[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash ChangeLog server/stream.cpp
|
From: |
Benjamin Wolsey |
|
Subject: |
[Gnash-commit] gnash ChangeLog server/stream.cpp |
|
Date: |
Thu, 14 Feb 2008 16:00:56 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Benjamin Wolsey <bwy> 08/02/14 16:00:55
Modified files:
. : ChangeLog
server : stream.cpp
Log message:
* server/stream.cpp: throw parser exception in
stream::open_tag() if
reported tag length is negative. Fixes assertion failures in
zlib adapter.
zlib adapter uses an int to seek, which is taken from
_tagBoundsStack.back().second,
an unsigned long. This fixes one case when
_tagBoundsStack.back().second is too
big for an int (an unsigned long created from a negative value), but
there
are potentially others.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.5649&r2=1.5650
http://cvs.savannah.gnu.org/viewcvs/gnash/server/stream.cpp?cvsroot=gnash&r1=1.44&r2=1.45
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.5649
retrieving revision 1.5650
diff -u -b -r1.5649 -r1.5650
--- ChangeLog 14 Feb 2008 15:09:52 -0000 1.5649
+++ ChangeLog 14 Feb 2008 16:00:54 -0000 1.5650
@@ -1,3 +1,9 @@
+2008-02-14 Benjamin Wolsey <address@hidden>
+
+ * server/stream.cpp: throw parser exception in stream::open_tag() if
+ reported tag length is negative. Fixes assertion failures in
+ zlib adapter.
+
2008-02-14 Rob Savoye <address@hidden>
* utilities/dumpshm.cpp: Use struct shmid_ds instead of the
Index: server/stream.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/stream.cpp,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -b -r1.44 -r1.45
--- server/stream.cpp 12 Feb 2008 16:48:38 -0000 1.44
+++ server/stream.cpp 14 Feb 2008 16:00:55 -0000 1.45
@@ -399,20 +399,26 @@
unsigned long tagStart=get_position();
- int tag_header = read_u16();
- int tag_type = tag_header >> 6;
- int tag_length = tag_header & 0x3F;
+ int tagHeader = read_u16();
+ int tagType = tagHeader >> 6;
+ int tagLength = tagHeader & 0x3F;
assert(m_unused_bits == 0);
- if (tag_length == 0x3F) {
- tag_length = read_u32();
+
+ if (tagLength == 0x3F) {
+ tagLength = read_u32();
+ }
+
+ if (tagLength < 0)
+ {
+ throw ParserException(_("Negative tag length reported."));
}
- if ( tag_length > 1024*64 )
+ if ( tagLength > 1024*64 )
{
- log_debug("Tag %d has a size of %d bytes !!", tag_type,
tag_length);
+ log_debug("Tag %d has a size of %d bytes !!", tagType,
tagLength);
}
- unsigned long tagEnd = get_position()+tag_length;
+ unsigned long tagEnd = get_position() + tagLength;
if ( ! _tagBoundsStack.empty() )
{
@@ -422,7 +428,7 @@
{
unsigned long containerTagStart =
_tagBoundsStack.back().first;
std::stringstream ss;
- ss << "Tag " << tag_type << " starting at offset " <<
tagStart
+ ss << "Tag " << tagType << " starting at offset " <<
tagStart
<< " is advertised to end at offset " << tagEnd
<< " which is after end of previously opened tag
starting "
<< " at offset " << containerTagStart
@@ -442,10 +448,10 @@
IF_VERBOSE_PARSE (
log_parse("SWF[%lu]: tag type = %d, tag length = %d, end tag =
%lu",
- tagStart, tag_type, tag_length, tagEnd);
+ tagStart, tagType, tagLength, tagEnd);
);
- return static_cast<SWF::tag_type>(tag_type);
+ return static_cast<SWF::tag_type>(tagType);
}
- [Gnash-commit] gnash ChangeLog server/stream.cpp,
Benjamin Wolsey <=