[Gnash-commit] [bug #43867] int overflow

gnash-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-commit] [bug #43867] int overflow

From:	Joshua Rogers
Subject:	[Gnash-commit] [bug #43867] int overflow
Date:	Mon, 22 Dec 2014 11:46:39 +0000
User-agent:	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0

URL:
  <http://savannah.gnu.org/bugs/?43867>

                 Summary: int overflow
                 Project: Gnash - The GNU Flash player
            Submitted by: megamansec3
            Submitted on: Mon 22 Dec 2014 11:46:38 AM GMT
                Category: None
                Severity: 3 - Normal
                 Release: None
                  Status: None
                 Privacy: Private
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

Hi,


In ASHandlers.cpp:

2306    unsigned nargs = toNumber(env.pop(), getVM(env));

may cause an int overflow dur to the conversation from 64bits to 32bits 

And then it is used:

2325        as_object* newobj = construct_object(constructor, env, nargs);

which will cause problems.


Thanks,




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?43867>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-commit] [bug #43867] int overflow, Joshua Rogers <=
- [Gnash-commit] [bug #43867] int overflow, Bastiaan Jacques, 2014/12/22

Prev by Date: [Gnash-commit] [bug #43865] out-of-bounds read
Next by Date: [Gnash-commit] buildbot failure in Gnash on sid-linux-i386
Previous by thread: [Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-2171-ge8c2a2e
Next by thread: [Gnash-commit] [bug #43867] int overflow
Index(es):
- Date
- Thread