[Swfdec-commits] 10 commits - NEWS swfdec/swfdec_load_object.c test/trace
Benjamin Otte
company at kemper.freedesktop.org
Wed Apr 9 02:00:55 PDT 2008
NEWS | 7 +++++++
swfdec/swfdec_load_object.c | 11 ++++++++---
test/trace/Makefile.am | 9 +++++++++
test/trace/sec-0.6.2-local-access-5.swf |binary
test/trace/sec-0.6.2-local-access-5.swf.trace | 2 ++
test/trace/sec-0.6.2-local-access-6.swf |binary
test/trace/sec-0.6.2-local-access-6.swf.trace | 2 ++
test/trace/sec-0.6.2-local-access-7.swf |binary
test/trace/sec-0.6.2-local-access-7.swf.trace | 2 ++
test/trace/sec-0.6.2-local-access-8.swf |binary
test/trace/sec-0.6.2-local-access-8.swf.trace | 2 ++
test/trace/sec-0.6.2-local-access.as | 15 +++++++++++++++
12 files changed, 47 insertions(+), 3 deletions(-)
New commits:
commit a2fd5c4e167742a0760627e74dcd327214217e02
Merge: 68d862a... 782d17b...
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Apr 9 11:00:48 2008 +0200
Merge branch 'master' of ssh://company@git.freedesktop.org/git/swfdec/swfdec
commit 68d862a36c0029481e441a646782585d5b93cf49
Merge: 1c791ef... 0fabf57...
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Apr 9 11:00:28 2008 +0200
Merge branch '0.6'
Conflicts:
configure.ac
swfdec/swfdec_text_field_movie.c
test/trace/Makefile.am
diff --cc test/trace/Makefile.am
index 7091f46,c58f524..29997c0
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@@ -2643,24 -2585,15 +2643,33 @@@ EXTRA_DIST =
scope-chain-with-and-scope-chain-7.swf.trace \
scope-chain-with-and-scope-chain-8.swf \
scope-chain-with-and-scope-chain-8.swf.trace \
+ sec-0.6.2-local-access-5.swf \
+ sec-0.6.2-local-access-5.swf.trace \
+ sec-0.6.2-local-access-6.swf \
+ sec-0.6.2-local-access-6.swf.trace \
+ sec-0.6.2-local-access-7.swf \
+ sec-0.6.2-local-access-7.swf.trace \
+ sec-0.6.2-local-access-8.swf \
+ sec-0.6.2-local-access-8.swf.trace \
+ sec-0.6.2-local-access.as \
+ selection-focus-5.swf \
+ selection-focus-5.swf.trace \
+ selection-focus-6.swf \
+ selection-focus-6.swf.trace \
+ selection-focus-7.swf \
+ selection-focus-7.swf.trace \
+ selection-focus-8.swf \
+ selection-focus-8.swf.trace \
+ selection-focus.as \
+ selection-focus-events-5.swf \
+ selection-focus-events-5.swf.trace \
+ selection-focus-events-6.swf \
+ selection-focus-events-6.swf.trace \
+ selection-focus-events-7.swf \
+ selection-focus-events-7.swf.trace \
+ selection-focus-events-8.swf \
+ selection-focus-events-8.swf.trace \
+ selection-focus-events.as \
selection-properties.as \
selection-properties-5.swf \
selection-properties-5.swf.trace \
commit 0fabf5764eddd065c4909d5b4900ef7abf13d8b4
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Apr 9 10:29:51 2008 +0200
back to development
diff --git a/configure.ac b/configure.ac
index 671aa96..9c3f9a5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
AC_PREREQ([2.58])
-AC_INIT(swfdec,0.6.4)
+AC_INIT(swfdec,0.6.5)
[is_dev=$(echo $PACKAGE_VERSION | sed 's/[0-9]\.[0-9][0-9]*\.[0-9]*[13579]/1/')]
if test x"$is_dev" = x1 ; then
commit f20324c575415b5c32474d3af206ef571fe04bd0
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Apr 9 10:26:03 2008 +0200
release 0.6.4
diff --git a/configure.ac b/configure.ac
index 8b5bbc6..671aa96 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
AC_PREREQ([2.58])
-AC_INIT(swfdec,0.6.3)
+AC_INIT(swfdec,0.6.4)
[is_dev=$(echo $PACKAGE_VERSION | sed 's/[0-9]\.[0-9][0-9]*\.[0-9]*[13579]/1/')]
if test x"$is_dev" = x1 ; then
commit af392a99916dfe57c2b8802659f53c74695565b3
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Apr 9 10:18:12 2008 +0200
update to 0.6.4
diff --git a/NEWS b/NEWS
index af1a959..1594444 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,11 @@
+ 0.6.4 ("College Humor")
+
+This is a security release. Please update as soon as possible.
+- fix a security problem that allowed remote Flash files to read local files.
+- fix a rare crash in TextField.replaceText
+- fix a rare crash during cleanup
+
0.6.2 ("Badger Badger Badger")
This is the first bugfix release in the stable release series. It contains
commit 1587e308d4d470e837347b0cff3312b79964908b
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Apr 9 10:01:48 2008 +0200
add test for the latest fix
diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index 3bffb1c..c58f524 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -2585,6 +2585,15 @@ EXTRA_DIST = \
scope-chain-with-and-scope-chain-7.swf.trace \
scope-chain-with-and-scope-chain-8.swf \
scope-chain-with-and-scope-chain-8.swf.trace \
+ sec-0.6.2-local-access-5.swf \
+ sec-0.6.2-local-access-5.swf.trace \
+ sec-0.6.2-local-access-6.swf \
+ sec-0.6.2-local-access-6.swf.trace \
+ sec-0.6.2-local-access-7.swf \
+ sec-0.6.2-local-access-7.swf.trace \
+ sec-0.6.2-local-access-8.swf \
+ sec-0.6.2-local-access-8.swf.trace \
+ sec-0.6.2-local-access.as \
selection-properties.as \
selection-properties-5.swf \
selection-properties-5.swf.trace \
diff --git a/test/trace/sec-0.6.2-local-access-5.swf b/test/trace/sec-0.6.2-local-access-5.swf
new file mode 100644
index 0000000..a7b2280
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-5.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-5.swf.trace b/test/trace/sec-0.6.2-local-access-5.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-5.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access-6.swf b/test/trace/sec-0.6.2-local-access-6.swf
new file mode 100644
index 0000000..1460177
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-6.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-6.swf.trace b/test/trace/sec-0.6.2-local-access-6.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-6.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access-7.swf b/test/trace/sec-0.6.2-local-access-7.swf
new file mode 100644
index 0000000..01cb6e9
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-7.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-7.swf.trace b/test/trace/sec-0.6.2-local-access-7.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-7.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access-8.swf b/test/trace/sec-0.6.2-local-access-8.swf
new file mode 100644
index 0000000..840e840
Binary files /dev/null and b/test/trace/sec-0.6.2-local-access-8.swf differ
diff --git a/test/trace/sec-0.6.2-local-access-8.swf.trace b/test/trace/sec-0.6.2-local-access-8.swf.trace
new file mode 100644
index 0000000..d4f80bf
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access-8.swf.trace
@@ -0,0 +1,2 @@
+undefined
+undefined
diff --git a/test/trace/sec-0.6.2-local-access.as b/test/trace/sec-0.6.2-local-access.as
new file mode 100644
index 0000000..3614371
--- /dev/null
+++ b/test/trace/sec-0.6.2-local-access.as
@@ -0,0 +1,15 @@
+// makeswf -v 7 -s 200x150 -r 1 -o sec-0.6.2-local-access.swf sec-0.6.2-local-access.as
+
+x = new XML ();
+x.onData = function (data) {
+ trace (data);
+ getURL ("fscommand:quit", "");
+};
+x.load ("sec-0.6.2-local-access-7.swf.trace");
+
+y = new XML ();
+y.onData = function (data) {
+ trace (data);
+ getURL ("fscommand:quit", "");
+};
+y.load (_url + ".trace");
commit 326ee4ff631ecc11605f1251e1923a94561a3823
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Apr 9 09:52:26 2008 +0200
disallow access to local files from disallowed sandboxes
The previous code allowed files loaded from remote locations access to local
files.
diff --git a/swfdec/swfdec_load_object.c b/swfdec/swfdec_load_object.c
index d7bc0ce..8be8acc 100644
--- a/swfdec/swfdec_load_object.c
+++ b/swfdec/swfdec_load_object.c
@@ -162,6 +162,11 @@ swfdec_load_object_load (SwfdecPlayer *player, gboolean allow, gpointer obj)
SWFDEC_WARNING ("SECURITY: no access to %s from %s",
load->url, swfdec_url_get_url (load->sandbox->url));
+ /* call finish */
+ swfdec_sandbox_use (load->sandbox);
+ load->finish (load->target, NULL);
+ swfdec_sandbox_unuse (load->sandbox);
+
/* unroot */
swfdec_player_unroot (player, load);
return;
@@ -182,10 +187,10 @@ swfdec_load_object_request (gpointer objectp, gpointer playerp)
SwfdecURL *url;
if (swfdec_url_path_is_relative (load->url)) {
- swfdec_load_object_load (player, TRUE, load);
+ swfdec_load_object_load (player,
+ load->sandbox->type != SWFDEC_SANDBOX_LOCAL_NETWORK, load);
return;
}
- /* FIXME: or is this relative to the player? */
url = swfdec_player_create_url (player, load->url);
if (url == NULL) {
swfdec_load_object_load (player, FALSE, load);
@@ -196,7 +201,7 @@ swfdec_load_object_request (gpointer objectp, gpointer playerp)
case SWFDEC_SANDBOX_LOCAL_NETWORK:
case SWFDEC_SANDBOX_LOCAL_TRUSTED:
if (swfdec_url_is_local (url)) {
- swfdec_load_object_load (player, swfdec_url_is_local (url), load);
+ swfdec_load_object_load (player, load->sandbox->type == SWFDEC_SANDBOX_LOCAL_TRUSTED, load);
} else {
SwfdecURL *load_url = swfdec_url_new_components (
swfdec_url_get_protocol (url), swfdec_url_get_host (url),
commit 88a0271611513c39e6a789630e0d264267b6e027
Author: Benjamin Otte <otte at gnome.org>
Date: Fri Apr 4 18:04:59 2008 +0200
compute right offset for inserting text in replaceText
diff --git a/swfdec/swfdec_text_field_movie.c b/swfdec/swfdec_text_field_movie.c
index 87f01a7..36e5e4b 100644
--- a/swfdec/swfdec_text_field_movie.c
+++ b/swfdec/swfdec_text_field_movie.c
@@ -1538,8 +1538,10 @@ swfdec_text_field_movie_replace_text (SwfdecTextFieldMovie *text,
continue;
}
/* adapt indexes: remove deleted part, add to-be inserted text */
- if (findex->index_ > start_index) {
+ if (findex->index_ > end_index) {
findex->index_ = findex->index_ + start_index - end_index + len;
+ } else if (findex->index_ >= start_index) {
+ findex->index_ = findex->index_ + start_index - end_index;
}
}
commit 0ffaee2c88d9d6c52c8f087b2abca0c35e48da26
Author: Benjamin Otte <otte at gnome.org>
Date: Fri Apr 4 10:58:47 2008 +0200
add test for just-fixed crasher
diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index 86add78..3bffb1c 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -727,6 +727,15 @@ EXTRA_DIST = \
crash-0.6.2-replaceText-8.swf \
crash-0.6.2-replaceText-8.swf.trace \
crash-0.6.2-replaceText.as \
+ crash-0.6.2-try-and-exception-on-dispose-5.swf \
+ crash-0.6.2-try-and-exception-on-dispose-5.swf.trace \
+ crash-0.6.2-try-and-exception-on-dispose-6.swf \
+ crash-0.6.2-try-and-exception-on-dispose-6.swf.trace \
+ crash-0.6.2-try-and-exception-on-dispose-7.swf \
+ crash-0.6.2-try-and-exception-on-dispose-7.swf.trace \
+ crash-0.6.2-try-and-exception-on-dispose-8.swf \
+ crash-0.6.2-try-and-exception-on-dispose-8.swf.trace \
+ crash-0.6.2-try-and-exception-on-dispose.as \
currentframe.swf \
currentframe.swf.trace \
dangling-compare.as \
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-5.swf b/test/trace/crash-0.6.2-try-and-exception-on-dispose-5.swf
new file mode 100644
index 0000000..e98c9fe
Binary files /dev/null and b/test/trace/crash-0.6.2-try-and-exception-on-dispose-5.swf differ
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-5.swf.trace b/test/trace/crash-0.6.2-try-and-exception-on-dispose-5.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-6.swf b/test/trace/crash-0.6.2-try-and-exception-on-dispose-6.swf
new file mode 100644
index 0000000..ba6bd21
Binary files /dev/null and b/test/trace/crash-0.6.2-try-and-exception-on-dispose-6.swf differ
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-6.swf.trace b/test/trace/crash-0.6.2-try-and-exception-on-dispose-6.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-7.swf b/test/trace/crash-0.6.2-try-and-exception-on-dispose-7.swf
new file mode 100644
index 0000000..788a1f5
Binary files /dev/null and b/test/trace/crash-0.6.2-try-and-exception-on-dispose-7.swf differ
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-7.swf.trace b/test/trace/crash-0.6.2-try-and-exception-on-dispose-7.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-8.swf b/test/trace/crash-0.6.2-try-and-exception-on-dispose-8.swf
new file mode 100644
index 0000000..8695f70
Binary files /dev/null and b/test/trace/crash-0.6.2-try-and-exception-on-dispose-8.swf differ
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose-8.swf.trace b/test/trace/crash-0.6.2-try-and-exception-on-dispose-8.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/crash-0.6.2-try-and-exception-on-dispose.as b/test/trace/crash-0.6.2-try-and-exception-on-dispose.as
new file mode 100644
index 0000000..42f4083
--- /dev/null
+++ b/test/trace/crash-0.6.2-try-and-exception-on-dispose.as
@@ -0,0 +1,14 @@
+// makeswf -v 7 -s 200x150 -r 1 -o crash-0.6.2-try-and-exception-on-dispose.swf crash-0.6.2-try-and-exception-on-dispose.as
+
+getURL ("fscommand:quit", "");
+
+function boom () {
+ try {
+ return;
+ trace ("hi");
+ } catch (e) {
+ };
+};
+
+boom ();
+throw ("hi");
commit 2cacb713e04a39253b87d2512247e402a5f49bc8
Author: Benjamin Otte <otte at gnome.org>
Date: Fri Apr 4 10:56:16 2008 +0200
fix SEGV when collecting frames that are in a try block
... while the context is in an exception state
diff --git a/swfdec/swfdec_as_context.c b/swfdec/swfdec_as_context.c
index c75f15a..f2b4d09 100644
--- a/swfdec/swfdec_as_context.c
+++ b/swfdec/swfdec_as_context.c
@@ -519,6 +519,9 @@ swfdec_as_context_dispose (GObject *object)
while (context->stack)
swfdec_as_stack_pop_segment (context);
+ /* We need to make sure there's no exception here. Otherwise collecting
+ * frames that are inside a try block will assert */
+ swfdec_as_context_catch (context, NULL);
swfdec_as_context_collect (context);
if (context->memory != 0) {
g_critical ("%zu bytes of memory left over\n", context->memory);
More information about the Swfdec-commits
mailing list