[Gnash-commit] /srv/bzr/gnash/trunk r11256: Fixed invalid write

gnash-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] /srv/bzr/gnash/trunk r11256: Fixed invalid write

From:	Bob Naugle
Subject:	[Gnash-commit] /srv/bzr/gnash/trunk r11256: Fixed invalid write
Date:	Tue, 14 Jul 2009 13:08:54 -0600
User-agent:	Bazaar (1.13.1)

------------------------------------------------------------
revno: 11256
committer: Bob Naugle <address@hidden>
branch nick: trunk
timestamp: Tue 2009-07-14 13:08:54 -0600
message:
  Fixed invalid write
modified:
  libcore/TextField.cpp

=== modified file 'libcore/TextField.cpp'
--- a/libcore/TextField.cpp     2009-07-14 18:17:28 +0000
+++ b/libcore/TextField.cpp     2009-07-14 19:08:54 +0000
@@ -1442,6 +1442,8 @@
        int current_line;
        int last_visible_line = _top_visible_line + _linesindisplay;
        int linestart = 0;
+       size_t manylines = _line_starts.size();
+       size_t manyrecords = _textRecords.size();
        SWF::TextRecord cursorposition_line;
        while(linestartit != linestartsend && *linestartit <= m_cursor) {
                linestart = *linestartit++;
@@ -1451,13 +1453,13 @@
        ///compute the lines to display
        ///this whole section could probably use some optimization!!!
        //if ( autoSize == autoSizeNone ) {
-               int manylines = _line_starts.size();
                if (manylines - _top_visible_line <= _linesindisplay) {
                        if(manylines - _linesindisplay <= 0)
                                _top_visible_line = 0;
                        else
                                _top_visible_line = manylines - _linesindisplay;
                ///if we are at a higher position, scoot the lines down
+               //INVALID READ - Conditional jump or move depends on 
uninitialised value(s)
                } else if ( m_cursor < (_line_starts[_top_visible_line]) ) {
                        _top_visible_line -= _top_visible_line-(current_line);
                ///if we are at a lower position, scoot the lines up
@@ -1467,8 +1469,8 @@
                        }
                }
     //}
-       for(unsigned int i = 0; i < _line_starts.size(); ++i) {
-               _textRecords[i].setYOffset((i-_top_visible_line)*(fontHeight + 
leading) + (PADDING_TWIPS + fontHeight + (fontLeading - fontDescent)));
+       for(unsigned int i = 0; i < manyrecords; ++i) {
+               
_textRecords[i].setYOffset(static_cast<float>((i-_top_visible_line)*(fontHeight 
+ leading) + (PADDING_TWIPS + fontHeight + (fontLeading - fontDescent))));
        }
 
     float extra_space = align_line(textAlignment, last_line_start_record, x);
@@ -1476,6 +1478,7 @@
        if ( --current_line < _textRecords.size() ) {
                cursorposition_line = _textRecords[current_line];
                for ( unsigned int i = linestart; i < m_cursor; ++i ) {
+                       //INVALID READ
                        m_xcursor += 
cursorposition_line.glyphs()[i-linestart].advance;
                }
        }

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-commit] /srv/bzr/gnash/trunk r11256: Fixed invalid write, Bob Naugle <=

Prev by Date: [Gnash-commit] /srv/bzr/gnash/trunk r11255: late fixes to TextField:
Next by Date: [Gnash-commit] /srv/bzr/gnash/trunk r11258: Moved data structure into anonymous namespace where it should have been in the first place.
Previous by thread: [Gnash-commit] /srv/bzr/gnash/trunk r11255: late fixes to TextField:
Next by thread: [Gnash-commit] /srv/bzr/gnash/trunk r11258: Moved data structure into anonymous namespace where it should have been in the first place.
Index(es):
- Date
- Thread