump/attachments/20091208/29bc8cb1/attachment.htm>


More information about the rtmpdump mailing list