[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash ChangeLog server/stream.cpp
From: |
Benjamin Wolsey |
Subject: |
[Gnash-commit] gnash ChangeLog server/stream.cpp |
Date: |
Thu, 14 Feb 2008 17:49:12 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Benjamin Wolsey <bwy> 08/02/14 17:49:12
Modified files:
. : ChangeLog
server : stream.cpp
Log message:
* server/stream.cpp: also check for overflow of a signed int to
keep
tu_file happy.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.5651&r2=1.5652
http://cvs.savannah.gnu.org/viewcvs/gnash/server/stream.cpp?cvsroot=gnash&r1=1.45&r2=1.46
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.5651
retrieving revision 1.5652
diff -u -b -r1.5651 -r1.5652
--- ChangeLog 14 Feb 2008 16:38:12 -0000 1.5651
+++ ChangeLog 14 Feb 2008 17:49:12 -0000 1.5652
@@ -1,3 +1,8 @@
+2008-02-14 Benjamin Wolsey <address@hidden>
+
+ * server/stream.cpp: also check for overflow of a signed int to keep
+ tu_file happy.
+
2008-02-14 Sandro Santilli <address@hidden>
* server/parser/BitmapMovieDefinition.{cpp,h}:
Index: server/stream.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/stream.cpp,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -b -r1.45 -r1.46
--- server/stream.cpp 14 Feb 2008 16:00:55 -0000 1.45
+++ server/stream.cpp 14 Feb 2008 17:49:12 -0000 1.46
@@ -24,8 +24,8 @@
#include "tu_file.h"
#include "swf.h"
#include "Property.h"
-
#include <cstring>
+#include <climits>
//#include <iostream> // debugging only
//#define USE_TU_FILE_BYTESWAPPING 1
@@ -397,20 +397,21 @@
{
align();
- unsigned long tagStart=get_position();
+ unsigned long tagStart = get_position();
int tagHeader = read_u16();
int tagType = tagHeader >> 6;
int tagLength = tagHeader & 0x3F;
assert(m_unused_bits == 0);
- if (tagLength == 0x3F) {
+ if (tagLength == 0x3F)
+ {
tagLength = read_u32();
}
if (tagLength < 0)
{
- throw ParserException(_("Negative tag length reported."));
+ throw ParserException("Negative tag length advertised.");
}
if ( tagLength > 1024*64 )
@@ -420,6 +421,19 @@
unsigned long tagEnd = get_position() + tagLength;
+ // Check end position doesn't overflow a signed int - that makes
+ // zlib adapter's inflate_seek(int pos, void* appdata) unhappy.
+ // The cast stops compiler warnings. We know it's a positive number.
+ // TODO: make tu_file take a long instead of an int.
+ // TODO: check against stream length.
+ if (tagEnd > static_cast<unsigned int>(std::numeric_limits<signed
int>::max()))
+ {
+ std::stringstream ss;
+ ss << "Invalid tag end position " << tagEnd << " advertised
(tag length "
+ << tagLength << ").";
+ throw ParserException(ss.str().c_str());
+ }
+
if ( ! _tagBoundsStack.empty() )
{
// check that this tag doesn't cross containing tag bounds