CVSROOT: /sources/gnash
Module name: gnash
Changes by: Rob Savoye <rsavoye> 07/12/20 21:50:10
Modified files:
testsuite/actionscript.all: SharedObject.as
server/asobj : SharedObject.cpp
. : ChangeLog
libamf : amf.cpp sol.cpp
Log message:
* server/asobj/SharedObject.cpp: Make less verbose, don't dump
members after reading.
* libamf/amf.cpp: Check for a corrupted length field so we don't
try to memcpy() an obscene amount of data...
* libamf/sol.cpp: Handle an error from trying to parse corrupted
.sol files so we don't core dump.
* testsuite/actionscript.all/SharedObject.as: Test the new
values
against the previous ones we just wrote.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/testsuite/actionscript.all/SharedObject.as?cvsroot=gnash&r1=1.14&r2=1.15
http://cvs.savannah.gnu.org/viewcvs/gnash/server/asobj/SharedObject.cpp?cvsroot=gnash&r1=1.16&r2=1.17
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.5229&r2=1.5230
http://cvs.savannah.gnu.org/viewcvs/gnash/libamf/amf.cpp?cvsroot=gnash&r1=1.49&r2=1.50
http://cvs.savannah.gnu.org/viewcvs/gnash/libamf/sol.cpp?cvsroot=gnash&r1=1.5&r2=1.6
Patches:
Index: testsuite/actionscript.all/SharedObject.as
===================================================================
RCS file: /sources/gnash/gnash/testsuite/actionscript.all/SharedObject.as,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -b -r1.14 -r1.15
--- testsuite/actionscript.all/SharedObject.as 20 Dec 2007 21:18:21 -0000
1.14
+++ testsuite/actionscript.all/SharedObject.as 20 Dec 2007 21:50:09 -0000
1.15
@@ -20,7 +20,7 @@
// compile this test case with Ming makeswf, and then
// execute it like this gnash -1 -r 0 -v out.swf
-rcsid="$Id: SharedObject.as,v 1.14 2007/12/20 21:18:21 rsavoye Exp $";
+rcsid="$Id: SharedObject.as,v 1.15 2007/12/20 21:50:09 rsavoye Exp $";
#include "check.as"
@@ -75,7 +75,8 @@
so.data.localSecPathTime = 1.19751160683e+12;
// trace(so.getSize());
-// so.flush();
+so.flush();
+
newso = SharedObject.getLocal("settings");
check_equals (typeof(newso), 'object');
@@ -85,17 +86,17 @@
if (typeof(newso.data) != 'undefined') {
trace("New Shared Object, checking data...");
check_equals (typeof(newso.data.gain), 'number');
- check_equals (newso.data.gain, 50.0);
+ check_equals (newso.data.gain, so.data.gain);
check_equals (typeof(newso.data.echosuppression), 'boolean');
- check_equals (newso.data.echosuppression, false);
+ check_equals (newso.data.echosuppression, so.data.echosuppression);
check_equals (typeof(newso.data.defaultmicrophone), 'string');
- check_equals (newso.data.defaultmicrophone, "/dev/input/mic");
+ check_equals (newso.data.defaultmicrophone, so.data.defaultmicrophone);
check_equals (typeof(newso.data.defaultcamera), 'string');
check_equals (newso.data.defaultcamera, 'undefined');
check_equals (typeof(newso.data.defaultklimit), 'number');
- check_equals (newso.data.defaultklimit, 100.0);
+ check_equals (newso.data.defaultklimit, so.data.defaultklimit);
check_equals (typeof(newso.data.defaultalways), 'boolean');
- check_equals (newso.data.defaultalways, false);
+ check_equals (newso.data.defaultalways, so.data.defaultalways);
// FIXME: why did all these start failing ? Accoring to dump() they
// all still exist.
Index: server/asobj/SharedObject.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/asobj/SharedObject.cpp,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -b -r1.16 -r1.17
--- server/asobj/SharedObject.cpp 20 Dec 2007 21:14:39 -0000 1.16
+++ server/asobj/SharedObject.cpp 20 Dec 2007 21:50:09 -0000 1.17
@@ -259,7 +259,7 @@
for (it = els.begin(); it != els.end(); it++) {
AMF::amf_element_t *el = &(*(it));
- log_debug("Adding \"%s\"", el->name.c_str());
+// log_debug("Adding \"%s\"", el->name.c_str());
if (el->type == AMF::NUMBER) {
double dub = *((double *)el->data);
ptr->set_member(st.string_table::find(el->name), as_value(dub));
@@ -285,7 +285,7 @@
}
}
- ptr->dump_members(); // FIXME: debug crap
+// ptr->dump_members(); // FIXME: debug crap
return as_value(obj.get()); // will keep alive
}
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.5229
retrieving revision 1.5230
diff -u -b -r1.5229 -r1.5230
--- ChangeLog 20 Dec 2007 21:14:39 -0000 1.5229
+++ ChangeLog 20 Dec 2007 21:50:09 -0000 1.5230
@@ -1,5 +1,14 @@
2007-12-20 Rob Savoye <[EMAIL PROTECTED]>
+ * server/asobj/SharedObject.cpp: Make less verbose, don't dump
+ members after reading.
+ * libamf/amf.cpp: Check for a corrupted length field so we don't
+ try to memcpy() an obscene amount of data...
+ * libamf/sol.cpp: Handle an error from trying to parse corrupted
+ .sol files so we don't core dump.
+ * testsuite/actionscript.all/SharedObject.as: Test the new values
+ against the previous ones we just wrote.
+
* server/asobj/SharedObject.cpp: Get rcinit file, and use the
SOLSafeDir setting, or defaul tto "./", for all SOL file
locations. This now can both write and read SOL files.
Index: libamf/amf.cpp
===================================================================
RCS file: /sources/gnash/gnash/libamf/amf.cpp,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -b -r1.49 -r1.50
--- libamf/amf.cpp 20 Dec 2007 21:14:39 -0000 1.49
+++ libamf/amf.cpp 20 Dec 2007 21:50:10 -0000 1.50
@@ -1364,6 +1364,11 @@
tmpptr += 2;
// get the name of the element
if (length > 0) {
+ if (length > 20000) {
+ log_error("Length field corrupted! parsed value is: %hd", length);
+ return 0;
+ }
+
// log_msg(_("AMF element length is: %d"), length);
memcpy(buffer, tmpptr, length);
el->name = reinterpret_cast<char *>(buffer);
@@ -1387,11 +1392,11 @@
memset(tmp, 0, AMF_NUMBER_SIZE+1);
memcpy(tmp, buffer, AMF_NUMBER_SIZE);
el->data = tmp;
-#if 1
+#if 0
uint8_t hexint[AMF_NUMBER_SIZE*3];
hexify((uint8_t *)hexint, (uint8_t *)buffer,
AMF_NUMBER_SIZE, false);
-// log_msg(_("Number \"%s\" is: 0x%s"), el->name.c_str(), hexint);
+ log_msg(_("Number \"%s\" is: 0x%s"), el->name.c_str(), hexint);
// amfnum_t *num = extractNumber(tmpptr);
#endif
tmpptr += 8;
Index: libamf/sol.cpp
===================================================================
RCS file: /sources/gnash/gnash/libamf/sol.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -b -r1.5 -r1.6
--- libamf/sol.cpp 20 Dec 2007 21:14:39 -0000 1.5
+++ libamf/sol.cpp 20 Dec 2007 21:50:10 -0000 1.6
@@ -336,11 +336,12 @@
AMF::amf_element_t el;
while ((buf - ptr) <= _filesize) {
ptr = (char *)amf_obj.extractVariable(&el,
reinterpret_cast<uint8_t *>(ptr));
- if (ptr == 0) {
- return true;
- }
+ if (ptr != 0) {
ptr += 1;
addObj(el);
+ } else {
+ break;
+ }
}
ifs.close();
_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/gnash-commit
