Benjamin Otte
2007-Apr-22 06:30 UTC
[Swfdec] 3 commits - libswfdec/swfdec_bits.c libswfdec/swfdec_font.c libswfdec/swfdec_movie.c
libswfdec/swfdec_bits.c | 24 ++++++++++++++++++------ libswfdec/swfdec_font.c | 43 +++++++++++++++++++++++++++---------------- libswfdec/swfdec_movie.c | 4 ++++ 3 files changed, 49 insertions(+), 22 deletions(-) New commits: diff-tree 26a33bf08b5d9feeb8047274b312cee2999824ff (from ea79f997727fcd34b23b206be84b95c7e2f6d152) Author: Benjamin Otte <otte@gnome.org> Date: Sun Apr 22 14:44:33 2007 +0200 make the font parsing loops exit on no more data diff --git a/libswfdec/swfdec_font.c b/libswfdec/swfdec_font.c index c0562b1..8b6d5f3 100644 --- a/libswfdec/swfdec_font.c +++ b/libswfdec/swfdec_font.c @@ -193,17 +193,14 @@ swfdec_font_parse_shape (SwfdecSwfDecode shape->n_line_bits = swfdec_bits_getbits (&s->b, 4); SWFDEC_LOG ("n_line_bits = %d", shape->n_line_bits); + swfdec_bits_init_bits (&s->b, &save_bits, size); swfdec_shape_get_recs (s, shape, swfdec_pattern_parse, swfdec_stroke_parse); swfdec_bits_syncbits (&s->b); - if (swfdec_bits_skip_bytes (&save_bits, size) != size) { - SWFDEC_ERROR ("invalid offset value, not enough bytes available"); - } - if (swfdec_bits_left (&save_bits) != swfdec_bits_left (&s->b)) { - SWFDEC_WARNING ("parsing shape did use %d bytes too much\n", - (swfdec_bits_left (&save_bits) - swfdec_bits_left (&s->b)) / 8); - /* we trust the offsets here */ - s->b = save_bits; + if (swfdec_bits_left (&s->b)) { + SWFDEC_WARNING ("parsing shape didn't use %d bytes", + swfdec_bits_left (&s->b) / 8); } + s->b = save_bits; } int @@ -232,7 +229,7 @@ tag_func_define_font (SwfdecSwfDecoder * g_array_set_size (font->glyphs, n_glyphs); offset = swfdec_bits_get_u16 (&offsets); - for (i = 0; i < n_glyphs; i++) { + for (i = 0; i < n_glyphs && swfdec_bits_left (&s->b); i++) { SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i); if (i + 1 == n_glyphs) next_offset = offset + swfdec_bits_left (&s->b) / 8; @@ -241,6 +238,10 @@ tag_func_define_font (SwfdecSwfDecoder * swfdec_font_parse_shape (s, entry, next_offset - offset); offset = next_offset; } + if (i < n_glyphs) { + SWFDEC_ERROR ("data was only enough for %u glyphs, not %u", i, n_glyphs); + g_array_set_size (font->glyphs, i); + } return SWFDEC_STATUS_OK; } @@ -336,7 +337,7 @@ tag_func_define_font_2 (SwfdecSwfDecoder g_array_set_size (font->glyphs, n_glyphs); - for (i = 0; i < n_glyphs; i++) { + for (i = 0; i < n_glyphs && swfdec_bits_left (&s->b); i++) { SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i); shape = g_object_new (SWFDEC_TYPE_SHAPE, NULL); entry->shape = shape; @@ -344,13 +345,18 @@ tag_func_define_font_2 (SwfdecSwfDecoder g_ptr_array_add (shape->fills, swfdec_pattern_new_color (0xFFFFFFFF)); g_ptr_array_add (shape->lines, swfdec_stroke_new (20, 0xFFFFFFFF)); - swfdec_bits_syncbits (&s->b); shape->n_fill_bits = swfdec_bits_getbits (&s->b, 4); SWFDEC_LOG ("n_fill_bits = %d", shape->n_fill_bits); shape->n_line_bits = swfdec_bits_getbits (&s->b, 4); SWFDEC_LOG ("n_line_bits = %d", shape->n_line_bits); swfdec_shape_get_recs (s, shape, swfdec_pattern_parse, swfdec_stroke_parse); + swfdec_bits_syncbits (&s->b); + } + if (i < n_glyphs) { + SWFDEC_ERROR ("data was only enough for %u glyphs, not %u", i, n_glyphs); + g_array_set_size (font->glyphs, i); + n_glyphs = i; } if (wide_codes) { swfdec_bits_skip_bytes (bits, 2 * n_glyphs); @@ -363,7 +369,7 @@ tag_func_define_font_2 (SwfdecSwfDecoder font_leading = swfdec_bits_get_s16 (bits); //font_advance_table = swfdec_bits_get_s16(bits); swfdec_bits_skip_bytes (bits, 2 * n_glyphs); - for (i = 0; i < n_glyphs; i++) { + for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) { swfdec_bits_get_rect (bits, &rect); } swfdec_font_parse_kerning_table (s, font, wide_codes); @@ -434,7 +440,7 @@ tag_func_define_font_3 (SwfdecSwfDecoder offset = swfdec_bits_get_u16 (&offsets); } g_array_set_size (font->glyphs, n_glyphs); - for (i = 0; i < n_glyphs; i++) { + for (i = 0; i < n_glyphs && swfdec_bits_left (&s->b); i++) { SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i); if (wide_offsets) next_offset = swfdec_bits_get_u32 (&offsets); @@ -443,7 +449,12 @@ tag_func_define_font_3 (SwfdecSwfDecoder swfdec_font_parse_shape (s, entry, next_offset - offset); offset = next_offset; } - for (i = 0; i < n_glyphs; i++) { + if (i < n_glyphs) { + SWFDEC_ERROR ("data was only enough for %u glyphs, not %u", i, n_glyphs); + g_array_set_size (font->glyphs, i); + n_glyphs = i; + } + for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) { SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i); if (wide_codes) entry->value = swfdec_bits_get_u16 (bits); @@ -456,10 +467,10 @@ tag_func_define_font_3 (SwfdecSwfDecoder ascent = swfdec_bits_get_u16 (bits); descent = swfdec_bits_get_u16 (bits); leading = swfdec_bits_get_u16 (bits); - for (i = 0; i < n_glyphs; i++) { + for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) { /* guint advance = */ swfdec_bits_get_u16 (bits); } - for (i = 0; i < n_glyphs; i++) { + for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) { SwfdecRect rect; swfdec_bits_get_rect (bits, &rect); } diff-tree ea79f997727fcd34b23b206be84b95c7e2f6d152 (from 375960447cf4f4286d6bab0e36656dfb6df89d30) Author: Benjamin Otte <otte@gnome.org> Date: Sun Apr 22 14:43:40 2007 +0200 handle removal of movies that aren't inited/constructed without crashing diff --git a/libswfdec/swfdec_movie.c b/libswfdec/swfdec_movie.c index 3317fb2..53b47c2 100644 --- a/libswfdec/swfdec_movie.c +++ b/libswfdec/swfdec_movie.c @@ -322,6 +322,10 @@ swfdec_movie_destroy (SwfdecMovie *movie SWFDEC_LOG ("destroying movie %s", movie->name); swfdec_movie_do_remove (movie, swfdec_movie_destroy); swfdec_movie_set_content (movie, NULL); + /* FIXME: figure out how to handle destruction pre-init/construct. + * This is just a stop-gap measure to avoid dead movies in those queues */ + g_queue_remove (player->init_queue, movie); + g_queue_remove (player->construct_queue, movie); if (klass->finish_movie) klass->finish_movie (movie); swfdec_js_movie_remove_jsobject (movie); diff-tree 375960447cf4f4286d6bab0e36656dfb6df89d30 (from ef2514da947a3aeb0d8210cba619fdd350281e94) Author: Benjamin Otte <otte@gnome.org> Date: Sun Apr 22 14:06:41 2007 +0200 break out of gradient loop when no more bits are available diff --git a/libswfdec/swfdec_bits.c b/libswfdec/swfdec_bits.c index 0f7e4c9..7077cdc 100644 --- a/libswfdec/swfdec_bits.c +++ b/libswfdec/swfdec_bits.c @@ -585,11 +585,15 @@ swfdec_bits_get_gradient (SwfdecBits * b n_gradients = swfdec_bits_get_u8 (bits); grad = g_malloc (sizeof (SwfdecGradient) + sizeof (SwfdecGradientEntry) * (n_gradients - 1)); - grad->n_gradients = n_gradients; - for (i = 0; i < n_gradients; i++) { + for (i = 0; i < n_gradients && swfdec_bits_left (bits); i++) { grad->array[i].ratio = swfdec_bits_get_u8 (bits); grad->array[i].color = swfdec_bits_get_color (bits); } + if (i < n_gradients) { + SWFDEC_ERROR ("not enough data for %u gradients, could only read %u", + n_gradients, i); + } + grad->n_gradients = i; return grad; } @@ -602,11 +606,15 @@ swfdec_bits_get_gradient_rgba (SwfdecBit n_gradients = swfdec_bits_get_u8 (bits); grad = g_malloc (sizeof (SwfdecGradient) + sizeof (SwfdecGradientEntry) * (n_gradients - 1)); - grad->n_gradients = n_gradients; - for (i = 0; i < n_gradients; i++) { + for (i = 0; i < n_gradients && swfdec_bits_left (bits); i++) { grad->array[i].ratio = swfdec_bits_get_u8 (bits); grad->array[i].color = swfdec_bits_get_rgba (bits); } + if (i < n_gradients) { + SWFDEC_ERROR ("not enough data for %u gradients, could only read %u", + n_gradients, i); + } + grad->n_gradients = i; return grad; } @@ -620,11 +628,15 @@ swfdec_bits_get_morph_gradient (SwfdecBi n_gradients *= 2; grad = g_malloc (sizeof (SwfdecGradient) + sizeof (SwfdecGradientEntry) * (n_gradients - 1)); - grad->n_gradients = n_gradients; - for (i = 0; i < n_gradients; i++) { + for (i = 0; i < n_gradients && swfdec_bits_left (bits); i++) { grad->array[i].ratio = swfdec_bits_get_u8 (bits); grad->array[i].color = swfdec_bits_get_rgba (bits); } + if (i < n_gradients) { + SWFDEC_ERROR ("not enough data for %u gradients, could only read %u", + n_gradients, i); + } + grad->n_gradients = i; return grad; }
Maybe Matching Threads
- 8 commits - libswfdec/swfdec_bits.h libswfdec/swfdec_font.c libswfdec/swfdec_font.h libswfdec/swfdec_loader.c libswfdec/swfdec_loader_internal.h libswfdec/swfdec_tag.c libswfdec/swfdec_text.c libswfdec/swfdec_text.h test/swfedit_token.c test/various
- 15 commits - libswfdec/jpeg libswfdec/swfdec_bits.c libswfdec/swfdec_edittext.c libswfdec/swfdec_font.c libswfdec/swfdec_image.c libswfdec/swfdec_root_sprite.c libswfdec/swfdec_script.c libswfdec/swfdec_shape.c libswfdec/swfdec_sprite.c
- Branch 'as' - 17 commits - libswfdec/jpeg libswfdec/swfdec_bits.c libswfdec/swfdec_font.c libswfdec/swfdec_image.c libswfdec/swfdec_root_sprite.c libswfdec/swfdec_script.c libswfdec/swfdec_shape.c libswfdec/swfdec_sound.c libswfdec/swfdec_sprite.c
- libswfdec/swfdec_font.c
- libswfdec-gtk/swfdec_playback_alsa.c libswfdec/swfdec_audio_event.h libswfdec/swfdec_audio_flv.h libswfdec/swfdec_audio_stream.h libswfdec/swfdec_bits.c libswfdec/swfdec_bits.h libswfdec/swfdec_buffer.c libswfdec/swfdec_buffer.h libswfdec/swfdec_cache.c