[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [bug #43867] int overflow
From: |
Joshua Rogers |
Subject: |
[Gnash-commit] [bug #43867] int overflow |
Date: |
Mon, 22 Dec 2014 11:46:39 +0000 |
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 |
URL:
<http://savannah.gnu.org/bugs/?43867>
Summary: int overflow
Project: Gnash - The GNU Flash player
Submitted by: megamansec3
Submitted on: Mon 22 Dec 2014 11:46:38 AM GMT
Category: None
Severity: 3 - Normal
Release: None
Status: None
Privacy: Private
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Hi,
In ASHandlers.cpp:
2306 unsigned nargs = toNumber(env.pop(), getVM(env));
may cause an int overflow dur to the conversation from 64bits to 32bits
And then it is used:
2325 as_object* newobj = construct_object(constructor, env, nargs);
which will cause problems.
Thanks,
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?43867>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Gnash-commit] [bug #43867] int overflow,
Joshua Rogers <=