[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash ChangeLog server/swf/PlaceObject2Tag.cpp
|
From: |
Sandro Santilli |
|
Subject: |
[Gnash-commit] gnash ChangeLog server/swf/PlaceObject2Tag.cpp |
|
Date: |
Thu, 08 May 2008 18:19:25 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 08/05/08 18:19:25
Modified files:
. : ChangeLog
server/swf : PlaceObject2Tag.cpp
Log message:
(readPlaceActions): handle malformed swf during events parsing by
keeping
what was read so far. Fixes misc-swfmill.all/zeroframe_definesprite.swf
run.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.6558&r2=1.6559
http://cvs.savannah.gnu.org/viewcvs/gnash/server/swf/PlaceObject2Tag.cpp?cvsroot=gnash&r1=1.42&r2=1.43
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.6558
retrieving revision 1.6559
diff -u -b -r1.6558 -r1.6559
--- ChangeLog 8 May 2008 17:54:52 -0000 1.6558
+++ ChangeLog 8 May 2008 18:19:23 -0000 1.6559
@@ -1,5 +1,11 @@
2008-05-08 Sandro Santilli <address@hidden>
+ * server/swf/PlaceObject2Tag.cpp (readPlaceActions): handle malformed
+ swf during events parsing by keeping what was read so far.
+ Fixes misc-swfmill.all/zeroframe_definesprite.swf run.
+
+2008-05-08 Sandro Santilli <address@hidden>
+
* libmedia/ffmpeg/sound_handler_sdl.cpp: fix default constructor
to actually construct the object instead of corrupting memory;
don't heap-allocate WAV and CHK stuff.
Index: server/swf/PlaceObject2Tag.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/swf/PlaceObject2Tag.cpp,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -b -r1.42 -r1.43
--- server/swf/PlaceObject2Tag.cpp 8 May 2008 08:00:37 -0000 1.42
+++ server/swf/PlaceObject2Tag.cpp 8 May 2008 18:19:24 -0000 1.43
@@ -97,6 +97,15 @@
// Read swf_events.
for (;;)
{
+ // Handle SWF malformations locally, by just prematurely interrupting
+ // parsing of action events.
+ // TODO: a possibly improvement would be using local code for the
+ // equivalent of ensureBytes which has the cost of a function
+ // call for itself plus a repeated useless function call for
+ // get_end_tag_position (which could be cached).
+ //
+ try
+ {
// Read event.
in.align();
@@ -141,9 +150,10 @@
}
// Read the actions for event(s)
- action_buffer* action = new action_buffer(_movie_def); // ownership
will be xferred to _actionBuffers
- _actionBuffers.push_back(action); // take ownership
+ // auto_ptr here prevents leaks on malformed swf
+ std::auto_ptr<action_buffer> action ( new
action_buffer(_movie_def) );
action->read(in, in.get_position()+event_length);
+ _actionBuffers.push_back(action.release()); // take ownership
// If there is no end tag, action_buffer appends a null-terminator,
// and fails this check. As action_buffer should check bounds, we
@@ -192,7 +202,11 @@
{
if (flags & mask)
{
- std::auto_ptr<swf_event> ev ( new swf_event(s_code_bits[i],
*action) );
+ /// Yes, swf_event stores a reference to an element in
_actionBuffers.
+ /// A case of remote ownership, but both swf_event and the
actions
+ /// are owned by this class, so shouldn't be a problem.
+ action_buffer* thisAction = _actionBuffers.back();
+ std::auto_ptr<swf_event> ev ( new
swf_event(s_code_bits[i], *thisAction) );
IF_VERBOSE_PARSE (
log_parse("---- actions for event %s",
ev->event().get_function_name().c_str());
);
@@ -205,6 +219,14 @@
m_event_handlers.push_back(ev.release());
}
}
+ }
+ catch (ParserException& what)
+ {
+ IF_VERBOSE_MALFORMED_SWF(
+ log_swferror(_("Unexpected end of tag while parsing PlaceObject
tag events"));
+ );
+ break;
+ }
} //end of for(;;)
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] gnash ChangeLog server/swf/PlaceObject2Tag.cpp,
Sandro Santilli <=