[Swfdec] [Bug 12793] New: Crash playing a swf file (because of missing NULL ptr check)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Oct 13 02:28:48 PDT 2007 

http://bugs.freedesktop.org/show_bug.cgi?id=12793

           Summary: Crash playing a swf file (because of missing NULL ptr
                    check)
           Product: swfdec
           Version: unspecified
          Platform: x86 (IA32)
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: high
         Component: library
        AssignedTo: swfdec at lists.freedesktop.org
        ReportedBy: leroutier at gmail.com
         QAContact: swfdec at lists.freedesktop.org


Trying to play a swf file on my harddrive, I had a crash.
Looking at gdb's output, I saw that :

SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish:
fillstyle 0 has no path
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish:
fillstyle 0 has no path
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD
is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish:
fillstyle 0 has no path
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec
2 doesn't match sound codec 0
[New Thread -1236038768 (LWP 14016)]
[Thread -1227646064 (LWP 14015) exited]

(swfplay:14010): Swfdec-CRITICAL **: swfdec_buffer_queue_pull: assertion
`length > 0' failed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1223689344 (LWP 14010)]
0xb7f46add in swfdec_sound_get_decoded (sound=0x81a4770, format=0x8203d80) at
swfdec_sound.c:205
205       SWFDEC_LOG ("after decoding, got %u samples, should get %u and skip
%u", 
(gdb) p tmp
$1 = (SwfdecBuffer *) 0x0

The code does :
  SWFDEC_LOG ("after decoding, got %u samples, should get %u and skip %u", 
      tmp->length / sample_bytes, n_samples, sound->skip);

tmp->length is the culprit.
but tmp is used more and more after that so perhaps a small if (!tmp) is not
enough.

Attaching a link to the file once it has been uploaded


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
You are the assignee for the bug, or are watching the assignee.

More information about the Swfdec mailing list