[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash ChangeLog server/swf/tag_loaders.cpp serv...
|
From: |
Benjamin Wolsey |
|
Subject: |
[Gnash-commit] gnash ChangeLog server/swf/tag_loaders.cpp serv... |
|
Date: |
Tue, 03 Jun 2008 08:35:05 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Benjamin Wolsey <bwy> 08/06/03 08:35:05
Modified files:
. : ChangeLog
server/swf : tag_loaders.cpp StreamSoundBlockTag.cpp
server/parser : video_stream_def.cpp
Log message:
* server/swf/tag_loaders.cpp,
server/swf/StreamSoundBlockTag.cpp,
server/parser/video_stream_def.cpp: check return of
stream::read()
and throw parser exception if it's shorter than expected
(means
the reported tag end position was outside the stream).
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.6783&r2=1.6784
http://cvs.savannah.gnu.org/viewcvs/gnash/server/swf/tag_loaders.cpp?cvsroot=gnash&r1=1.202&r2=1.203
http://cvs.savannah.gnu.org/viewcvs/gnash/server/swf/StreamSoundBlockTag.cpp?cvsroot=gnash&r1=1.1&r2=1.2
http://cvs.savannah.gnu.org/viewcvs/gnash/server/parser/video_stream_def.cpp?cvsroot=gnash&r1=1.45&r2=1.46
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.6783
retrieving revision 1.6784
diff -u -b -r1.6783 -r1.6784
--- ChangeLog 3 Jun 2008 08:30:06 -0000 1.6783
+++ ChangeLog 3 Jun 2008 08:35:04 -0000 1.6784
@@ -7,6 +7,10 @@
* server/swf/DoInitActionTag.h, server/swf/RemoveObjectTag.cpp,
server/swf/DefineFontAlignZonesTag.cpp: missing ensureBytes,
drop gnashconfig.h include.
+ * server/swf/tag_loaders.cpp, server/swf/StreamSoundBlockTag.cpp,
+ server/parser/video_stream_def.cpp: check return of stream::read()
+ and throw parser exception if it's shorter than expected (means
+ the reported tag end position was outside the stream).
2008-06-03 Benjamin Wolsey <address@hidden>
Index: server/swf/tag_loaders.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/swf/tag_loaders.cpp,v
retrieving revision 1.202
retrieving revision 1.203
diff -u -b -r1.202 -r1.203
--- server/swf/tag_loaders.cpp 30 May 2008 20:23:51 -0000 1.202
+++ server/swf/tag_loaders.cpp 3 Jun 2008 08:35:05 -0000 1.203
@@ -1170,12 +1170,6 @@
// Sound
//
-// Forward declaration
-/*static void sound_expand(stream *in, media::sound_handler::format_type
&format,
- bool sample_16bit, bool stereo, unsigned int &sample_count,
- unsigned char* &data, unsigned &data_bytes);
-*/
-
// Common data
/// Sample rate table for DEFINESOUNDHEAD tags
@@ -1258,12 +1252,17 @@
{
// First it is the amount of data from file,
// then the amount allocated at *data (it may grow)
- unsigned data_bytes = in->get_tag_end_position() -
in->get_position();
- unsigned char *data = new unsigned char[data_bytes];
+ const unsigned dataLength = in->get_tag_end_position() -
in->get_position();
+ unsigned char *data = new unsigned char[dataLength];
- // data_bytes is already calculated from the end of the tag, which
+ // dataLength is already calculated from the end of the tag, which
// should be inside the end of the file. TODO: check that this is tha
case.
- in->read((char*)data, data_bytes);
+ const unsigned int bytesRead =
in->read(reinterpret_cast<char*>(data), dataLength);
+
+ if (bytesRead < dataLength)
+ {
+ throw ParserException(_("Tag boundary reported past end of
stream!"));
+ }
// Store all the data in a SoundInfo object
std::auto_ptr<media::SoundInfo> sinfo;
@@ -1272,7 +1271,7 @@
// Stores the sounddata in the soundhandler, and the ID returned
// can be used to starting, stopping and deleting that sound
// NOTE: ownership of 'data' is transferred to the sound hanlder
- int handler_id = handler->create_sound(data, data_bytes, sinfo);
+ int handler_id = handler->create_sound(data, dataLength, sinfo);
if (handler_id >= 0)
{
Index: server/swf/StreamSoundBlockTag.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/swf/StreamSoundBlockTag.cpp,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- server/swf/StreamSoundBlockTag.cpp 30 Apr 2008 12:21:35 -0000 1.1
+++ server/swf/StreamSoundBlockTag.cpp 3 Jun 2008 08:35:05 -0000 1.2
@@ -18,10 +18,6 @@
//
-#ifdef HAVE_CONFIG_H
-#include "gnashconfig.h"
-#endif
-
#include "StreamSoundBlockTag.h"
#include "sound_handler.h"
#include "movie_definition.h" // for addControlTag
@@ -91,8 +87,8 @@
LOG_ONCE ( if ( seekSamples ) log_unimpl("MP3 soundblock seek samples")
);
}
- unsigned int data_bytes = in->get_tag_end_position() - in->get_position();
- if ( ! data_bytes )
+ const unsigned int dataLength = in->get_tag_end_position() -
in->get_position();
+ if ( ! dataLength )
{
IF_VERBOSE_MALFORMED_SWF(
LOG_ONCE( log_swferror("Empty SOUNDSTREAMBLOCK tag, seems common waste
of space") );
@@ -100,15 +96,20 @@
return;
}
- unsigned char *data = new unsigned char[data_bytes];
- in->read((char*)data, data_bytes);
+ unsigned char *data = new unsigned char[dataLength];
+ const unsigned int bytesRead = in->read(reinterpret_cast<char*>(data),
dataLength);
+
+ if (bytesRead < dataLength)
+ {
+ throw ParserException(_("Tag boundary reported past end of stream!"));
+ }
// Fill the data on the apropiate sound, and receives the starting point
// for later "start playing from this frame" events.
//
// ownership of 'data' is transferred here
//
- long start = handler->fill_stream_data(data, data_bytes, sample_count,
handle_id);
+ long start = handler->fill_stream_data(data, dataLength, sample_count,
handle_id);
// TODO: log_parse ?
Index: server/parser/video_stream_def.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/parser/video_stream_def.cpp,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -b -r1.45 -r1.46
--- server/parser/video_stream_def.cpp 22 Apr 2008 03:16:00 -0000 1.45
+++ server/parser/video_stream_def.cpp 3 Jun 2008 08:35:05 -0000 1.46
@@ -107,21 +107,27 @@
unsigned int frameNum = in->read_u16(); // in->skip_bytes(2);
if ( m->get_loading_frame() != frameNum )
{
- log_debug("frameNum field in tag is %d, currently loading frame
is "SIZET_FMT", we'll use the latter.",
+ log_debug("frameNum field in tag is %d, currently loading frame
is %d, we'll use the latter.",
frameNum, m->get_loading_frame());
frameNum = m->get_loading_frame();
}
- unsigned int dataSize = in->get_tag_end_position() - in->get_position();
+ const unsigned int dataLength = in->get_tag_end_position() -
in->get_position();
- boost::uint8_t* buffer = new uint8_t[dataSize + 8]; // FIXME: catch
bad_alloc
+ boost::uint8_t* buffer = new uint8_t[dataLength + 8]; // FIXME: catch
bad_alloc
- size_t bytesread = in->read((char*)buffer, dataSize);
- memset(buffer+bytesread, 0, 8);
+ const size_t bytesRead = in->read(reinterpret_cast<char*>(buffer),
dataLength);
+
+ if (bytesRead < dataLength)
+ {
+ throw ParserException(_("Tag boundary reported past end of stream!"));
+ }
+
+ memset(buffer + bytesRead, 0, 8);
using namespace media;
- EncodedVideoFrame* frame = new EncodedVideoFrame(buffer, dataSize,
frameNum);
+ EncodedVideoFrame* frame = new EncodedVideoFrame(buffer, dataLength,
frameNum);
boost::mutex::scoped_lock lock(_video_mutex);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] gnash ChangeLog server/swf/tag_loaders.cpp serv...,
Benjamin Wolsey <=