[Swfdec-commits] 2 commits - swfdec/jpeg test/trace

[Benjamin Otte]

 swfdec/jpeg/jpeg.c               |   11 +++++++++++
 test/trace/Makefile.am           |    9 +++++++++
 test/trace/oversized-image-5.swf |binary
 test/trace/oversized-image-6.swf |binary
 test/trace/oversized-image-7.swf |binary
 test/trace/oversized-image-8.swf |binary
 test/trace/oversized-image.as    |   14 ++++++++++++++
 7 files changed, 34 insertions(+)

New commits:
commit e28f990d51673c14c0afa2f91b259dbcb25fd54b
Author: Riccardo Magliocchetti <riccardo at datahost.it>
Date:   Sun Sep 7 18:22:21 2008 +0200

    add test for recent fix

diff --git a/test/trace/Makefile.am b/test/trace/Makefile.am
index 1f88296..61c1119 100644
--- a/test/trace/Makefile.am
+++ b/test/trace/Makefile.am
@@ -2559,6 +2559,15 @@ EXTRA_DIST = \
 	onUnload-prototype-8.swf.trace \
 	order.swf \
 	order.swf.trace \
+	oversized-image-5.swf \
+	oversized-image-5.swf.trace \
+	oversized-image-6.swf \
+	oversized-image-6.swf.trace \
+	oversized-image-7.swf \
+	oversized-image-7.swf.trace \
+	oversized-image-8.swf \
+	oversized-image-8.swf.trace \
+	oversized-image.as \
 	parent-root.swf \
 	parent-root.swf.trace \
 	parse-float.as \
diff --git a/test/trace/oversized-image-5.swf b/test/trace/oversized-image-5.swf
new file mode 100644
index 0000000..10496be
Binary files /dev/null and b/test/trace/oversized-image-5.swf differ
diff --git a/test/trace/oversized-image-5.swf.trace b/test/trace/oversized-image-5.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/oversized-image-6.swf b/test/trace/oversized-image-6.swf
new file mode 100644
index 0000000..a3fc067
Binary files /dev/null and b/test/trace/oversized-image-6.swf differ
diff --git a/test/trace/oversized-image-6.swf.trace b/test/trace/oversized-image-6.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/oversized-image-7.swf b/test/trace/oversized-image-7.swf
new file mode 100644
index 0000000..d83a4cb
Binary files /dev/null and b/test/trace/oversized-image-7.swf differ
diff --git a/test/trace/oversized-image-7.swf.trace b/test/trace/oversized-image-7.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/oversized-image-8.swf b/test/trace/oversized-image-8.swf
new file mode 100644
index 0000000..a8f706c
Binary files /dev/null and b/test/trace/oversized-image-8.swf differ
diff --git a/test/trace/oversized-image-8.swf.trace b/test/trace/oversized-image-8.swf.trace
new file mode 100644
index 0000000..e69de29
diff --git a/test/trace/oversized-image.as b/test/trace/oversized-image.as
new file mode 100644
index 0000000..3dd2e70
--- /dev/null
+++ b/test/trace/oversized-image.as
@@ -0,0 +1,14 @@
+// makeswf -v 7 -s 200x150 -r 1 -o oversized-image.swf oversized-image.as
+
+createEmptyMovieClip ("a", 0);
+a.loadMovie ("cookiemon.jpg");
+
+createEmptyMovieClip ("b", 1);
+b.loadMovie ("wookiemon.jpg");
+
+count = 3;
+onEnterFrame = function () {
+  if (count-- == 0) {
+    getURL ("fscommand:quit", "");
+  };
+};
commit 28505a55e5c4c7b23da2a48e3d4644ff5148a10e
Author: Riccardo Magliocchetti <riccardo at datahost.it>
Date:   Sun Sep 7 18:05:17 2008 +0200

    don't crash on oversized files (fixes #15528)

diff --git a/swfdec/jpeg/jpeg.c b/swfdec/jpeg/jpeg.c
index d49f418..76796c5 100644
--- a/swfdec/jpeg/jpeg.c
+++ b/swfdec/jpeg/jpeg.c
@@ -70,6 +70,11 @@ jpeg_decoder_verify_header (JpegDecoder *dec)
   }
 
   if (dec->width < 1) {
+    COG_ERROR("width can't be 0");
+    dec->error = TRUE;
+  }
+
+  if (dec->height < 1) {
     COG_ERROR("height can't be 0");
     dec->error = TRUE;
   }
@@ -143,6 +148,12 @@ jpeg_decoder_verify_header (JpegDecoder *dec)
       break;
     }
   }
+
+ if ((2 << 30) / dec->width / dec->height < dec->n_components) {
+   COG_ERROR ("image is too big (width %d, height %d, %d components)",
+       dec->width, dec->height, dec->n_components);
+   dec->error = TRUE;
+ }
 }
 
 static void