[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-
|
From: |
Sandro Santilli |
|
Subject: |
[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-2171-ge8c2a2e |
|
Date: |
Mon, 22 Dec 2014 11:19:51 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Gnash".
The branch, master has been updated
via e8c2a2e55939d1040e8b2099e32158cab7b32a46 (commit)
from c4247039bbe02c75f6fb93c39af503c69cf0883c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit//commit/?id=e8c2a2e55939d1040e8b2099e32158cab7b32a46
commit e8c2a2e55939d1040e8b2099e32158cab7b32a46
Author: Sandro Santilli <address@hidden>
Date: Mon Dec 22 12:18:34 2014 +0100
Avoid possible out-of-bounds read in parser (bug #43865)
Thanks Joshua Rogers for reporting it
diff --git a/NEWS b/NEWS
index 93f5573..1ae2c00 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ Caveats:
Improvements since 0.8.10 release are:
+ * Fix possible out-of-bound read in parser (#43865)
* Fix opening of external URL with Gnash Standalone (#31833)
* Stability fixes in image handling, (CVE-2012-1175, #39388, #37629).
* Stability fixes in parsing (#34686) and ActionScript handling (#39385,
diff --git a/libcore/SWFStream.cpp b/libcore/SWFStream.cpp
index 6001bf7..3c215c9 100644
--- a/libcore/SWFStream.cpp
+++ b/libcore/SWFStream.cpp
@@ -132,7 +132,7 @@ unsigned SWFStream::read_uint(unsigned short bitcount)
//std::cerr << "BytesToRead: " << bytesToRead << " spareBits: " <<
spareBits << " unusedBits: " << (int)m_unused_bits << std::endl;
assert (bytesToRead <= 4);
- byte cache[4]; // at most 4 bytes in the cache
+ byte cache[5]; // at most 4 bytes in the cache + eventual spare bits
if ( spareBits ) m_input->read(&cache, bytesToRead+1);
else m_input->read(&cache, bytesToRead);
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
libcore/SWFStream.cpp | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
hooks/post-receive
--
Gnash
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-2171-ge8c2a2e,
Sandro Santilli <=