[Gnash-commit] gnash ChangeLog server/parser/text_character_de...

Fri, 15 Feb 2008 02:08:54 -0800 

CVSROOT:        /sources/gnash
Module name:    gnash
Changes by:     Benjamin Wolsey <bwy>   08/02/15 10:05:26

Modified files:
        .              : ChangeLog 
        server/parser  : text_character_def.cpp 
        server/swf     : PlaceObject2Tag.cpp 

Log message:
                * server/swf/PlaceObject2Tag.cpp: use ensureBytes, fix more 
assertion
                  failures on malformed SWFs.
                * server/parser/text_character_def.cpp: add a missing 
ensureBytes.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/gnash/ChangeLog?cvsroot=gnash&r1=1.5660&r2=1.5661
http://cvs.savannah.gnu.org/viewcvs/gnash/server/parser/text_character_def.cpp?cvsroot=gnash&r1=1.9&r2=1.10
http://cvs.savannah.gnu.org/viewcvs/gnash/server/swf/PlaceObject2Tag.cpp?cvsroot=gnash&r1=1.33&r2=1.34

Patches:
Index: ChangeLog
===================================================================
RCS file: /sources/gnash/gnash/ChangeLog,v
retrieving revision 1.5660
retrieving revision 1.5661
diff -u -b -r1.5660 -r1.5661
--- ChangeLog   15 Feb 2008 09:17:33 -0000      1.5660
+++ ChangeLog   15 Feb 2008 10:05:25 -0000      1.5661
@@ -3,6 +3,9 @@
        * server/swf/tag_loaders.cpp: (define_bits_lossless_2_loader) log
          malformed SWF error and return if height or width is 0 (prevents
          assertion failure in image.cpp (rgba).
+       * server/swf/PlaceObject2Tag.cpp: use ensureBytes, fix more assertion
+         failures on malformed SWFs.
+       * server/parser/text_character_def.cpp: add a missing ensureBytes.
 
 2008-02-15 Sandro Santilli <[EMAIL PROTECTED]>
 

Index: server/parser/text_character_def.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/parser/text_character_def.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- server/parser/text_character_def.cpp        11 Feb 2008 16:32:52 -0000      
1.9
+++ server/parser/text_character_def.cpp        15 Feb 2008 10:05:26 -0000      
1.10
@@ -36,6 +36,7 @@
        text_style      style;
        for (;;)
        {
+               in->ensureBytes(1);
                unsigned int first_byte = in->read_u8();
                
                if (first_byte == 0)

Index: server/swf/PlaceObject2Tag.cpp
===================================================================
RCS file: /sources/gnash/gnash/server/swf/PlaceObject2Tag.cpp,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -b -r1.33 -r1.34
--- server/swf/PlaceObject2Tag.cpp      12 Feb 2008 20:56:30 -0000      1.33
+++ server/swf/PlaceObject2Tag.cpp      15 Feb 2008 10:05:26 -0000      1.34
@@ -17,7 +17,7 @@
 // Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 //
 
-/* $Id: PlaceObject2Tag.cpp,v 1.33 2008/02/12 20:56:30 strk Exp $ */
+/* $Id: PlaceObject2Tag.cpp,v 1.34 2008/02/15 10:05:26 bwy Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "gnashconfig.h"
@@ -38,6 +38,7 @@
 PlaceObject2Tag::readPlaceObject(stream& in)
 {
        // Original place_object tag; very simple.
+       in.ensureBytes(2 + 2);
        m_character_id = in.read_u16();
        m_depth = in.read_u16()+character::staticDepthOffset;
        m_matrix.read(in);
@@ -188,6 +189,8 @@
 {
     in.align();
 
+    in.ensureBytes(1 + 2); // PlaceObject2, depth
+
     // PlaceObject2 specific flags
     boost::uint8_t has_flags2 = in.read_u8();
 
@@ -202,7 +205,11 @@
 
     m_depth = in.read_u16()+character::staticDepthOffset;
 
-    if (has_char) m_character_id = in.read_u16();
+    if (has_char)
+    {
+        in.ensureBytes(2);
+        m_character_id = in.read_u16();
+    }
 
     if (has_matrix)
     {
@@ -217,16 +224,26 @@
     }
 
     if (has_ratio) 
+    {
+        in.ensureBytes(2);
         m_ratio = in.read_u16();
+    }
     else
+    {
         m_ratio = character::noRatioValue;
+    }
 
     if (m_has_name) in.read_string(m_name);
 
     if (has_clip_depth)
-        m_clip_depth = in.read_u16()+character::staticDepthOffset;
+    {
+        in.ensureBytes(2);
+        m_clip_depth = in.read_u16() + character::staticDepthOffset;
+    }
     else
+    {
         m_clip_depth = character::noClipDepthValue;
+    }
 
     if (has_actions)
     {
@@ -281,6 +298,8 @@
 {
     in.align();
 
+    in.ensureBytes(1 + 1 + 2); // PlaceObject2, PlaceObject3, depth
+
     // PlaceObject2 specific flags
     boost::uint8_t has_flags2 = in.read_u8();
 
@@ -306,10 +325,11 @@
     boost::uint8_t bitmask = 0;
     std::string className;
 
-    m_depth = in.read_u16()+character::staticDepthOffset;
+    m_depth = in.read_u16() + character::staticDepthOffset;
 
     if (has_char)
     {
+        in.ensureBytes(2);
         m_character_id = in.read_u16();
     }
 
@@ -332,16 +352,26 @@
     }
 
     if (has_ratio) 
+    {
+        in.ensureBytes(2);
         m_ratio = in.read_u16();
+    }
     else
+    {
         m_ratio = character::noRatioValue;
+    }
 
     if (m_has_name) in.read_string(m_name);
 
     if (has_clip_depth)
+    {
+        in.ensureBytes(2);
         m_clip_depth = in.read_u16()+character::staticDepthOffset;
+    }
     else
+    {
         m_clip_depth = character::noClipDepthValue;
+    }
 
     if (has_filters)
     {
@@ -351,6 +381,7 @@
 
     if (has_blend_mode)
     {
+        in.ensureBytes(1);
         blend_mode = in.read_u8();
     }
 
@@ -358,6 +389,7 @@
     {
         // It is not certain that this actually exists, so if this reader
         // is broken, it is probably here!
+        in.ensureBytes(1);
         bitmask = in.read_u8();
     }
 


_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
http://lists.gnu.org/mailman/listinfo/gnash-commit

Reply via email to