[rtmpdump] add packet size check in ServeInvoke() for rtmpsuck

matus uzak matus.uzak at gmail.com
Tue Jan 12 21:42:37 CET 2016


Consider to create a pull request on github, check the project name in this
conversation:

http://lists.mplayerhq.hu/pipermail/rtmpdump/2015-August/002475.html

There's no better option to track patches at the moment.

On Tue, Jan 12, 2016 at 8:43 AM, fcicq <fcicq at fcicq.net> wrote:

> The caller of ServeInvoke() is ServePacket().
>
>     case RTMP_PACKET_TYPE_FLEX_MESSAGE:
>       // flex message
>       {
>         ret = ServeInvoke(server, which, packet, packet->m_body + 1);
>         break;
>       }
>     case RTMP_PACKET_TYPE_INVOKE:
>       // invoke
>       ret = ServeInvoke(server, which, packet, packet->m_body);
>       break;
>
>
> but sadly, if nBodySize is 0, packet->m_body or body in ServeInvoke()
> which will also become null, would you expect AMF_Decode() to output an
> usable command?
>
>
>
>
>
>
>
>
>
> Maybe this empty packet should trigger a warning type log, but as long as
> the return value is 0, that is not so critical.
>
>
>
>
>
> The Video.DimensionChange event is a courtesy event from the player and
> does not exist on the wire. Empty packets are valid part of the spec. They
> have a number of uses in RTMP.
>
> Sent from my iPhone
>
> > On Jan 11, 2016, at 12:20 PM, fcicq <fcicq at fcicq.net> wrote:
> >
> > Without the nBodySize check, the later (body[0] != 0x02) check will
> trigger a null pointer deference and cause a crash.
> > This kind of empty packet may have some relationship with
> NetStream.Video.DimensionChange event.
> >
> > diff --git a/rtmpsuck.c b/rtmpsuck.c
> > index e886179..633a1f3 100644
> > --- a/rtmpsuck.c
> > +++ b/rtmpsuck.c
> > @@ -160,6 +160,12 @@ ServeInvoke(STREAMING_SERVER *server, int which,
> RTMPPacket *pack, const char *b
> > int ret = 0, nRes;
> > int nBodySize = pack->m_nBodySize;
> >
> > + if (!nBodySize)
> > + {
> > + RTMP_Log(RTMP_LOGERROR, "%s, empty packet from %s", __FUNCTION__,
> cst[which]);
> > + return 0;
> > + }
> > +
> > if (body > pack->m_body)
> > nBodySize--;
> >
> >
> > _______________________________________________
> > rtmpdump mailing list
> > rtmpdump at mplayerhq.hu
> > https://lists.mplayerhq.hu/mailman/listinfo/rtmpdump
> _______________________________________________
> rtmpdump mailing list
> rtmpdump at mplayerhq.hu
> https://lists.mplayerhq.hu/mailman/listinfo/rtmpdump
>
>
> _______________________________________________
> rtmpdump mailing list
> rtmpdump at mplayerhq.hu
> https://lists.mplayerhq.hu/mailman/listinfo/rtmpdump
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mplayerhq.hu/pipermail/rtmpdump/attachments/20160112/2142afee/attachment.html>


More information about the rtmpdump mailing list