gnash-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] /srv/bzr/gnash/trunk r10892: Fix memory fault in SWF::ABC

From: Sandro Santilli
Subject: [Gnash-commit] /srv/bzr/gnash/trunk r10892: Fix memory fault in SWF::ABC_ACTION_SETSLOT handler, exposed by testsuite/as3/basic.swf
Date: Wed, 20 May 2009 11:02:46 +0200
User-agent: Bazaar (1.13.1) 
------------------------------------------------------------
revno: 10892
committer: Sandro Santilli <address@hidden>
branch nick: trunk
timestamp: Wed 2009-05-20 11:02:46 +0200
message:
  Fix memory fault in SWF::ABC_ACTION_SETSLOT handler, exposed by 
testsuite/as3/basic.swf
modified:
  libcore/vm/Machine.cpp

=== modified file 'libcore/vm/Machine.cpp'
--- a/libcore/vm/Machine.cpp    2009-05-19 15:55:16 +0000
+++ b/libcore/vm/Machine.cpp    2009-05-20 09:02:46 +0000
@@ -1766,15 +1766,31 @@
                boost::uint32_t sindex = mStream->read_V32();
                as_value value = pop_stack();
                as_value object = pop_stack();
-               //We use sindex + 1, because currently as_object sets a 
property at a slot index
-               //1 higher than the index the abc_block thinks the property is 
at.
-               if (!object.to_object().get()->set_member_slot(sindex+1,value)) 
{
-                       log_abc("Failed to set property at real_slot=%u 
abc_slot=%u",sindex+1,sindex);
-               }
-               else{
-                       log_abc("Set property at real_slot=%u 
abc_slot=%u",sindex+1,sindex);
-               }
-               //TODO: Actually set the object's value.
+
+        as_object* obj = object.to_object().get();
+        if ( ! obj )
+        {
+            IF_VERBOSE_ASCODING_ERRORS(
+            log_aserror(_("ABC_ACTION_SETSLOT: "
+                "unexpected non-object stack value %s"), object);
+            );
+            break;
+        }
+
+               // We use sindex + 1, because currently as_object sets a 
property
+        // at a slot index 1 higher than the index the abc_block thinks the
+        // property is at.
+               if ( ! obj->set_member_slot(sindex+1, value) )
+        {
+                       log_abc("Failed to set property at "
+                    "real_slot=%u abc_slot=%u", sindex+1, sindex);
+               }
+               else
+        {
+                       log_abc("Set property at real_slot=%u abc_slot=%u",
+                    sindex+1, sindex);
+               }
+
                break;
        }
 /// 0x6E ABC_ACTION_GETGLOBALSLOT
reply via email to
[Prev in Thread] Current Thread [Next in Thread]