[Swfdec] 3 commits - libswfdec/swfdec_bits.c
libswfdec/swfdec_font.c libswfdec/swfdec_movie.c
Benjamin Otte
company at kemper.freedesktop.org
Sun Apr 22 06:29:51 PDT 2007
libswfdec/swfdec_bits.c | 24 ++++++++++++++++++------
libswfdec/swfdec_font.c | 43 +++++++++++++++++++++++++++----------------
libswfdec/swfdec_movie.c | 4 ++++
3 files changed, 49 insertions(+), 22 deletions(-)
New commits:
diff-tree 26a33bf08b5d9feeb8047274b312cee2999824ff (from ea79f997727fcd34b23b206be84b95c7e2f6d152)
Author: Benjamin Otte <otte at gnome.org>
Date: Sun Apr 22 14:44:33 2007 +0200
make the font parsing loops exit on no more data
diff --git a/libswfdec/swfdec_font.c b/libswfdec/swfdec_font.c
index c0562b1..8b6d5f3 100644
--- a/libswfdec/swfdec_font.c
+++ b/libswfdec/swfdec_font.c
@@ -193,17 +193,14 @@ swfdec_font_parse_shape (SwfdecSwfDecode
shape->n_line_bits = swfdec_bits_getbits (&s->b, 4);
SWFDEC_LOG ("n_line_bits = %d", shape->n_line_bits);
+ swfdec_bits_init_bits (&s->b, &save_bits, size);
swfdec_shape_get_recs (s, shape, swfdec_pattern_parse, swfdec_stroke_parse);
swfdec_bits_syncbits (&s->b);
- if (swfdec_bits_skip_bytes (&save_bits, size) != size) {
- SWFDEC_ERROR ("invalid offset value, not enough bytes available");
- }
- if (swfdec_bits_left (&save_bits) != swfdec_bits_left (&s->b)) {
- SWFDEC_WARNING ("parsing shape did use %d bytes too much\n",
- (swfdec_bits_left (&save_bits) - swfdec_bits_left (&s->b)) / 8);
- /* we trust the offsets here */
- s->b = save_bits;
+ if (swfdec_bits_left (&s->b)) {
+ SWFDEC_WARNING ("parsing shape didn't use %d bytes",
+ swfdec_bits_left (&s->b) / 8);
}
+ s->b = save_bits;
}
int
@@ -232,7 +229,7 @@ tag_func_define_font (SwfdecSwfDecoder *
g_array_set_size (font->glyphs, n_glyphs);
offset = swfdec_bits_get_u16 (&offsets);
- for (i = 0; i < n_glyphs; i++) {
+ for (i = 0; i < n_glyphs && swfdec_bits_left (&s->b); i++) {
SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i);
if (i + 1 == n_glyphs)
next_offset = offset + swfdec_bits_left (&s->b) / 8;
@@ -241,6 +238,10 @@ tag_func_define_font (SwfdecSwfDecoder *
swfdec_font_parse_shape (s, entry, next_offset - offset);
offset = next_offset;
}
+ if (i < n_glyphs) {
+ SWFDEC_ERROR ("data was only enough for %u glyphs, not %u", i, n_glyphs);
+ g_array_set_size (font->glyphs, i);
+ }
return SWFDEC_STATUS_OK;
}
@@ -336,7 +337,7 @@ tag_func_define_font_2 (SwfdecSwfDecoder
g_array_set_size (font->glyphs, n_glyphs);
- for (i = 0; i < n_glyphs; i++) {
+ for (i = 0; i < n_glyphs && swfdec_bits_left (&s->b); i++) {
SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i);
shape = g_object_new (SWFDEC_TYPE_SHAPE, NULL);
entry->shape = shape;
@@ -344,13 +345,18 @@ tag_func_define_font_2 (SwfdecSwfDecoder
g_ptr_array_add (shape->fills, swfdec_pattern_new_color (0xFFFFFFFF));
g_ptr_array_add (shape->lines, swfdec_stroke_new (20, 0xFFFFFFFF));
- swfdec_bits_syncbits (&s->b);
shape->n_fill_bits = swfdec_bits_getbits (&s->b, 4);
SWFDEC_LOG ("n_fill_bits = %d", shape->n_fill_bits);
shape->n_line_bits = swfdec_bits_getbits (&s->b, 4);
SWFDEC_LOG ("n_line_bits = %d", shape->n_line_bits);
swfdec_shape_get_recs (s, shape, swfdec_pattern_parse, swfdec_stroke_parse);
+ swfdec_bits_syncbits (&s->b);
+ }
+ if (i < n_glyphs) {
+ SWFDEC_ERROR ("data was only enough for %u glyphs, not %u", i, n_glyphs);
+ g_array_set_size (font->glyphs, i);
+ n_glyphs = i;
}
if (wide_codes) {
swfdec_bits_skip_bytes (bits, 2 * n_glyphs);
@@ -363,7 +369,7 @@ tag_func_define_font_2 (SwfdecSwfDecoder
font_leading = swfdec_bits_get_s16 (bits);
//font_advance_table = swfdec_bits_get_s16(bits);
swfdec_bits_skip_bytes (bits, 2 * n_glyphs);
- for (i = 0; i < n_glyphs; i++) {
+ for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) {
swfdec_bits_get_rect (bits, &rect);
}
swfdec_font_parse_kerning_table (s, font, wide_codes);
@@ -434,7 +440,7 @@ tag_func_define_font_3 (SwfdecSwfDecoder
offset = swfdec_bits_get_u16 (&offsets);
}
g_array_set_size (font->glyphs, n_glyphs);
- for (i = 0; i < n_glyphs; i++) {
+ for (i = 0; i < n_glyphs && swfdec_bits_left (&s->b); i++) {
SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i);
if (wide_offsets)
next_offset = swfdec_bits_get_u32 (&offsets);
@@ -443,7 +449,12 @@ tag_func_define_font_3 (SwfdecSwfDecoder
swfdec_font_parse_shape (s, entry, next_offset - offset);
offset = next_offset;
}
- for (i = 0; i < n_glyphs; i++) {
+ if (i < n_glyphs) {
+ SWFDEC_ERROR ("data was only enough for %u glyphs, not %u", i, n_glyphs);
+ g_array_set_size (font->glyphs, i);
+ n_glyphs = i;
+ }
+ for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) {
SwfdecFontEntry *entry = &g_array_index (font->glyphs, SwfdecFontEntry, i);
if (wide_codes)
entry->value = swfdec_bits_get_u16 (bits);
@@ -456,10 +467,10 @@ tag_func_define_font_3 (SwfdecSwfDecoder
ascent = swfdec_bits_get_u16 (bits);
descent = swfdec_bits_get_u16 (bits);
leading = swfdec_bits_get_u16 (bits);
- for (i = 0; i < n_glyphs; i++) {
+ for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) {
/* guint advance = */ swfdec_bits_get_u16 (bits);
}
- for (i = 0; i < n_glyphs; i++) {
+ for (i = 0; i < n_glyphs && swfdec_bits_left (bits); i++) {
SwfdecRect rect;
swfdec_bits_get_rect (bits, &rect);
}
diff-tree ea79f997727fcd34b23b206be84b95c7e2f6d152 (from 375960447cf4f4286d6bab0e36656dfb6df89d30)
Author: Benjamin Otte <otte at gnome.org>
Date: Sun Apr 22 14:43:40 2007 +0200
handle removal of movies that aren't inited/constructed without crashing
diff --git a/libswfdec/swfdec_movie.c b/libswfdec/swfdec_movie.c
index 3317fb2..53b47c2 100644
--- a/libswfdec/swfdec_movie.c
+++ b/libswfdec/swfdec_movie.c
@@ -322,6 +322,10 @@ swfdec_movie_destroy (SwfdecMovie *movie
SWFDEC_LOG ("destroying movie %s", movie->name);
swfdec_movie_do_remove (movie, swfdec_movie_destroy);
swfdec_movie_set_content (movie, NULL);
+ /* FIXME: figure out how to handle destruction pre-init/construct.
+ * This is just a stop-gap measure to avoid dead movies in those queues */
+ g_queue_remove (player->init_queue, movie);
+ g_queue_remove (player->construct_queue, movie);
if (klass->finish_movie)
klass->finish_movie (movie);
swfdec_js_movie_remove_jsobject (movie);
diff-tree 375960447cf4f4286d6bab0e36656dfb6df89d30 (from ef2514da947a3aeb0d8210cba619fdd350281e94)
Author: Benjamin Otte <otte at gnome.org>
Date: Sun Apr 22 14:06:41 2007 +0200
break out of gradient loop when no more bits are available
diff --git a/libswfdec/swfdec_bits.c b/libswfdec/swfdec_bits.c
index 0f7e4c9..7077cdc 100644
--- a/libswfdec/swfdec_bits.c
+++ b/libswfdec/swfdec_bits.c
@@ -585,11 +585,15 @@ swfdec_bits_get_gradient (SwfdecBits * b
n_gradients = swfdec_bits_get_u8 (bits);
grad = g_malloc (sizeof (SwfdecGradient) +
sizeof (SwfdecGradientEntry) * (n_gradients - 1));
- grad->n_gradients = n_gradients;
- for (i = 0; i < n_gradients; i++) {
+ for (i = 0; i < n_gradients && swfdec_bits_left (bits); i++) {
grad->array[i].ratio = swfdec_bits_get_u8 (bits);
grad->array[i].color = swfdec_bits_get_color (bits);
}
+ if (i < n_gradients) {
+ SWFDEC_ERROR ("not enough data for %u gradients, could only read %u",
+ n_gradients, i);
+ }
+ grad->n_gradients = i;
return grad;
}
@@ -602,11 +606,15 @@ swfdec_bits_get_gradient_rgba (SwfdecBit
n_gradients = swfdec_bits_get_u8 (bits);
grad = g_malloc (sizeof (SwfdecGradient) +
sizeof (SwfdecGradientEntry) * (n_gradients - 1));
- grad->n_gradients = n_gradients;
- for (i = 0; i < n_gradients; i++) {
+ for (i = 0; i < n_gradients && swfdec_bits_left (bits); i++) {
grad->array[i].ratio = swfdec_bits_get_u8 (bits);
grad->array[i].color = swfdec_bits_get_rgba (bits);
}
+ if (i < n_gradients) {
+ SWFDEC_ERROR ("not enough data for %u gradients, could only read %u",
+ n_gradients, i);
+ }
+ grad->n_gradients = i;
return grad;
}
@@ -620,11 +628,15 @@ swfdec_bits_get_morph_gradient (SwfdecBi
n_gradients *= 2;
grad = g_malloc (sizeof (SwfdecGradient) +
sizeof (SwfdecGradientEntry) * (n_gradients - 1));
- grad->n_gradients = n_gradients;
- for (i = 0; i < n_gradients; i++) {
+ for (i = 0; i < n_gradients && swfdec_bits_left (bits); i++) {
grad->array[i].ratio = swfdec_bits_get_u8 (bits);
grad->array[i].color = swfdec_bits_get_rgba (bits);
}
+ if (i < n_gradients) {
+ SWFDEC_ERROR ("not enough data for %u gradients, could only read %u",
+ n_gradients, i);
+ }
+ grad->n_gradients = i;
return grad;
}
More information about the Swfdec
mailing list