[Gnash-commit] gnash ChangeLog server/stream.cpp

Thu, 14 Feb 2008 09:49:20 -0800 

CVSROOT:        /sources/gnash
Module name:    gnash
Changes by:     Benjamin Wolsey <bwy>   08/02/14 17:49:12

Modified files:
        .              : ChangeLog 
        server         : stream.cpp 

Log message:
                * server/stream.cpp: also check for overflow of a signed int to 
keep
                  tu_file happy.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.5651&r2=1.5652
http://cvs.savannah.gnu.org/viewcvs/gnash/server/stream.cpp?cvsroot=gnash&r1=1.45&r2=1.46

Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.5651
retrieving revision 1.5652
diff -u -b -r1.5651 -r1.5652
--- ChangeLog   14 Feb 2008 16:38:12 -0000      1.5651
+++ ChangeLog   14 Feb 2008 17:49:12 -0000      1.5652
@@ -1,3 +1,8 @@
+2008-02-14 Benjamin Wolsey <[EMAIL PROTECTED]>
+
+       * server/stream.cpp: also check for overflow of a signed int to keep
+         tu_file happy.
+
 2008-02-14 Sandro Santilli <[EMAIL PROTECTED]>
 
        * server/parser/BitmapMovieDefinition.{cpp,h}:

Index: server/stream.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/stream.cpp,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -b -r1.45 -r1.46
--- server/stream.cpp   14 Feb 2008 16:00:55 -0000      1.45
+++ server/stream.cpp   14 Feb 2008 17:49:12 -0000      1.46
@@ -24,8 +24,8 @@
 #include "tu_file.h"
 #include "swf.h"
 #include "Property.h"
-
 #include <cstring>
+#include <climits>
 //#include <iostream> // debugging only
 
 //#define USE_TU_FILE_BYTESWAPPING 1
@@ -397,20 +397,21 @@
 {
        align();
 
-       unsigned long tagStart=get_position();
+       unsigned long tagStart = get_position();
 
        int     tagHeader = read_u16();
        int     tagType = tagHeader >> 6;
        int     tagLength = tagHeader & 0x3F;
        assert(m_unused_bits == 0);
                
-       if (tagLength == 0x3F) {
+       if (tagLength == 0x3F)
+       {
                tagLength = read_u32();
        }
 
        if (tagLength < 0)
        {
-               throw ParserException(_("Negative tag length reported."));
+               throw ParserException("Negative tag length advertised.");
        }
 
        if ( tagLength > 1024*64 )
@@ -420,6 +421,19 @@
 
        unsigned long tagEnd = get_position() + tagLength;
 
+       // Check end position doesn't overflow a signed int - that makes
+       // zlib adapter's inflate_seek(int pos, void* appdata) unhappy.
+       // The cast stops compiler warnings. We know it's a positive number.
+       // TODO: make tu_file take a long instead of an int.
+       // TODO: check against stream length.
+       if (tagEnd > static_cast<unsigned int>(std::numeric_limits<signed 
int>::max()))
+       {
+               std::stringstream ss;
+               ss << "Invalid tag end position " << tagEnd << " advertised 
(tag length "
+                       << tagLength << ").";
+               throw ParserException(ss.str().c_str());
+       }       
+
        if ( ! _tagBoundsStack.empty() )
        {
                // check that this tag doesn't cross containing tag bounds


_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/gnash-commit

Reply via email to