[Swfdec-commits] Branch '0.6' - 4 commits - swfdec/swfdec_as_date.c swfdec/swfdec_as_object.c test/trace

Wed Jul 16 07:46:11 PDT 2008

swfdec/swfdec_as_date.c                                |   22 +++++++----------
 swfdec/swfdec_as_object.c                              |    1 
 test/trace/Makefile.am                                 |   18 +++++++++++++
 test/trace/crash-0.6.6-date-5.swf                      |binary
 test/trace/crash-0.6.6-date-5.swf.trace                |    1 
 test/trace/crash-0.6.6-date-6.swf                      |binary
 test/trace/crash-0.6.6-date-6.swf.trace                |    1 
 test/trace/crash-0.6.6-date-7.swf                      |binary
 test/trace/crash-0.6.6-date-7.swf.trace                |    1 
 test/trace/crash-0.6.6-date-8.swf                      |binary
 test/trace/crash-0.6.6-date-8.swf.trace                |    1 
 test/trace/crash-0.6.6-date.as                         |    6 ++++
 test/trace/crash-0.6.6-prototype-recursion-5.swf       |binary
 test/trace/crash-0.6.6-prototype-recursion-5.swf.trace |    1 
 test/trace/crash-0.6.6-prototype-recursion-6.swf       |binary
 test/trace/crash-0.6.6-prototype-recursion-6.swf.trace |    1 
 test/trace/crash-0.6.6-prototype-recursion-7.swf       |binary
 test/trace/crash-0.6.6-prototype-recursion-7.swf.trace |    1 
 test/trace/crash-0.6.6-prototype-recursion-8.swf       |binary
 test/trace/crash-0.6.6-prototype-recursion-8.swf.trace |    1 
 test/trace/crash-0.6.6-prototype-recursion.as          |   11 ++++++++
 21 files changed, 54 insertions(+), 12 deletions(-)

New commits:
commit 2aff5f0f408c05017927b6ad01c75a3c31f39a4b
Author: Benjamin Otte <otte at gnome.org>
Date:   Wed Jul 16 16:43:04 2008 +0200

    Add a test for the Date crash that was just fixed
    
    Conflicts:
    
    	test/trace/Makefile.am

diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index c0eaa29..f8c6703 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -736,6 +736,15 @@ EXTRA_DIST = \
 	crash-0.6.2-try-and-exception-on-dispose-8.swf \
 	crash-0.6.2-try-and-exception-on-dispose-8.swf.trace \
 	crash-0.6.2-try-and-exception-on-dispose.as \
+	crash-0.6.6-date-5.swf \
+	crash-0.6.6-date-5.swf.trace \
+	crash-0.6.6-date-6.swf \
+	crash-0.6.6-date-6.swf.trace \
+	crash-0.6.6-date-7.swf \
+	crash-0.6.6-date-7.swf.trace \
+	crash-0.6.6-date-8.swf \
+	crash-0.6.6-date-8.swf.trace \
+	crash-0.6.6-date.as \
 	crash-0.6.6-prototype-recursion-5.swf \
 	crash-0.6.6-prototype-recursion-5.swf.trace \
 	crash-0.6.6-prototype-recursion-6.swf \
diff --git a/test/trace/crash-0.6.6-date-5.swf b/test/trace/crash-0.6.6-date-5.swf
new file mode 100644
index 0000000..eebd1be
Binary files /dev/null and b/test/trace/crash-0.6.6-date-5.swf differ
diff --git a/test/trace/crash-0.6.6-date-5.swf.trace b/test/trace/crash-0.6.6-date-5.swf.trace
new file mode 100644
index 0000000..af368af
--- /dev/null
+++ b/test/trace/crash-0.6.6-date-5.swf.trace
@@ -0,0 +1 @@
+584
diff --git a/test/trace/crash-0.6.6-date-6.swf b/test/trace/crash-0.6.6-date-6.swf
new file mode 100644
index 0000000..7f4d70c
Binary files /dev/null and b/test/trace/crash-0.6.6-date-6.swf differ
diff --git a/test/trace/crash-0.6.6-date-6.swf.trace b/test/trace/crash-0.6.6-date-6.swf.trace
new file mode 100644
index 0000000..af368af
--- /dev/null
+++ b/test/trace/crash-0.6.6-date-6.swf.trace
@@ -0,0 +1 @@
+584
diff --git a/test/trace/crash-0.6.6-date-7.swf b/test/trace/crash-0.6.6-date-7.swf
new file mode 100644
index 0000000..d9946b6
Binary files /dev/null and b/test/trace/crash-0.6.6-date-7.swf differ
diff --git a/test/trace/crash-0.6.6-date-7.swf.trace b/test/trace/crash-0.6.6-date-7.swf.trace
new file mode 100644
index 0000000..af368af
--- /dev/null
+++ b/test/trace/crash-0.6.6-date-7.swf.trace
@@ -0,0 +1 @@
+584
diff --git a/test/trace/crash-0.6.6-date-8.swf b/test/trace/crash-0.6.6-date-8.swf
new file mode 100644
index 0000000..9e0d206
Binary files /dev/null and b/test/trace/crash-0.6.6-date-8.swf differ
diff --git a/test/trace/crash-0.6.6-date-8.swf.trace b/test/trace/crash-0.6.6-date-8.swf.trace
new file mode 100644
index 0000000..af368af
--- /dev/null
+++ b/test/trace/crash-0.6.6-date-8.swf.trace
@@ -0,0 +1 @@
+584
diff --git a/test/trace/crash-0.6.6-date.as b/test/trace/crash-0.6.6-date.as
new file mode 100644
index 0000000..62ab742
--- /dev/null
+++ b/test/trace/crash-0.6.6-date.as
@@ -0,0 +1,6 @@
+// makeswf -v 7 -s 100x150 -r 15 -o crash-0.6.6-date-7.swf crash-0.6.6-date.as
+
+var d = new Date(3.0935415006117e+23);
+trace (d.getUTCMilliseconds());
+
+getURL ("fscommand:quit", "");
commit 06c6d025800cada45b4f42410ce2b6b1364770b5
Author: Pekka Lampila <pekka.lampila at iki.fi>
Date:   Fri Jul 4 00:04:02 2008 +0300

    Fix a crash when handling certain really big dates

diff --git a/swfdec/swfdec_as_date.c b/swfdec/swfdec_as_date.c
index 14f1cd9..88bf688 100644
--- a/swfdec/swfdec_as_date.c
+++ b/swfdec/swfdec_as_date.c
@@ -103,28 +103,26 @@ swfdec_as_date_days_in_year (int year)
 #define IS_LEAP(year) (swfdec_as_date_days_in_year ((year)) == 366)
 
 static double
-swfdec_as_date_days_since_utc_for_year (int year)
+swfdec_as_date_days_since_utc_for_year (double year)
 {
-  double year_big = year;
-
-  return (
-      365 * (year_big - 1970) +
-      floor (((year_big - 1969) / 4.0f)) -
-      floor (((year_big - 1901) / 100.0f)) +
-      floor (((year_big - 1601) / 400.0f))
+  return floor (
+      365 * (year - 1970) +
+      floor (((year - 1969) / 4.0f)) -
+      floor (((year - 1901) / 100.0f)) +
+      floor (((year - 1601) / 400.0f))
     );
 }
 
-static int
+static double
 swfdec_as_date_days_from_utc_to_year (double days)
 {
-  int low, high, pivot;
+  double low, high, pivot;
 
   low = floor ((days >= 0 ? days / 366.0 : days / 365.0)) + 1970;
   high = ceil ((days >= 0 ? days / 365.0 : days / 366.0)) + 1970;
 
   while (low < high) {
-    pivot = ((double)low + (double)high) / 2.0;
+    pivot = floor ((low + high) / 2.0);
 
     if (swfdec_as_date_days_since_utc_for_year (pivot) <= days) {
       if (swfdec_as_date_days_since_utc_for_year (pivot + 1) > days) {
@@ -145,7 +143,7 @@ swfdec_as_date_milliseconds_to_brokentime (double milliseconds,
     BrokenTime *brokentime)
 {
   double remaining;
-  int year;
+  double year;
 
   g_assert (brokentime != NULL);
 
commit d7cbb6186304848a5bf1ee7de31bb425deb11b12
Author: Benjamin Otte <otte at gnome.org>
Date:   Wed Jul 16 16:41:59 2008 +0200

    Add a test for the crash fix in last commit (prototype recursion limit)
    
    Conflicts:
    
    	test/trace/Makefile.am

diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index 5cdb5e0..c0eaa29 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -736,6 +736,15 @@ EXTRA_DIST = \
 	crash-0.6.2-try-and-exception-on-dispose-8.swf \
 	crash-0.6.2-try-and-exception-on-dispose-8.swf.trace \
 	crash-0.6.2-try-and-exception-on-dispose.as \
+	crash-0.6.6-prototype-recursion-5.swf \
+	crash-0.6.6-prototype-recursion-5.swf.trace \
+	crash-0.6.6-prototype-recursion-6.swf \
+	crash-0.6.6-prototype-recursion-6.swf.trace \
+	crash-0.6.6-prototype-recursion-7.swf \
+	crash-0.6.6-prototype-recursion-7.swf.trace \
+	crash-0.6.6-prototype-recursion-8.swf \
+	crash-0.6.6-prototype-recursion-8.swf.trace \
+	crash-0.6.6-prototype-recursion.as \
 	crash-0.6.6-variable-leak-5.swf \
 	crash-0.6.6-variable-leak-5.swf.trace \
 	crash-0.6.6-variable-leak-6.swf \
diff --git a/test/trace/crash-0.6.6-prototype-recursion-5.swf b/test/trace/crash-0.6.6-prototype-recursion-5.swf
new file mode 100644
index 0000000..0fc68ff
Binary files /dev/null and b/test/trace/crash-0.6.6-prototype-recursion-5.swf differ
diff --git a/test/trace/crash-0.6.6-prototype-recursion-5.swf.trace b/test/trace/crash-0.6.6-prototype-recursion-5.swf.trace
new file mode 100644
index 0000000..e530efe
--- /dev/null
+++ b/test/trace/crash-0.6.6-prototype-recursion-5.swf.trace
@@ -0,0 +1 @@
+Crash in certain case when prototype recursion limit is exceeded
diff --git a/test/trace/crash-0.6.6-prototype-recursion-6.swf b/test/trace/crash-0.6.6-prototype-recursion-6.swf
new file mode 100644
index 0000000..37c1609
Binary files /dev/null and b/test/trace/crash-0.6.6-prototype-recursion-6.swf differ
diff --git a/test/trace/crash-0.6.6-prototype-recursion-6.swf.trace b/test/trace/crash-0.6.6-prototype-recursion-6.swf.trace
new file mode 100644
index 0000000..e530efe
--- /dev/null
+++ b/test/trace/crash-0.6.6-prototype-recursion-6.swf.trace
@@ -0,0 +1 @@
+Crash in certain case when prototype recursion limit is exceeded
diff --git a/test/trace/crash-0.6.6-prototype-recursion-7.swf b/test/trace/crash-0.6.6-prototype-recursion-7.swf
new file mode 100644
index 0000000..a888b25
Binary files /dev/null and b/test/trace/crash-0.6.6-prototype-recursion-7.swf differ
diff --git a/test/trace/crash-0.6.6-prototype-recursion-7.swf.trace b/test/trace/crash-0.6.6-prototype-recursion-7.swf.trace
new file mode 100644
index 0000000..e530efe
--- /dev/null
+++ b/test/trace/crash-0.6.6-prototype-recursion-7.swf.trace
@@ -0,0 +1 @@
+Crash in certain case when prototype recursion limit is exceeded
diff --git a/test/trace/crash-0.6.6-prototype-recursion-8.swf b/test/trace/crash-0.6.6-prototype-recursion-8.swf
new file mode 100644
index 0000000..4649818
Binary files /dev/null and b/test/trace/crash-0.6.6-prototype-recursion-8.swf differ
diff --git a/test/trace/crash-0.6.6-prototype-recursion-8.swf.trace b/test/trace/crash-0.6.6-prototype-recursion-8.swf.trace
new file mode 100644
index 0000000..e530efe
--- /dev/null
+++ b/test/trace/crash-0.6.6-prototype-recursion-8.swf.trace
@@ -0,0 +1 @@
+Crash in certain case when prototype recursion limit is exceeded
diff --git a/test/trace/crash-0.6.6-prototype-recursion.as b/test/trace/crash-0.6.6-prototype-recursion.as
new file mode 100644
index 0000000..3147e4e
--- /dev/null
+++ b/test/trace/crash-0.6.6-prototype-recursion.as
@@ -0,0 +1,11 @@
+// makeswf -v 7 -r 15 -o crash-0.6.6-prototype-recursion.swf crash-0.6.6-prototype-recursion.as
+
+trace ("Crash in certain case when prototype recursion limit is exceeded");
+
+function get () { return "hello"; };
+function set () { };
+
+var a = {};
+a.__proto__.__proto__ = {};
+a.__proto__.__proto__.addProperty ("test", get, set);
+a.test = "hello2";
commit 2c8cc8341b1e37483ed1e799c23a29ae0f179095
Author: Pekka Lampila <pekka.lampila at iki.fi>
Date:   Wed Jul 9 13:05:50 2008 +0300

    Fix setting value when getting a variable and prototype recursion limit is hit
    
    This could cause a crash

diff --git a/swfdec/swfdec_as_object.c b/swfdec/swfdec_as_object.c
index e574c1a..a16c13b 100644
--- a/swfdec/swfdec_as_object.c
+++ b/swfdec/swfdec_as_object.c
@@ -958,6 +958,7 @@ swfdec_as_object_get_variable_and_flags (SwfdecAsObject *object,
   }
   if (i > SWFDEC_AS_OBJECT_PROTOTYPE_RECURSION_LIMIT) {
     swfdec_as_context_abort (object->context, "Prototype recursion limit exceeded");
+    SWFDEC_AS_VALUE_SET_UNDEFINED (value);
     *flags = 0;
     *pobject = NULL;
     return FALSE;
