bugzilla-daemon at freedesktop.org
2007-Oct-13 09:28 UTC
[Swfdec] [Bug 12793] New: Crash playing a swf file (because of missing NULL ptr check)
http://bugs.freedesktop.org/show_bug.cgi?id=12793
Summary: Crash playing a swf file (because of missing NULL ptr
check)
Product: swfdec
Version: unspecified
Platform: x86 (IA32)
OS/Version: All
Status: NEW
Severity: normal
Priority: high
Component: library
AssignedTo: swfdec at lists.freedesktop.org
ReportedBy: leroutier at gmail.com
QAContact: swfdec at lists.freedesktop.org
Trying to play a swf file on my harddrive, I had a crash.
Looking at gdb's output, I saw that :
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish:
fillstyle 0 has no path
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish:
fillstyle 0 has no path
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish:
fillstyle 0 has no path
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
[New Thread -1236038768 (LWP 14016)]
[Thread -1227646064 (LWP 14015) exited]
(swfplay:14010): Swfdec-CRITICAL **: swfdec_buffer_queue_pull: assertion
`length > 0' failed
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1223689344 (LWP 14010)]
0xb7f46add in swfdec_sound_get_decoded (sound=0x81a4770, format=0x8203d80) at
swfdec_sound.c:205
205 SWFDEC_LOG ("after decoding, got %u samples, should get %u and
skip
%u",
(gdb) p tmp
$1 = (SwfdecBuffer *) 0x0
The code does :
SWFDEC_LOG ("after decoding, got %u samples, should get %u and skip
%u",
tmp->length / sample_bytes, n_samples, sound->skip);
tmp->length is the culprit.
but tmp is used more and more after that so perhaps a small if (!tmp) is not
enough.
Attaching a link to the file once it has been uploaded
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at freedesktop.org
2007-Oct-13 09:30 UTC
[Swfdec] [Bug 12793] Crash playing a swf file (because of missing NULL ptr check)
http://bugs.freedesktop.org/show_bug.cgi?id=12793
leroutier at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |http://www.leroutier.net/flo
| |ss/swfdec/bugzilla/fdo12793.
| |swf
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at freedesktop.org
2007-Oct-14 09:38 UTC
[Swfdec] [Bug 12793] Crash playing a swf file (because of missing NULL ptr check)
http://bugs.freedesktop.org/show_bug.cgi?id=12793
otte at gnome.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Comment #1 from otte at gnome.org 2007-10-14 02:42 PST -------
Thanks, fixed in 9ee02d87b2f6837237a717b3b6232ebe7ec63c63
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 13051] New: CNN Cartoon Clicks are not responsive to mouse events
- [Bug 13293] New: _cairo_pen_find_active_cw_vertex_index failed assertion
- configure.ac libswfdec-gtk/swfdec_gtk_widget.c libswfdec-gtk/swfdec_playback_alsa.c libswfdec/swfdec_as_date.c libswfdec/swfdec_as_interpret.c libswfdec/swfdec_as_types.c libswfdec/swfdec_audio_flv.c libswfdec/swfdec_audio_flv.h
- 5 commits - libswfdec/jpeg libswfdec/swfdec_as_interpret.c libswfdec/swfdec_bits.c libswfdec/swfdec_cached.c libswfdec/swfdec_codec_adpcm.c libswfdec/swfdec_codec_audio.c libswfdec/swfdec_flash_security.c libswfdec/swfdec_image.c
- 12 commits - libswfdec/Makefile.am libswfdec/swfdec_as_strings.c libswfdec/swfdec_as_types.c libswfdec/swfdec_as_types.h libswfdec/swfdec_gradient_pattern.c libswfdec/swfdec_gradient_pattern.h libswfdec/swfdec_movie_as_drawing.c libswfdec/swfdec_pattern.c