[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] gnash server/stream.h server/stream.cpp server/...
|
From: |
Sandro Santilli |
|
Subject: |
[Gnash-commit] gnash server/stream.h server/stream.cpp server/... |
|
Date: |
Thu, 22 Mar 2007 10:33:11 +0000 |
CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 07/03/22 10:33:11
Modified files:
server : stream.h stream.cpp
server/parser : button_character_def.cpp
. : ChangeLog
Log message:
* server/stream.{cpp,h}: fix signedness of integers.
* server/parser/button_character_def.cpp (read):
Survive malformation of button2 events action tags.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/server/stream.h?cvsroot=gnash&r1=1.15&r2=1.16
http://cvs.savannah.gnu.org/viewcvs/gnash/server/stream.cpp?cvsroot=gnash&r1=1.13&r2=1.14
http://cvs.savannah.gnu.org/viewcvs/gnash/server/parser/button_character_def.cpp?cvsroot=gnash&r1=1.9&r2=1.10
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.2670&r2=1.2671
Patches:
Index: server/stream.h
===================================================================
RCS file: /sources/gnash/gnash/server/stream.h,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -b -r1.15 -r1.16
--- server/stream.h 21 Feb 2007 13:22:37 -0000 1.15
+++ server/stream.h 22 Mar 2007 10:33:11 -0000 1.16
@@ -29,13 +29,13 @@
/// Reads a bit-packed unsigned integer from the stream
/// and returns it. The given bitcount determines the
/// number of bits to read.
- int read_uint(int bitcount);
+ unsigned short read_uint(unsigned short bitcount);
/// \brief
/// Reads a bit-packed little-endian signed integer
/// from the stream. The given bitcount determines the
/// number of bits to read.
- int read_sint(int bitcount);
+ int read_sint(unsigned short bitcount);
float read_fixed();
void align();
@@ -46,9 +46,9 @@
int16_t read_s16();
uint32_t read_u32();
int32_t read_s32();
- int read_variable_count()
+ unsigned read_variable_count()
{
- int count = read_u8();
+ unsigned count = read_u8();
if (count == 0xFF)
count = read_u16();
return count;
@@ -96,16 +96,19 @@
void read_string_with_length(unsigned len, std::string& to);
/// Return our current (byte) position in the input stream.
- int get_position();
+ unsigned long get_position();
/// Set the file position to the given value.
- void set_position(int pos);
+ void set_position(unsigned long pos);
/// Return the file position of the end of the current tag.
- int get_tag_end_position();
+ unsigned long get_tag_end_position();
/// Return the length of the current tag.
- int get_tag_length() {
+ //
+ /// should return a 'long' ?
+ ///
+ unsigned get_tag_length() {
return _current_tag_length;
}
@@ -121,7 +124,7 @@
//
/// Note: crossing a tag boundary triggers an error,
/// but I'm not sure we really want this --strk;
- void skip_bytes(unsigned int num)
+ void skip_bytes(unsigned num)
{
// there's probably a better way, but
// it's the interface that counts atm
@@ -136,13 +139,14 @@
}
private:
- int _current_tag_length;
+ // should this be long ?
+ unsigned _current_tag_length;
tu_file* m_input;
uint8_t m_current_byte;
uint8_t m_unused_bits;
- std::vector<int> m_tag_stack; // position of end of
tag
+ std::vector<unsigned long> m_tag_stack; // position of end of
tag
};
Index: server/stream.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/stream.cpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- server/stream.cpp 15 Feb 2007 11:49:29 -0000 1.13
+++ server/stream.cpp 22 Mar 2007 10:33:11 -0000 1.14
@@ -50,13 +50,13 @@
// }
- int stream::read_uint(int bitcount)
+ unsigned short stream::read_uint(unsigned short bitcount)
{
assert(bitcount <= 32 && bitcount >= 0);
uint32_t value = 0;
- int bits_needed = bitcount;
+ unsigned short bits_needed = bitcount;
while (bits_needed > 0)
{
if (m_unused_bits) {
@@ -93,11 +93,11 @@
}
- int stream::read_sint(int bitcount)
+ int stream::read_sint(unsigned short bitcount)
{
assert(bitcount <= 32 && bitcount >= 0);
- int32_t value = (int32_t) read_uint(bitcount);
+ int32_t value = int32_t(read_uint(bitcount));
// Sign extend...
if (value & (1 << (bitcount - 1))) {
@@ -224,20 +224,20 @@
}
- int stream::get_position()
+ unsigned long stream::get_position()
{
return m_input->get_position();
}
- void stream::set_position(int pos)
+ void stream::set_position(unsigned long pos)
{
align();
// If we're in a tag, make sure we're not seeking outside the
tag.
if (m_tag_stack.size() > 0)
{
- int end_pos = m_tag_stack.back();
+ unsigned long end_pos = m_tag_stack.back();
assert(pos <= end_pos);
end_pos = end_pos; // inhibit warning
// @@ check start pos somehow???
@@ -248,7 +248,7 @@
}
- int stream::get_tag_end_position()
+ unsigned long stream::get_tag_end_position()
{
assert(m_tag_stack.size() > 0);
@@ -284,7 +284,7 @@
void stream::close_tag()
{
assert(m_tag_stack.size() > 0);
- int end_pos = m_tag_stack.back();
+ unsigned long end_pos = m_tag_stack.back();
m_tag_stack.pop_back();
m_input->set_position(end_pos);
Index: server/parser/button_character_def.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/parser/button_character_def.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- server/parser/button_character_def.cpp 27 Feb 2007 09:10:20 -0000
1.9
+++ server/parser/button_character_def.cpp 22 Mar 2007 10:33:11 -0000
1.10
@@ -233,8 +233,8 @@
// (this is a single bit, the other 7 bits are reserved)
m_menu = in->read_u8() != 0;
- int button_2_action_offset = in->read_u16();
- int next_action_pos = in->get_position() +
button_2_action_offset - 2;
+ unsigned button_2_action_offset = in->read_u16();
+ unsigned next_action_pos = in->get_position() +
button_2_action_offset - 2;
// Read button records.
for (;;)
@@ -254,31 +254,45 @@
}
}
- if (button_2_action_offset > 0)
+ if ( next_action_pos >= in->get_tag_end_position() )
{
+ IF_VERBOSE_MALFORMED_SWF(
+ log_swferror("Next Button2 actionOffset (%u) points
past the end of tag", button_2_action_offset);
+ );
+ return;
+ }
+
in->set_position(next_action_pos);
// Read Button2ActionConditions
for (;;)
{
- int next_action_offset = in->read_u16();
+ unsigned next_action_offset = in->read_u16();
next_action_pos = in->get_position() +
next_action_offset - 2;
m_button_actions.resize(m_button_actions.size()
+ 1);
m_button_actions.back().read(in, tag_type);
- if (next_action_offset == 0
- || in->get_position() >=
in->get_tag_end_position())
+ if (next_action_offset == 0 )
{
// done.
break;
}
+ //was: in->get_position() >= in->get_tag_end_position()
+ if ( next_action_pos >= in->get_tag_end_position() )
+ {
+ IF_VERBOSE_MALFORMED_SWF(
+ log_swferror("Next action offset (%u) in
Button2ActionConditions points past the end of tag",
+ next_action_offset);
+ );
+ break;
+ }
+
// seek to next action.
in->set_position(next_action_pos);
}
}
- }
// detect min/max layer number
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.2670
retrieving revision 1.2671
diff -u -b -r1.2670 -r1.2671
--- ChangeLog 22 Mar 2007 08:45:51 -0000 1.2670
+++ ChangeLog 22 Mar 2007 10:33:11 -0000 1.2671
@@ -1,5 +1,11 @@
2007-03-22 Sandro Santilli <address@hidden>
+ * server/stream.{cpp,h}: fix signedness of integers.
+ * server/parser/button_character_def.cpp (read):
+ Survive malformation of button2 events action tags.
+
+2007-03-22 Sandro Santilli <address@hidden>
+
* server/as_value.{h,cpp}: drop all methods transparently
calling to_number w/out passing an as_environment.
* server/asobj/Global.cpp, server/asobj/xml.cpp,
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] gnash server/stream.h server/stream.cpp server/...,
Sandro Santilli <=