CVSROOT: /sources/gnash
Module name: gnash
Changes by: Sandro Santilli <strk> 07/08/01 18:57:03
Modified files:
. : ChangeLog
server/swf : tag_loaders.cpp
Log message:
* server/swf/tag_loaders.cpp: (define_sound_loader) check if
number of
samples exceed available bytes in the tag. (sound_expand)
assertion
checking. (u8_expand) use a scoped_array in the easy case
(we'll
need more smart pointers in general).
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.3901&r2=1.3902
http://cvs.savannah.gnu.org/viewcvs/gnash/server/swf/tag_loaders.cpp?cvsroot=gnash&r1=1.117&r2=1.118
Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.3901
retrieving revision 1.3902
diff -u -b -r1.3901 -r1.3902
--- ChangeLog 1 Aug 2007 16:53:47 -0000 1.3901
+++ ChangeLog 1 Aug 2007 18:57:02 -0000 1.3902
@@ -1,5 +1,9 @@
2007-08-01 Sandro Santilli <[EMAIL PROTECTED]>
+ * server/swf/tag_loaders.cpp: (define_sound_loader) check if number of
+ samples exceed available bytes in the tag. (sound_expand) assertion
+ checking. (u8_expand) use a scoped_array in the easy case (we'll
+ need more smart pointers in general).
* backend/sound_handler.h (create_sound, fill_stream_data): document
ownership
of the 'data' argument, and add a TODO item about changing
the interface.
Index: server/swf/tag_loaders.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/swf/tag_loaders.cpp,v
retrieving revision 1.117
retrieving revision 1.118
diff -u -b -r1.117 -r1.118
--- server/swf/tag_loaders.cpp 27 Jul 2007 15:09:42 -0000 1.117
+++ server/swf/tag_loaders.cpp 1 Aug 2007 18:57:03 -0000 1.118
@@ -17,7 +17,7 @@
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
//
-/* $Id: tag_loaders.cpp,v 1.117 2007/07/27 15:09:42 tgc Exp $ */
+/* $Id: tag_loaders.cpp,v 1.118 2007/08/01 18:57:03 strk Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -1086,6 +1086,15 @@
data_bytes = in->get_tag_end_position() - in->get_position();
+ if ( sample_count > data_bytes )
+ {
+ IF_VERBOSE_MALFORMED_SWF(
+ log_swferror(_("Samples count (%u) exceed the number of
bytes available in the DefineSound tag containing it (%u)"),
+ sample_count, data_bytes);
+ );
+ return;
+ }
+
// sound_expand allocates storage for data[].
// and modifies 3 parameters: format, data and data_bytes.
sound_expand(in, format, sample_16bit, stereo, sample_count, data,
data_bytes);
@@ -1305,6 +1314,8 @@
bool sample_16bit, bool stereo, unsigned int &sample_count,
unsigned char* &data, unsigned &data_bytes)
{
+ assert(data_bytes < sample_count);
+
// Make sure that an unassigned pointer cannot get through
data = NULL;
@@ -1547,21 +1558,20 @@
bool stereo)
{
unsigned total_samples = stereo ? sample_count*2 : sample_count;
- uint8_t *in_data = new uint8_t[total_samples];
+
+ boost::scoped_array<uint8_t> in_data ( new uint8_t[total_samples] );
int16_t *out_data = new int16_t[total_samples];
- in->read((char *)in_data, total_samples); // Read 8-bit samples
+ in->read((char *)in_data.get(), total_samples); // Read 8-bit samples
// Convert 8-bit to 16
- uint8_t *inp = in_data;
+ uint8_t *inp = in_data.get();
int16_t *outp = out_data;
for (unsigned i=total_samples; i>0; i--) {
*outp++ = ((int16_t)(*inp++) - 128) * 256;
}
data = (unsigned char *)out_data;
-
- delete [] in_data;
}
//
_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/gnash-commit
