[Swfdec] libswfdec/swfdec_swf_decoder.c

[Benjamin Otte]

 libswfdec/swfdec_swf_decoder.c |   12 +++++++++---
 1 files changed, 9 insertions(+), 3 deletions(-)

New commits:
diff-tree 3a1839889ef8a1d068b0ed6db343b41fb872c51e (from 26a33bf08b5d9feeb8047274b312cee2999824ff)
Author: Benjamin Otte <otte at gnome.org>
Date:   Sun Apr 22 15:55:43 2007 +0200

    fail nicely if decompressed size is too big

diff --git a/libswfdec/swfdec_swf_decoder.c b/libswfdec/swfdec_swf_decoder.c
index ac39d6c..6c13e70 100644
--- a/libswfdec/swfdec_swf_decoder.c
+++ b/libswfdec/swfdec_swf_decoder.c
@@ -114,23 +114,28 @@ swfdec_swf_decoder_deflate_all (SwfdecSw
   return TRUE;
 }
 
-static void
+static gboolean
 swf_inflate_init (SwfdecSwfDecoder * s)
 {
   SwfdecDecoder *dec = SWFDEC_DECODER (s);
   z_stream *z;
   int ret;
+  guint8 *data;
 
+  data = g_try_malloc (dec->bytes_total - 8);
+  if (data == NULL)
+    return FALSE;
+  s->uncompressed_buffer = swfdec_buffer_new_for_data (data, dec->bytes_total - 8);
   z = &s->z;
   z->zalloc = zalloc;
   z->zfree = zfree;
   ret = inflateInit (z);
   SWFDEC_DEBUG ("inflateInit returned %d", ret);
 
-  s->uncompressed_buffer = swfdec_buffer_new_and_alloc (dec->bytes_total - 8);
   z->next_out = s->uncompressed_buffer->data;
   z->avail_out = s->uncompressed_buffer->length;
   z->opaque = NULL;
+  return TRUE;
 }
 
 static int
@@ -168,7 +173,8 @@ swf_parse_header1 (SwfdecSwfDecoder * s)
   s->compressed = (sig1 == 'C');
   if (s->compressed) {
     SWFDEC_DEBUG ("compressed");
-    swf_inflate_init (s);
+    if (!swf_inflate_init (s))
+      return SWFDEC_STATUS_ERROR;
   } else {
     SWFDEC_DEBUG ("not compressed");
   }