Benjamin Otte
2007-Oct-28 18:51 UTC
[Swfdec] 2 commits - libswfdec/swfdec_as_interpret.c test/trace
libswfdec/swfdec_as_interpret.c | 1 +
test/trace/Makefile.am | 3 +++
test/trace/crash-0.5.3-divide-by-zero.as | 5 +++++
test/trace/crash-0.5.3-divide-by-zero.swf |binary
test/trace/crash-0.5.3-divide-by-zero.swf.trace | 1 +
5 files changed, 10 insertions(+)
New commits:
commit c6d96d7d47704ca3d62c08d35874c64f7878bdf2
Author: Benjamin Otte <otte at gnome.org>
Date: Sun Oct 28 19:48:40 2007 +0100
fix divide by zero crash
diff --git a/libswfdec/swfdec_as_interpret.c b/libswfdec/swfdec_as_interpret.c
index 7125e05..c331413 100644
--- a/libswfdec/swfdec_as_interpret.c
+++ b/libswfdec/swfdec_as_interpret.c
@@ -948,6 +948,7 @@ swfdec_action_binary (SwfdecAsContext *cx, guint action,
const guint8 *data, gui
case SWFDEC_AS_ACTION_DIVIDE:
if (cx->version < 5) {
if (r == 0) {
+ swfdec_as_stack_pop (cx);
SWFDEC_AS_VALUE_SET_STRING (swfdec_as_stack_peek (cx, 1),
SWFDEC_AS_STR__ERROR_);
return;
}
commit 45f142e1ddb65fc1c2acf1a37e7ff9f46fba8452
Author: Benjamin Otte <otte at gnome.org>
Date: Sun Oct 28 19:48:29 2007 +0100
Divide by zero crashes in Flash 4
diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index d150370..0732b48 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -380,6 +380,9 @@ EXTRA_DIST = \
crash-0.5.2-startdrag.as \
crash-0.5.2-startdrag.swf \
crash-0.5.2-startdrag.swf.trace \
+ crash-0.5.3-divide-by-zero.as \
+ crash-0.5.3-divide-by-zero.swf \
+ crash-0.5.3-divide-by-zero.swf.trace \
currentframe.swf \
currentframe.swf.trace \
date.as \
diff --git a/test/trace/crash-0.5.3-divide-by-zero.as
b/test/trace/crash-0.5.3-divide-by-zero.as
new file mode 100644
index 0000000..6a94e5a
--- /dev/null
+++ b/test/trace/crash-0.5.3-divide-by-zero.as
@@ -0,0 +1,5 @@
+// makeswf -v 7 -s 200x150 -r 1 -o crash-0.5.3-divide-by-zero.swf
crash-0.5.3-divide-by-zero.as
+
+trace (1 / 0);
+
+loadMovie ("fscommand:QUIT", "");
diff --git a/test/trace/crash-0.5.3-divide-by-zero.swf
b/test/trace/crash-0.5.3-divide-by-zero.swf
new file mode 100644
index 0000000..6d57b22
Binary files /dev/null and b/test/trace/crash-0.5.3-divide-by-zero.swf differ
diff --git a/test/trace/crash-0.5.3-divide-by-zero.swf.trace
b/test/trace/crash-0.5.3-divide-by-zero.swf.trace
new file mode 100644
index 0000000..7f7a506
--- /dev/null
+++ b/test/trace/crash-0.5.3-divide-by-zero.swf.trace
@@ -0,0 +1 @@
+#ERROR#
Benjamin Otte
2007-Oct-29 10:12 UTC
[Swfdec] 2 commits - libswfdec/swfdec_as_interpret.c test/trace
libswfdec/swfdec_as_interpret.c | 3 -
test/trace/Makefile.am | 9 +++
test/trace/crash-0.5.3-text-field-root-variable-5.swf |binary
test/trace/crash-0.5.3-text-field-root-variable-6.swf |binary
test/trace/crash-0.5.3-text-field-root-variable-7.swf |binary
test/trace/crash-0.5.3-text-field-root-variable-8.swf |binary
test/trace/crash-0.5.3-text-field-root-variable.c | 47 ++++++++++++++++++
7 files changed, 58 insertions(+), 1 deletion(-)
New commits:
commit 393c44644a52e50205adb5795edc17a522410717
Author: Benjamin Otte <otte at gnome.org>
Date: Mon Oct 29 10:41:04 2007 +0100
fix crasher in TextField variable lookup
diff --git a/libswfdec/swfdec_as_interpret.c b/libswfdec/swfdec_as_interpret.c
index c331413..13ca787 100644
--- a/libswfdec/swfdec_as_interpret.c
+++ b/libswfdec/swfdec_as_interpret.c
@@ -481,7 +481,8 @@ swfdec_action_lookup_object (SwfdecAsContext *cx,
SwfdecAsObject *o, const char
}
if (path[0] == '/') {
- o = cx->frame->target;
+ if (o == NULL)
+ o = cx->frame->target;
if (!SWFDEC_IS_MOVIE (o))
return NULL;
o = SWFDEC_AS_OBJECT (swfdec_movie_get_root (SWFDEC_MOVIE (o)));
commit d02eabcd04c8d67653cd7cf17ca03616593c8baa
Author: Benjamin Otte <otte at gnome.org>
Date: Mon Oct 29 10:39:45 2007 +0100
add test for another crasher
diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index 2086980..eaa396c 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -383,6 +383,15 @@ EXTRA_DIST = \
crash-0.5.3-divide-by-zero.as \
crash-0.5.3-divide-by-zero.swf \
crash-0.5.3-divide-by-zero.swf.trace \
+ crash-0.5.3-text-field-root-variable.c \
+ crash-0.5.3-text-field-root-variable-5.swf \
+ crash-0.5.3-text-field-root-variable-5.swf.trace \
+ crash-0.5.3-text-field-root-variable-6.swf \
+ crash-0.5.3-text-field-root-variable-6.swf.trace \
+ crash-0.5.3-text-field-root-variable-7.swf \
+ crash-0.5.3-text-field-root-variable-7.swf.trace \
+ crash-0.5.3-text-field-root-variable-8.swf \
+ crash-0.5.3-text-field-root-variable-8.swf.trace \
currentframe.swf \
currentframe.swf.trace \
date.as \
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-5.swf
b/test/trace/crash-0.5.3-text-field-root-variable-5.swf
new file mode 100644
index 0000000..676226b
Binary files /dev/null and
b/test/trace/crash-0.5.3-text-field-root-variable-5.swf differ
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-5.swf.trace
b/test/trace/crash-0.5.3-text-field-root-variable-5.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-6.swf
b/test/trace/crash-0.5.3-text-field-root-variable-6.swf
new file mode 100644
index 0000000..77a041b
Binary files /dev/null and
b/test/trace/crash-0.5.3-text-field-root-variable-6.swf differ
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-6.swf.trace
b/test/trace/crash-0.5.3-text-field-root-variable-6.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-7.swf
b/test/trace/crash-0.5.3-text-field-root-variable-7.swf
new file mode 100644
index 0000000..b0dc6d9
Binary files /dev/null and
b/test/trace/crash-0.5.3-text-field-root-variable-7.swf differ
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-7.swf.trace
b/test/trace/crash-0.5.3-text-field-root-variable-7.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-8.swf
b/test/trace/crash-0.5.3-text-field-root-variable-8.swf
new file mode 100644
index 0000000..2037aab
Binary files /dev/null and
b/test/trace/crash-0.5.3-text-field-root-variable-8.swf differ
diff --git a/test/trace/crash-0.5.3-text-field-root-variable-8.swf.trace
b/test/trace/crash-0.5.3-text-field-root-variable-8.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.5.3-text-field-root-variable.c
b/test/trace/crash-0.5.3-text-field-root-variable.c
new file mode 100755
index 0000000..16b01ef
--- /dev/null
+++ b/test/trace/crash-0.5.3-text-field-root-variable.c
@@ -0,0 +1,47 @@
+/* gcc `pkg-config --libs --cflags libming`
crash-0.5.3-text-field-root-variable.c -o crash-0.5.3-text-field-root-variable
&& ./crash-0.5.3-text-field-root-variable
+ */
+
+#include <ming.h>
+
+static void
+do_movie (int version)
+{
+ char name[100];
+ SWFMovie movie;
+ SWFTextField text;
+ SWFDisplayItem display;
+
+ movie = newSWFMovieWithVersion (version);
+ movie = newSWFMovie();
+ SWFMovie_setRate (movie, 1);
+ SWFMovie_setDimension (movie, 200, 150);
+
+ text = newSWFTextField ();
+ SWFTextField_setVariableName (text, "/:foo");
+ display = SWFMovie_add (movie, (SWFBlock) text);
+ SWFMovie_nextFrame (movie);
+
+ SWFMovie_add (movie, (SWFBlock) newSWFAction (
+ "loadMovie (\"FSCommand:quit\", \"\");"
+ ));
+ SWFMovie_nextFrame (movie);
+
+ sprintf (name, "crash-0.5.3-text-field-root-variable-%d.swf",
version);
+ SWFMovie_save (movie, name);
+}
+
+int
+main (int argc, char **argv)
+{
+ int i;
+
+ if (Ming_init ())
+ return 1;
+
+ for (i = 8; i >= 5; i--) {
+ do_movie (i);
+ }
+
+ return 0;
+}
+
Seemingly Similar Threads
- Branch 'as' - libswfdec/swfdec_as_interpret.c
- Youtube broken by 89d295a94
- Branch 'as' - 2 commits - libswfdec/swfdec_as_interpret.c
- 10 commits - libswfdec/swfdec_as_frame.c libswfdec/swfdec_as_interpret.c libswfdec/swfdec_as_super.c libswfdec/swfdec_video_movie_as.c test/trace
- Branch 'as' - 5 commits - libswfdec-gtk/swfdec_playback_alsa.c libswfdec/swfdec_as_interpret.c libswfdec/swfdec_movie.c test/trace