Re: [Gnash-dev] Crash bug with possible fix

[strk]

On Sun, Nov 12, 2006 at 11:30:07PM -0500, dolphinling wrote:
> I have a file at http://dolphinling.net/gnash/5.swf that crashes gnash. The 
> file was reduced using swftools to the minimum needed to crash from 
> http://images.neopets.com/faerieland/wheel_v1.swf .
> 
> When it crashes it prints the following:
> gnash: edit_text_character.cpp:849: void 
> gnash::edit_text_character::registerTextVariable(const std::string&): 
> Assertion `dynamic_cast<sprite_instance*>(target)' failed.
> Aborted
> 
> Having run through a debugger, it looks like target is null at that point, 
> and as_environment.cpp:find_target() can indeed return null in at least two 
> ways. So it looks like casting null to a sprite_instance* doesn't work.
> 
> The funny thing is, target is non-null before that, and if I comment out 
> the line setting it null, it doesn't crash.

Nothing funny about that, the crash is just the failed assertion(), which
is expected to fail if given a NULL pointer.

> I don't understand all the code, so I don't know if the correct fix is to 
> make find_target() not return null in this case, to null check before 
> setting target, or to remove that line entirely, but null checking seems to 
> work for me, so here's a patch for it.

Well, it seems that the SWF contains a fully-qualified variable name
referencing an unexisting "target" (the path part in a path/variable spec).
If this is the case this would be a malformed SWF. What to do in this case ?
I'd just NOT set the text variable and warn user (IF_VERBOSE_MALFORMED_SWF).

--strk;