Changeset 29007

Show
Ignore:
Timestamp:
01/25/09 16:37:56 (4 years ago)
Author:
itkz
Message:

fixed bounding error in RTMP body chunk

Location:
lang/c/librtmp
Files:
2 modified

Legend:

Unmodified
Added
Removed

  • lang/c/librtmp/main.c

    r28982 r29007  
    7171        0x2C, 0x30, 0x2C, 0x31, 0x2C, 0x31, 0x32, 0x33, 
    7272        0x00, 0x0C, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 
    73         0x6C, 0x69, 0x74, 0x69, 0x65, 0x73, 0x00, 0x40,// 
     73        0x6C, 0x69, 0x74, 0x69, 0x65, 0x73, 0x00, 0x40, 
    7474        0x3F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    7575        0x00, 0x09, 0x03, 0x00, 0x05, 0x6C, 0x65, 0x76, 
     
    8080        0x6E, 0x2E, 0x43, 0x6F, 0x6E, 0x6E, 0x65, 0x63, 
    8181        0x74, 0x2E, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 
    82         0x73, 0x00, 0x0B, 0x64, 0x65, 0x73, 0x63, 0x72,// 
     82        0x73, 0x00, 0x0B, 0x64, 0x65, 0x73, 0x63, 0x72, 
    8383        0x69, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x02, 0x00, 
    8484        0x15, 0x43, 0x6F, 0x6E, 0x6E, 0x65, 0x63, 0x74, 
     
    102102        rtmp_packet, 
    103103        rtmp_packet_temp, sizeof(rtmp_packet_temp), 
    104         4096, 
     104        AMF_CHANK_SIZE, 
    105105        &outputed_size); 
    106106    printf("analyzed size: %d\n", outputed_size); 

  • lang/c/librtmp/rtmp_packet.c

    r28982 r29007  
    3232 
    3333static void rtmp_packet_cleanup(rtmp_packet_t *packet); 
    34 static unsigned char *rtmp_packet_retrieve_amf( 
    35     unsigned char *amf_chunks, size_t amf_with_chunk_header_size, 
    36     size_t amf_chunk_size, 
    37     size_t *return_amf_size); 
     34static unsigned char *rtmp_packet_retrieve_body( 
     35    unsigned char *amf_chunks, size_t rtmp_body_size, 
     36    size_t amf_chunk_size, int chunk_delimiter_num); 
    3837static size_t rtmp_packet_insert_amf_chunk_header( 
    3938    rtmp_packet_t *packet, 
     
    4443static rtmp_result_t rtmp_packet_amf_analyze( 
    4544    rtmp_packet_t *packet, 
    46     unsigned char *amf_packets_buffer, size_t amf_size); 
     45    unsigned char *amf_packets_buffer, size_t rtmp_body_size); 
    4746 
    4847 
     
    7978 
    8079 
    81 unsigned char *rtmp_packet_retrieve_amf( 
    82     unsigned char *amf_chunks, size_t amf_with_chunk_header_size, 
    83     size_t amf_chunk_size, 
    84     size_t *return_amf_size) 
    85 { 
    86     int chunk_delimiter_num; 
     80unsigned char *rtmp_packet_retrieve_body( 
     81    unsigned char *amf_chunks, size_t rtmp_body_size, 
     82    size_t amf_chunk_size, int chunk_delimiter_num) 
     83{ 
    8784    int amf_size_count; 
    8885    size_t amf_moved_size; 
    89     size_t amf_size; 
    9086    unsigned char *amf_output_buffer; 
    91  
    92     chunk_delimiter_num = 0; 
    93     amf_size_count = amf_with_chunk_header_size - amf_chunk_size; 
    94     while (amf_size_count > 0) { 
    95         chunk_delimiter_num++; 
    96         amf_size_count -= amf_chunk_size + 1; /* 1 is delimiter(0xC3) */ 
    97     } 
    98     amf_size = amf_with_chunk_header_size - chunk_delimiter_num; 
    99     amf_output_buffer = (unsigned char*)malloc(amf_size); 
     87    size_t rtmp_body_with_chunk_delimiter_size; 
     88 
     89    amf_output_buffer = (unsigned char*)malloc(rtmp_body_size); 
    10090    if (amf_output_buffer == NULL) { 
    101         *return_amf_size = 0; 
    10291        return NULL; 
    10392    } 
    10493    amf_size_count = 0; 
    10594    amf_moved_size = 0; 
    106     while (amf_size_count < amf_with_chunk_header_size) { 
    107         int rest = amf_with_chunk_header_size - amf_size_count; 
     95    rtmp_body_with_chunk_delimiter_size = 
     96        rtmp_body_size + chunk_delimiter_num; 
     97    while (amf_size_count < rtmp_body_with_chunk_delimiter_size) { 
     98        int rest = rtmp_body_with_chunk_delimiter_size - amf_size_count; 
    10899        if (rest < amf_chunk_size) { 
    109100            memmove( 
     
    120111        amf_size_count += amf_chunk_size + 1; /* 1 is delimiter(0xC3) */ 
    121112    } 
    122     *return_amf_size = amf_size; 
    123113    return amf_output_buffer; 
    124114} 
     
    133123    int header_size_magic; 
    134124    int header_size; 
    135     size_t amf_with_chunk_header_size; 
     125    size_t rtmp_body_size; 
    136126    unsigned char *amf_chunks; 
    137127    unsigned char *amf_buffer; 
    138     size_t amf_size; 
    139128    rtmp_result_t amf_ret; 
     129    int chunk_delimiter_num; 
     130    int amf_size_count; 
    140131 
    141132    if (data_size == 0) { 
     
    172163    packet->timer = read_be24int(data + 1); 
    173164#ifdef DEBUG 
    174     printf("timer: %d\n", packet->timer); 
     165    printf("timer: %ld\n", packet->timer); 
    175166#endif 
    176167    if (header_size_magic == HEADER_MAGIC_04) { 
     
    183174        return RTMP_ERROR_DIVIDED_PACKET; 
    184175    } 
    185     amf_with_chunk_header_size = read_be24int(data + 4); 
    186 #ifdef DEBUG 
    187     printf("amf_with_chunk_header_size: %d\n", amf_with_chunk_header_size); 
     176    rtmp_body_size = read_be24int(data + 4); 
     177#ifdef DEBUG 
     178    printf("rtmp_body_size: %d\n", rtmp_body_size); 
     179#endif 
     180    chunk_delimiter_num = 0; 
     181    amf_size_count = amf_chunk_size; 
     182    while (amf_size_count < rtmp_body_size) { 
     183        chunk_delimiter_num++; 
     184        amf_size_count -= amf_chunk_size; 
     185    } 
     186#ifdef DEBUG 
     187    printf("chunk_delimiter_num: %d\n", chunk_delimiter_num); 
    188188#endif 
    189189    packet->data_type = data[7]; 
     
    193193    if (header_size_magic == HEADER_MAGIC_08) { 
    194194        header_size = 8; 
    195         if (amf_with_chunk_header_size == 0) { 
     195        if (rtmp_body_size == 0) { 
    196196            *packet_size = 8; 
    197197            return RTMP_SUCCESS; 
     
    205205        header_size = 12; 
    206206        packet->stream_id = read_le32int(data + 8); 
    207         if (amf_with_chunk_header_size == 0) { 
     207        if (rtmp_body_size == 0) { 
    208208            *packet_size = 12; 
    209209            return RTMP_SUCCESS; 
     
    211211        amf_chunks = data + 12; 
    212212    } 
    213     if (header_size + amf_with_chunk_header_size > data_size) { 
     213    if (header_size + rtmp_body_size > data_size) { 
    214214        *packet_size = 0; 
    215215        return RTMP_ERROR_BROKEN_PACKET; 
    216216    } 
    217     *packet_size = header_size + amf_with_chunk_header_size; 
    218  
    219     amf_buffer = rtmp_packet_retrieve_amf( 
    220         amf_chunks, amf_with_chunk_header_size, amf_chunk_size, &amf_size); 
    221     amf_ret = rtmp_packet_amf_analyze(packet, amf_buffer, amf_size); 
     217    *packet_size = header_size + rtmp_body_size; 
     218 
     219    amf_buffer = rtmp_packet_retrieve_body( 
     220        amf_chunks, rtmp_body_size, amf_chunk_size, chunk_delimiter_num); 
     221    amf_ret = rtmp_packet_amf_analyze(packet, amf_buffer, rtmp_body_size); 
    222222    free(amf_buffer); 
    223223 
     
    326326            amf_size - total_serialized_amf_size); 
    327327        if (serialized_amf_size == 0) { 
     328#ifdef DEBUG 
    328329            printf("AMF serialized error!\n"); 
     330#endif 
    329331        } 
    330332        total_serialized_amf_size += serialized_amf_size;