[Gnash-commit] gnash ChangeLog server/vm/ASHandlers.cpp

gnash-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] gnash ChangeLog server/vm/ASHandlers.cpp

From:	Sandro Santilli
Subject:	[Gnash-commit] gnash ChangeLog server/vm/ASHandlers.cpp
Date:	Mon, 08 Jan 2007 14:26:34 +0000

CVSROOT:        /sources/gnash
Module name:    gnash
Changes by:     Sandro Santilli <strk>  07/01/08 14:26:34

Modified files:
        .              : ChangeLog 
        server/vm      : ASHandlers.cpp 

Log message:
                * server/vm/ASHandlers.cpp (ActionDefineFunction2):
                  check consistency of code_size, handling bogus SWF.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.2052&r2=1.2053
http://cvs.savannah.gnu.org/viewcvs/gnash/server/vm/ASHandlers.cpp?cvsroot=gnash&r1=1.24&r2=1.25

Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.2052
retrieving revision 1.2053
diff -u -b -r1.2052 -r1.2053
--- ChangeLog   8 Jan 2007 12:27:14 -0000       1.2052
+++ ChangeLog   8 Jan 2007 14:26:33 -0000       1.2053
@@ -1,5 +1,10 @@
 2007-01-08 Sandro Santilli <address@hidden>
 
+       * server/vm/ASHandlers.cpp (ActionDefineFunction2):
+         check consistency of code_size, handling bogus SWF.
+
+2007-01-08 Sandro Santilli <address@hidden>
+
        * testsuite/actionscript.all/Inheritance.as: added a couple more
          tests to the 'extends' section, curtesy of Zou Lunkai.
        * testsuite/actionscript.all/Function.as: added test for 'this'

Index: server/vm/ASHandlers.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/vm/ASHandlers.cpp,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -b -r1.24 -r1.25
--- server/vm/ASHandlers.cpp    6 Jan 2007 00:23:31 -0000       1.24
+++ server/vm/ASHandlers.cpp    8 Jan 2007 14:26:34 -0000       1.25
@@ -16,7 +16,7 @@
 
 //
 
-/* $Id: ASHandlers.cpp,v 1.24 2007/01/06 00:23:31 strk Exp $ */
+/* $Id: ASHandlers.cpp,v 1.25 2007/01/08 14:26:34 strk Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -2986,8 +2986,24 @@
        }
 
        // Get the length of the actual function code.
-       int16_t code_size = code.read_int16(i);
-       assert( code_size >= 0 );
+       uint16_t code_size = code.read_int16(i);
+
+       // Check code_size value consistency 
+       size_t actionbuf_size = thread.code.size();
+       if ( thread.next_pc+code_size > actionbuf_size )
+       {
+               IF_VERBOSE_MALFORMED_SWF(
+                       log_warning("Malformed SWF: function2 code len (%u) "
+                               "overflows DOACTION tag boundaries "
+                               "(DOACTION tag len=%u, "
+                               "function2 code offset=%u). "
+                               "Forcing code len to eat the whole buffer "
+                               "(would this work?).",
+                               code_size, actionbuf_size, thread.next_pc);
+               );
+               code_size = actionbuf_size-thread.next_pc;
+       }
+
        i += 2;
        func->set_length(code_size);

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-commit] gnash ChangeLog server/vm/ASHandlers.cpp, Sandro Santilli <=
- [Gnash-commit] gnash ChangeLog server/vm/ASHandlers.cpp, Sandro Santilli, 2007/01/15

Prev by Date: Re: [Gnash-commit] gnash ChangeLog server/as_object.h
Next by Date: [Gnash-commit] gnash ChangeLog macros/ffmpeg.m4
Previous by thread: Re: [Gnash-commit] gnash ChangeLog server/as_object.h
Next by thread: [Gnash-commit] gnash ChangeLog server/vm/ASHandlers.cpp
Index(es):
- Date
- Thread