[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash ChangeLog server/stream.cpp
|
From: |
Sandro Santilli |
|
Subject: |
[Gnash-commit] gnash ChangeLog server/stream.cpp |
|
Date: |
Mon, 03 Dec 2007 14:31:52 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 07/12/03 14:31:52
Modified files:
. : ChangeLog
server : stream.cpp
Log message:
don't trust a tag advertising to go past end of it's containing tag.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.5066&r2=1.5067
http://cvs.savannah.gnu.org/viewcvs/gnash/server/stream.cpp?cvsroot=gnash&r1=1.35&r2=1.36
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.5066
retrieving revision 1.5067
diff -u -b -r1.5066 -r1.5067
--- ChangeLog 3 Dec 2007 12:37:28 -0000 1.5066
+++ ChangeLog 3 Dec 2007 14:31:51 -0000 1.5067
@@ -1,3 +1,7 @@
+2007-12-03 Sandro Santilli <address@hidden>
+
+ * server/stream.cpp (open_tag): don't trust a tag advertising
+ to go past end of it's containing tag.
2007-12-03 Sandro Santilli <address@hidden>
Index: server/stream.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/stream.cpp,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -b -r1.35 -r1.36
--- server/stream.cpp 3 Dec 2007 12:33:32 -0000 1.35
+++ server/stream.cpp 3 Dec 2007 14:31:52 -0000 1.36
@@ -425,7 +425,7 @@
{
align();
- unsigned long offset=get_position();
+ unsigned long tagStart=get_position();
int tag_header = read_u16();
int tag_type = tag_header >> 6;
@@ -440,13 +440,37 @@
log_debug("Tag %d has a size of %d bytes !!", tag_type,
tag_length);
}
+ unsigned long tagEnd = get_position()+tag_length;
+
+ if ( ! _tagBoundsStack.empty() )
+ {
+ // check that this tag doesn't cross containing tag
bounds
+ unsigned long containerTagEnd =
_tagBoundsStack.back().second;
+ if ( tagEnd > containerTagEnd )
+ {
+ unsigned long containerTagStart =
_tagBoundsStack.back().first;
+ std::stringstream ss;
+ ss << "Tag " << tag_type << " starting at
offset " << tagStart
+ << " is advertised to end at offset " <<
tagEnd
+ << " which is after end of previously opened
tag starting "
+ << " at offset " << containerTagStart
+ << " and ending at offset " <<
containerTagEnd << "."
+ << " Making it end where container tag
ends.";
+ log_swferror("%s", ss.str().c_str());
+
+ // what to do now ?
+ tagEnd = containerTagEnd;
+ //throw ParserException(ss.str());
+ }
+ }
+
// Remember where the end of the tag is, so we can
// fast-forward past it when we're done reading it.
- _tagBoundsStack.push_back(std::make_pair(offset, get_position()
+ tag_length));
+ _tagBoundsStack.push_back(std::make_pair(tagStart, tagEnd));
IF_VERBOSE_PARSE (
log_parse("SWF[%lu]: tag type = %d, tag length = %d,
end tag = %lu",
- offset, tag_type, tag_length,
_tagBoundsStack.back().second);
+ tagStart, tag_type, tag_length, tagEnd);
);
return static_cast<SWF::tag_type>(tag_type);
- [Gnash-commit] gnash ChangeLog server/stream.cpp,
Sandro Santilli <=