Benjamin Otte
2007-Nov-30 14:45 UTC
[Swfdec] 2 commits - libswfdec/swfdec_sprite_movie_as.c test/trace
libswfdec/swfdec_sprite_movie_as.c | 4 test/trace/Makefile.am | 9 + test/trace/crash-0.5.4-goto-in-constructor-5.swf |binary test/trace/crash-0.5.4-goto-in-constructor-5.swf.trace | 6 + test/trace/crash-0.5.4-goto-in-constructor-6.swf |binary test/trace/crash-0.5.4-goto-in-constructor-6.swf.trace | 15 ++ test/trace/crash-0.5.4-goto-in-constructor-7.swf |binary test/trace/crash-0.5.4-goto-in-constructor-7.swf.trace | 15 ++ test/trace/crash-0.5.4-goto-in-constructor-8.swf |binary test/trace/crash-0.5.4-goto-in-constructor-8.swf.trace | 15 ++ test/trace/crash-0.5.4-goto-in-constructor.c | 100 +++++++++++++++++ 11 files changed, 163 insertions(+), 1 deletion(-) New commits: commit 31c045846da9de00b253609f2ff5e13df5f2c84c Author: Benjamin Otte <otte at gnome.org> Date: Fri Nov 30 10:49:02 2007 +0100 add testcase for just-fixed crash diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am index 36360e2..304b653 100644 --- a/test/trace/Makefile.am +++ b/test/trace/Makefile.am @@ -604,6 +604,15 @@ EXTRA_DIST = \ crash-0.5.3-text-field-root-variable-7.swf.trace \ crash-0.5.3-text-field-root-variable-8.swf \ crash-0.5.3-text-field-root-variable-8.swf.trace \ + crash-0.5.4-goto-in-constructor.c \ + crash-0.5.4-goto-in-constructor-5.swf \ + crash-0.5.4-goto-in-constructor-5.swf.trace \ + crash-0.5.4-goto-in-constructor-6.swf \ + crash-0.5.4-goto-in-constructor-6.swf.trace \ + crash-0.5.4-goto-in-constructor-7.swf \ + crash-0.5.4-goto-in-constructor-7.swf.trace \ + crash-0.5.4-goto-in-constructor-8.swf \ + crash-0.5.4-goto-in-constructor-8.swf.trace \ currentframe.swf \ currentframe.swf.trace \ dangling-compare.as \ diff --git a/test/trace/crash-0.5.4-goto-in-constructor-5.swf b/test/trace/crash-0.5.4-goto-in-constructor-5.swf new file mode 100644 index 0000000..f8df511 Binary files /dev/null and b/test/trace/crash-0.5.4-goto-in-constructor-5.swf differ diff --git a/test/trace/crash-0.5.4-goto-in-constructor-5.swf.trace b/test/trace/crash-0.5.4-goto-in-constructor-5.swf.trace new file mode 100644 index 0000000..91256a9 --- /dev/null +++ b/test/trace/crash-0.5.4-goto-in-constructor-5.swf.trace @@ -0,0 +1,6 @@ +after attachMovie: +_level0.foo +_level0.foo.one +undefined +frame one: +_level0.foo.one diff --git a/test/trace/crash-0.5.4-goto-in-constructor-6.swf b/test/trace/crash-0.5.4-goto-in-constructor-6.swf new file mode 100644 index 0000000..68a9a14 Binary files /dev/null and b/test/trace/crash-0.5.4-goto-in-constructor-6.swf differ diff --git a/test/trace/crash-0.5.4-goto-in-constructor-6.swf.trace b/test/trace/crash-0.5.4-goto-in-constructor-6.swf.trace new file mode 100644 index 0000000..dc1337b --- /dev/null +++ b/test/trace/crash-0.5.4-goto-in-constructor-6.swf.trace @@ -0,0 +1,15 @@ +runnng constructor... +_level0.foo.one +undefined +...doing goto... +undefined +undefined +...done +after attachMovie: +_level0.foo +undefined +undefined +frame one: +undefined +frame two: +_level0.foo.two diff --git a/test/trace/crash-0.5.4-goto-in-constructor-7.swf b/test/trace/crash-0.5.4-goto-in-constructor-7.swf new file mode 100644 index 0000000..e689fbd Binary files /dev/null and b/test/trace/crash-0.5.4-goto-in-constructor-7.swf differ diff --git a/test/trace/crash-0.5.4-goto-in-constructor-7.swf.trace b/test/trace/crash-0.5.4-goto-in-constructor-7.swf.trace new file mode 100644 index 0000000..dc1337b --- /dev/null +++ b/test/trace/crash-0.5.4-goto-in-constructor-7.swf.trace @@ -0,0 +1,15 @@ +runnng constructor... +_level0.foo.one +undefined +...doing goto... +undefined +undefined +...done +after attachMovie: +_level0.foo +undefined +undefined +frame one: +undefined +frame two: +_level0.foo.two diff --git a/test/trace/crash-0.5.4-goto-in-constructor-8.swf b/test/trace/crash-0.5.4-goto-in-constructor-8.swf new file mode 100644 index 0000000..221d7d6 Binary files /dev/null and b/test/trace/crash-0.5.4-goto-in-constructor-8.swf differ diff --git a/test/trace/crash-0.5.4-goto-in-constructor-8.swf.trace b/test/trace/crash-0.5.4-goto-in-constructor-8.swf.trace new file mode 100644 index 0000000..dc1337b --- /dev/null +++ b/test/trace/crash-0.5.4-goto-in-constructor-8.swf.trace @@ -0,0 +1,15 @@ +runnng constructor... +_level0.foo.one +undefined +...doing goto... +undefined +undefined +...done +after attachMovie: +_level0.foo +undefined +undefined +frame one: +undefined +frame two: +_level0.foo.two diff --git a/test/trace/crash-0.5.4-goto-in-constructor.c b/test/trace/crash-0.5.4-goto-in-constructor.c new file mode 100644 index 0000000..59a5b0f --- /dev/null +++ b/test/trace/crash-0.5.4-goto-in-constructor.c @@ -0,0 +1,100 @@ +/* gcc -Wall `pkg-config --libs --cflags libming glib-2.0` crash-0.5.4-goto-in-constructor.c -o crash-0.5.4-goto-in-constructor && ./crash-0.5.4-goto-in-constructor + */ + +#include <ming.h> +#include <glib.h> +#include <stdio.h> + +static SWFMovieClip +create_clip (void) +{ + SWFMovieClip clip, child; + SWFDisplayItem item; + + child = newSWFMovieClip (); + SWFMovieClip_nextFrame (child); + + clip = newSWFMovieClip (); + item = SWFMovieClip_add (clip, (SWFBlock) child); + SWFDisplayItem_setName (item, "one"); + SWFMovieClip_add (clip, (SWFBlock) newSWFAction ( + "trace (\"frame one:\");" + "trace (one);" + )); + SWFMovieClip_nextFrame (clip); + + SWFMovieClip_remove (clip, item); + SWFMovieClip_nextFrame (clip); + + item = SWFMovieClip_add (clip, (SWFBlock) child); + SWFDisplayItem_setName (item, "two"); + SWFMovieClip_add (clip, (SWFBlock) newSWFAction ( + "trace (\"frame two:\");" + "trace (two);" + )); + SWFMovieClip_nextFrame (clip); + + return clip; +} + +static void +do_movie (int version) +{ + SWFMovieClip clip; + SWFMovie movie; + char *s; + + movie = newSWFMovieWithVersion (version); + SWFMovie_setRate (movie, 1); + SWFMovie_setDimension (movie, 200, 150); + + clip = create_clip (); + SWFMovie_addExport (movie, (SWFBlock) clip, "export"); + SWFMovie_writeExports (movie); + SWFMovie_add (movie, (SWFBlock) newSWFAction ( + "function Test () {" + " trace (\"runnng constructor...\");" + " trace (this.one);" + " trace (this.two);" + " trace (\"...doing goto...\");" + " this.gotoAndPlay (2);" + " trace (this.one);" + " trace (this.two);" + " trace (\"...done\");" + "};" + "asm {" + " push \"Test\"" + " getvariable" + " push \"MovieClip\"" + " getvariable" + " extends" + "};" + "Object.registerClass (\"export\", Test);" + "attachMovie (\"export\", \"foo\", 0);" + "trace (\"after attachMovie:\");" + "trace (foo);" + "trace (foo.one);" + "trace (foo.two);" + "loadMovie (\"fscommand:quit\", \"\");" + )); + SWFMovie_nextFrame (movie); + + s = g_strdup_printf ("crash-0.5.4-goto-in-constructor-%d.swf", version); + SWFMovie_save (movie, s); + g_free (s); +} + +int +main (int argc, char **argv) +{ + int i; + + if (Ming_init ()) + return 1; + + for (i = 8; i >= 5; i--) { + do_movie (i); + } + + return 0; +} commit 651e76301e4a1f0bf79c16a8cf2707670c41aeb6 Author: Benjamin Otte <otte at gnome.org> Date: Fri Nov 30 10:47:29 2007 +0100 initialize the movie before running the constructor (fixes #13447) In fact, running scripts on an uninitialized movie is not safe. diff --git a/libswfdec/swfdec_sprite_movie_as.c b/libswfdec/swfdec_sprite_movie_as.c index 9a0f045..baacfad 100644 --- a/libswfdec/swfdec_sprite_movie_as.c +++ b/libswfdec/swfdec_sprite_movie_as.c @@ -633,9 +633,11 @@ swfdec_sprite_movie_init_from_object (SwfdecMovie *movie, if (SWFDEC_IS_SPRITE_MOVIE (movie)) { swfdec_movie_queue_script (movie, SWFDEC_EVENT_INITIALIZE); swfdec_movie_queue_script (movie, SWFDEC_EVENT_LOAD); + swfdec_movie_initialize (movie); swfdec_movie_execute (movie, SWFDEC_EVENT_CONSTRUCT); + } else { + swfdec_movie_initialize (movie); } - swfdec_movie_initialize (movie); } SWFDEC_AS_NATIVE (900, 0, swfdec_sprite_movie_attachMovie)