Benjamin Otte
2007-Feb-15 03:14 UTC
[Swfdec] 3 commits - libswfdec/swfdec_bits.c libswfdec/swfdec_shape.c libswfdec/swfdec_tag.c
libswfdec/swfdec_bits.c | 5 +--
libswfdec/swfdec_shape.c | 8 +++--
libswfdec/swfdec_tag.c | 71 +++++++++++++++--------------------------------
3 files changed, 32 insertions(+), 52 deletions(-)
New commits:
diff-tree a879894cd4905bea3dfe323eac13d24448146807 (from
b9d7f15528e25b22099507ad00bba595e53025af)
Author: Benjamin Otte <otte@gnome.org>
Date: Thu Feb 15 09:32:32 2007 +0100
Update some parsing code to the 21st century
DefineSprite and DefineFont tags were still doing old-style manipulation of
the SwfdecBits which could cause crashes. This patch updates it to use the
"new" functions.
diff --git a/libswfdec/swfdec_tag.c b/libswfdec/swfdec_tag.c
index e7c8aa8..f4497f2 100644
--- a/libswfdec/swfdec_tag.c
+++ b/libswfdec/swfdec_tag.c
@@ -190,35 +190,30 @@ tag_func_define_text_2 (SwfdecSwfDecoder
int
tag_func_define_sprite (SwfdecSwfDecoder * s)
{
- SwfdecBits *bits = &s->b;
SwfdecBits parse;
int id;
SwfdecSprite *sprite;
int ret;
- SwfdecBits save_bits;
+ guint tag;
- save_bits = s->b;
+ parse = s->b;
- id = swfdec_bits_get_u16 (bits);
+ id = swfdec_bits_get_u16 (&parse);
sprite = swfdec_swf_decoder_create_character (s, id, SWFDEC_TYPE_SPRITE);
if (!sprite)
return SWFDEC_STATUS_OK;
SWFDEC_LOG (" ID: %d", id);
- swfdec_sprite_set_n_frames (sprite, swfdec_bits_get_u16 (bits),
SWFDEC_DECODER (s)->rate);
-
- parse = *bits;
+ swfdec_sprite_set_n_frames (sprite, swfdec_bits_get_u16 (&parse),
SWFDEC_DECODER (s)->rate);
s->parse_sprite = sprite;
- while (1) {
+ do {
int x;
- int tag;
guint tag_len;
SwfdecBuffer *buffer;
SwfdecTagFunc *func;
- //SWFDEC_INFO ("sprite parsing at %d", parse.ptr -
parse.buffer->data);
x = swfdec_bits_get_u16 (&parse);
tag = (x >> 6) & 0x3ff;
tag_len = x & 0x3f;
@@ -228,25 +223,17 @@ tag_func_define_sprite (SwfdecSwfDecoder
SWFDEC_INFO ("sprite parsing at %d, tag %d %s, length %d",
parse.ptr - parse.buffer->data, tag,
swfdec_swf_decoder_get_tag_name (tag), tag_len);
- //SWFDEC_DEBUG ("tag %d %s", tag, swfdec_decoder_get_tag_name
(tag));
- if (tag_len * 8 > swfdec_bits_left (&parse)) {
- SWFDEC_ERROR ("tag claims to be %u bytes long, but only %u bytes
remaining",
- tag_len, swfdec_bits_left (&parse) / 8);
- break;
- } else if (tag_len > 0) {
- buffer = swfdec_buffer_new_subbuffer (parse.buffer,
- parse.ptr - parse.buffer->data, tag_len);
- s->b.buffer = buffer;
- s->b.ptr = buffer->data;
- s->b.idx = 0;
- s->b.end = buffer->data + buffer->length;
+ if (tag_len == 0) {
+ swfdec_bits_init_data (&s->b, NULL, 0);
} else {
- buffer = NULL;
- s->b.buffer = NULL;
- s->b.ptr = NULL;
- s->b.idx = 0;
- s->b.end = NULL;
+ buffer = swfdec_bits_get_buffer (&parse, tag_len);
+ if (buffer == NULL) {
+ SWFDEC_ERROR ("tag claims to be %u bytes long, but not enough bytes
remaining",
+ tag_len);
+ break;
+ }
+ swfdec_bits_init (&s->b, buffer);
}
func = swfdec_swf_decoder_get_tag_func (tag);
@@ -257,32 +244,20 @@ tag_func_define_sprite (SwfdecSwfDecoder
SWFDEC_ERROR ("invalid tag %d %s during DefineSprite",
tag, swfdec_swf_decoder_get_tag_name (tag));
} else {
- const unsigned char *endptr = parse.ptr + tag_len;
ret = func (s);
- swfdec_bits_syncbits (bits);
- if (tag_len > 0) {
- if (s->b.ptr < endptr) {
- SWFDEC_WARNING ("early parse finish (%d bytes)", endptr -
s->b.ptr);
- }
- if (s->b.ptr > endptr) {
- SWFDEC_WARNING ("parse overrun (%d bytes)", s->b.ptr -
endptr);
- }
+ if (swfdec_bits_left (&s->b)) {
+ SWFDEC_WARNING ("early parse finish (%d bytes)",
+ swfdec_bits_left (&s->b) / 8);
}
}
- if (swfdec_bits_skip_bytes (&parse, tag_len) != tag_len)
- break;
-
if (buffer)
swfdec_buffer_unref (buffer);
- if (tag == 0)
- break;
- }
+ } while (tag != 0);
- s->b = save_bits;
- s->b.ptr += s->b.buffer->length;
- /* this assumes that no recursive DefineSprite happens and the spec says it
doesn't */
+ s->b = parse;
+ /* this assumes that no recursive DefineSprite happens and we check it
doesn't */
s->parse_sprite = s->main_sprite;
SWFDEC_LOG ("done parsing this sprite");
@@ -648,16 +623,16 @@ tag_func_define_font_2 (SwfdecSwfDecoder
swfdec_shape_get_recs (s, shape);
}
if (wide_codes) {
- bits->ptr += 2 * n_glyphs;
+ swfdec_bits_skip_bytes (bits, 2 * n_glyphs);
} else {
- bits->ptr += 1 * n_glyphs;
+ swfdec_bits_skip_bytes (bits, 1 * n_glyphs);
}
if (has_layout) {
font_ascent = swfdec_bits_get_s16 (bits);
font_descent = swfdec_bits_get_s16 (bits);
font_leading = swfdec_bits_get_s16 (bits);
//font_advance_table = swfdec_bits_get_s16(bits);
- bits->ptr += 2 * n_glyphs;
+ swfdec_bits_skip_bytes (bits, 2 * n_glyphs);
for (i = 0; i < n_glyphs; i++) {
swfdec_bits_get_rect (bits, &rect);
}
diff-tree b9d7f15528e25b22099507ad00bba595e53025af (from
b2e0602283210779a56b4feb93d423b96c2bd3ef)
Author: Benjamin Otte <otte@gnome.org>
Date: Thu Feb 15 09:30:35 2007 +0100
Allow NULL data in swfdec_bits_init_data
diff --git a/libswfdec/swfdec_bits.c b/libswfdec/swfdec_bits.c
index 6a9ed33..ab46303 100644
--- a/libswfdec/swfdec_bits.c
+++ b/libswfdec/swfdec_bits.c
@@ -62,13 +62,14 @@ swfdec_bits_init (SwfdecBits *bits, Swfd
* @len: length of the data
*
* Initializes @bits for use with the given @data. All operations on @bits will
- * return copies of the data, so after use, you can free the supplied data.
+ * return copies of the data, so after use, you can free the supplied data.
Using
+ * %NULL for @data is valid if @len is 0.
**/
void
swfdec_bits_init_data (SwfdecBits *bits, const guint8 *data, guint len)
{
g_return_if_fail (bits != NULL);
- g_return_if_fail (data != NULL);
+ g_return_if_fail (data != NULL || len == 0);
bits->buffer = NULL;
bits->ptr = data;
diff-tree b2e0602283210779a56b4feb93d423b96c2bd3ef (from
98049e91f2ff8cd1cc2ad5b9ae5952653d065ad7)
Author: Benjamin Otte <otte@gnome.org>
Date: Wed Feb 14 22:54:36 2007 +0100
Handle failed pattern creation during parsing
diff --git a/libswfdec/swfdec_shape.c b/libswfdec/swfdec_shape.c
index c731b37..08bd710 100644
--- a/libswfdec/swfdec_shape.c
+++ b/libswfdec/swfdec_shape.c
@@ -214,12 +214,14 @@ swfdec_shape_dispose (GObject *object)
}
g_array_free (shape->vecs, TRUE);
for (i = 0; i < shape->fills->len; i++) {
- g_object_unref (g_ptr_array_index (shape->fills, i));
+ if (g_ptr_array_index (shape->fills, i))
+ g_object_unref (g_ptr_array_index (shape->fills, i));
}
g_ptr_array_free (shape->fills, TRUE);
for (i = 0; i < shape->lines->len; i++) {
- g_object_unref (g_ptr_array_index (shape->lines, i));
+ if (g_ptr_array_index (shape->lines, i))
+ g_object_unref (g_ptr_array_index (shape->lines, i));
}
g_ptr_array_free (shape->lines, TRUE);
@@ -555,6 +557,8 @@ swfdec_shape_accumulate_one_fill (Swfdec
goto fail;
} else {
target->pattern = g_ptr_array_index (shape->fills, style - 1);
+ if (target->pattern == NULL)
+ goto fail;
g_object_ref (target->pattern);
}
g_slist_free (found);
Maybe Matching Threads
- 8 commits - libswfdec/swfdec_bits.h libswfdec/swfdec_font.c libswfdec/swfdec_font.h libswfdec/swfdec_loader.c libswfdec/swfdec_loader_internal.h libswfdec/swfdec_tag.c libswfdec/swfdec_text.c libswfdec/swfdec_text.h test/swfedit_token.c test/various
- 3 commits - libswfdec/swfdec_bits.c libswfdec/swfdec_font.c libswfdec/swfdec_movie.c
- Branch 'interpreter' - 4 commits - libswfdec/js libswfdec/swfdec_bits.c libswfdec/swfdec_bits.h libswfdec/swfdec_codec_screen.c libswfdec/swfdec_image.c libswfdec/swfdec_script.c libswfdec/swfdec_swf_decoder.c libswfdec/swfdec_tag.c
- 15 commits - libswfdec/jpeg libswfdec/swfdec_bits.c libswfdec/swfdec_edittext.c libswfdec/swfdec_font.c libswfdec/swfdec_image.c libswfdec/swfdec_root_sprite.c libswfdec/swfdec_script.c libswfdec/swfdec_shape.c libswfdec/swfdec_sprite.c
- Branch 'as' - 17 commits - libswfdec/jpeg libswfdec/swfdec_bits.c libswfdec/swfdec_font.c libswfdec/swfdec_image.c libswfdec/swfdec_root_sprite.c libswfdec/swfdec_script.c libswfdec/swfdec_shape.c libswfdec/swfdec_sound.c libswfdec/swfdec_sprite.c
Wisdom of the Ancients
