[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash ChangeLog server/swf.h server/parser/acti...
From: |
Sandro Santilli |
Subject: |
[Gnash-commit] gnash ChangeLog server/swf.h server/parser/acti... |
Date: |
Wed, 28 Feb 2007 09:46:48 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 07/02/28 09:46:48
Modified files:
. : ChangeLog
server : swf.h
server/parser : action_buffer.cpp action_buffer.h
server/vm : ActionExec.cpp ActionExec.h
Log message:
* server/swf.h: add reference to ActionConstantPool
description
* server/parser/action_buffer.h (read_int16):
Use int16_t type, not 'int'.
* server/parser/action_buffer.cpp (process_decl_dict):
Use int16_t type, not 'int'.
* server/vm/ActionExec.{cpp,h} (operator()):
Additional SWF consistency check for action 'length'
field.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.2490&r2=1.2491
http://cvs.savannah.gnu.org/viewcvs/gnash/server/swf.h?cvsroot=gnash&r1=1.26&r2=1.27
http://cvs.savannah.gnu.org/viewcvs/gnash/server/parser/action_buffer.cpp?cvsroot=gnash&r1=1.13&r2=1.14
http://cvs.savannah.gnu.org/viewcvs/gnash/server/parser/action_buffer.h?cvsroot=gnash&r1=1.11&r2=1.12
http://cvs.savannah.gnu.org/viewcvs/gnash/server/vm/ActionExec.cpp?cvsroot=gnash&r1=1.20&r2=1.21
http://cvs.savannah.gnu.org/viewcvs/gnash/server/vm/ActionExec.h?cvsroot=gnash&r1=1.11&r2=1.12
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.2490
retrieving revision 1.2491
diff -u -b -r1.2490 -r1.2491
--- ChangeLog 28 Feb 2007 08:19:19 -0000 1.2490
+++ ChangeLog 28 Feb 2007 09:46:48 -0000 1.2491
@@ -1,5 +1,19 @@
2007-02-28 Sandro Santilli <address@hidden>
+ * server/swf.h: add reference to ActionConstantPool
+ description
+ * server/parser/action_buffer.h (read_int16):
+ Use int16_t type, not 'int'.
+ * server/parser/action_buffer.cpp (process_decl_dict):
+ Use int16_t type, not 'int'.
+ * server/vm/ActionExec.{cpp,h} (operator()):
+ Additional SWF consistency check for action 'length'
+ field.
+
+2007-02-28 Sandro Santilli <address@hidden>
+
+ * server/vm/ActionExec.{cpp,h}: Survive malformed
+ SWF containing
* server/as_function.cpp: fix Function.apply()
and Function.call() to correctly fetch the
'this' pointer (ie: not accessing the stack
Index: server/swf.h
===================================================================
RCS file: /sources/gnash/gnash/server/swf.h,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -b -r1.26 -r1.27
--- server/swf.h 11 Feb 2007 12:47:03 -0000 1.26
+++ server/swf.h 28 Feb 2007 09:46:48 -0000 1.27
@@ -395,6 +395,8 @@
///
ACTION_EXTENDS = 0x69,
+ /// See:
+ /// http://sswf.sourceforge.net/SWFalexref.html#action_declare_dictionary
ACTION_CONSTANTPOOL = 0x88,
Index: server/parser/action_buffer.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/parser/action_buffer.cpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- server/parser/action_buffer.cpp 6 Feb 2007 17:46:25 -0000 1.13
+++ server/parser/action_buffer.cpp 28 Feb 2007 09:46:48 -0000 1.14
@@ -14,7 +14,7 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-/* $Id: action_buffer.cpp,v 1.13 2007/02/06 17:46:25 rsavoye Exp $ */
+/* $Id: action_buffer.cpp,v 1.14 2007/02/28 09:46:48 strk Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -113,8 +113,8 @@
// Actual processing.
size_t i = start_pc;
- int16 length = read_int16(i+1);
- int16 count = read_int16(i+3);
+ uint16_t length = uint16_t(read_int16(i+1));
+ uint16 count = uint16_t(read_int16(i+3));
i += 2;
//log_msg("Start at %d, stop at %d, length read was %d, count read was %d",
start_pc, stop_pc, length, count);
Index: server/parser/action_buffer.h
===================================================================
RCS file: /sources/gnash/gnash/server/parser/action_buffer.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- server/parser/action_buffer.h 7 Feb 2007 17:38:56 -0000 1.11
+++ server/parser/action_buffer.h 28 Feb 2007 09:46:48 -0000 1.12
@@ -144,7 +144,7 @@
///
int16_t read_int16(size_t pc) const
{
- int ret = m_buffer[pc] | (m_buffer[pc + 1] << 8);
+ int16_t ret = m_buffer[pc] | (m_buffer[pc + 1] << 8);
return ret;
}
Index: server/vm/ActionExec.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/vm/ActionExec.cpp,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -b -r1.20 -r1.21
--- server/vm/ActionExec.cpp 20 Feb 2007 20:05:41 -0000 1.20
+++ server/vm/ActionExec.cpp 28 Feb 2007 09:46:48 -0000 1.21
@@ -14,7 +14,7 @@
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-/* $Id: ActionExec.cpp,v 1.20 2007/02/20 20:05:41 strk Exp $ */
+/* $Id: ActionExec.cpp,v 1.21 2007/02/28 09:46:48 strk Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -25,6 +25,7 @@
#include "swf_function.h"
#include "log.h"
#include "VM.h"
+#include "GnashException.h"
#include "swf.h"
#include "ASHandlers.h"
@@ -167,9 +168,24 @@
next_pc = pc+1;
} else {
// action with extra data
- int16_t length = code.read_int16(pc+1);
- assert( length >= 0 );
+ uint16_t length = uint16_t(code.read_int16(pc+1));
next_pc = pc + length + 3;
+ if ( next_pc > stop_pc )
+ {
+ IF_VERBOSE_MALFORMED_SWF(
+ std::stringstream ss;
+ ss << "Length " << length << " (" << (int)length << ")
of action tag"
+ << " id " << (unsigned)action_id
+ << " at pc " << pc
+ << " overflows actions buffer size "
+ << stop_pc;
+ //throw ActionException(ss.str());;
+ log_swferror("%s", ss.str().c_str());
+ );
+ // Give this action handler a chance anyway.
+ // Maybe it will be able to do something about
+ // this anyway..
+ }
}
// Do we still need this ?
Index: server/vm/ActionExec.h
===================================================================
RCS file: /sources/gnash/gnash/server/vm/ActionExec.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -b -r1.11 -r1.12
--- server/vm/ActionExec.h 20 Feb 2007 20:05:41 -0000 1.11
+++ server/vm/ActionExec.h 28 Feb 2007 09:46:48 -0000 1.12
@@ -1,5 +1,5 @@
//
-// Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+// Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] gnash ChangeLog server/swf.h server/parser/acti...,
Sandro Santilli <=