[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] /srv/bzr/gnash/rtmp r9582: add patch from JasonWoof after
From: |
rob |
Subject: |
[Gnash-commit] /srv/bzr/gnash/rtmp r9582: add patch from JasonWoof after modifications. |
Date: |
Wed, 13 Aug 2008 13:26:51 -0600 |
User-agent: |
Bazaar (1.5) |
------------------------------------------------------------
revno: 9582
committer: address@hidden
branch nick: rtmp
timestamp: Wed 2008-08-13 13:26:51 -0600
message:
add patch from JasonWoof after modifications.
modified:
libamf/amf.cpp
libamf/sol.cpp
=== modified file 'libamf/amf.cpp'
--- a/libamf/amf.cpp 2008-08-08 04:39:08 +0000
+++ b/libamf/amf.cpp 2008-08-13 19:26:51 +0000
@@ -677,7 +677,6 @@
{
// GNASH_REPORT_FUNCTION;
- Element *el = new Element;
Network::byte_t *tmpptr = in;
boost::uint16_t length;
@@ -698,25 +697,25 @@
// mostly to make valgrind shut up, as it has a tendency to
// complain about legit code when it comes to all this byte
// manipulation stuff.
- char c = *(reinterpret_cast<char *>(tmpptr));
- Element::amf0_type_e type = static_cast<Element::amf0_type_e>(c);
+ Element *el = new Element;
+ AMF amf_obj;
+ // Jump through hoops to get the type so valgrind stays happy
+// char c = *(reinterpret_cast<char *>(tmpptr));
+ Element::amf0_type_e type = static_cast<Element::amf0_type_e>(*tmpptr);
tmpptr++; // skip past the header byte
- AMF amf_obj;
switch (type) {
case Element::NUMBER_AMF0:
{
double swapped = *reinterpret_cast<const double*>(tmpptr);
swapBytes(&swapped, amf::AMF0_NUMBER_SIZE);
el->makeNumber(swapped);
-// el->makeNumber(tmpptr);
tmpptr += AMF0_NUMBER_SIZE; // all numbers are 8 bit big endian
}
break;
case Element::BOOLEAN_AMF0:
el->makeBoolean(tmpptr);
- tmpptr += sizeof(bool);
-// tmpptr += sizeof(boost::uint16_t); // although a bool is one byte,
it's stored as a short
+ tmpptr += 1; // sizeof(bool) isn't always 1 for all
compilers
break;
case Element::STRING_AMF0:
// get the length of the name
@@ -725,6 +724,7 @@
if (length >= SANE_STR_SIZE) {
log_error("%d bytes for a string is over the safe limit of %d",
length, SANE_STR_SIZE);
+ delete el;
return 0;
}
// log_debug(_("AMF String length is: %d"), length);
@@ -740,7 +740,7 @@
case Element::OBJECT_AMF0:
{
el->makeObject();
- while (tmpptr < (tooFar - AMF_HEADER_SIZE)) {
+ while (tmpptr < tooFar) { // FIXME: was tooFar - AMF_HEADER_SIZE)
if (*tmpptr == TERMINATOR) {
// log_debug("No data associated with Property in object");
tmpptr++;
@@ -748,13 +748,15 @@
}
Element *child = amf_obj.extractProperty(tmpptr, tooFar);
if (child == 0) {
+ // skip past zero length string (2 bytes), null (1 byte) and
end object (1 byte)
+ tmpptr += 4;
break;
}
// child->dump();
el->addProperty(child);
tmpptr += amf_obj.totalsize();
};
- tmpptr += AMF_HEADER_SIZE; // skip past the terminator
bytes
+// tmpptr += AMF_HEADER_SIZE; // skip past the terminator
bytes
break;
}
case Element::MOVIECLIP_AMF0:
@@ -823,6 +825,7 @@
case Element::AMF3_DATA:
default:
log_unimpl("%s: type %d", __PRETTY_FUNCTION__, (int)type);
+ delete el;
return 0;
}
@@ -864,31 +867,34 @@
log_debug("No Property name, object done");
return 0;
}
- if (length >= SANE_STR_SIZE) {
- log_error("%d bytes for a string is over the safe limit of %d",
- length, SANE_STR_SIZE);
- return 0;
- }
+
+ if (length + tmpptr > tooFar) {
+ log_error("%d bytes for a string is over the safe limit of %d. Putting
the rest of the buffer into the string", length, SANE_STR_SIZE);
+ length = tooFar - tmpptr;
+ }
// name is just debugging help to print cleaner, and should be removed
later
// log_debug(_("AMF property name length is: %d"), length);
std::string name(reinterpret_cast<const char *>(tmpptr), length);
// log_debug(_("AMF property name is: %s"), name);
+ tmpptr += length;
Element *el = 0;
+ char c = *(reinterpret_cast<char *>(tmpptr));
+ Element::amf0_type_e type = static_cast<Element::amf0_type_e>(c);
// If we get a NULL object, there is no data. In that case, we only return
// the name of the property.
- if (*(tmpptr+length) == Element::NULL_AMF0) {
+ if (type == Element::NULL_AMF0) {
log_debug("No data associated with Property \"%s\"", name);
el = new Element;
el->setName(name.c_str(), length);
- tmpptr += length + 1;
+ tmpptr += 1;
// Calculate the offset for the next read
} else {
// process the data with associated with the property.
// Go past the data to the start of the next AMF object, which
// should be a type byte.
- tmpptr += length;
+// tmpptr += length;
el = extractAMF(tmpptr, tooFar);
if (el) {
el->setName(name.c_str(), length);
=== modified file 'libamf/sol.cpp'
--- a/libamf/sol.cpp 2008-05-16 02:46:11 +0000
+++ b/libamf/sol.cpp 2008-08-13 19:26:51 +0000
@@ -251,26 +251,26 @@
size_t outsize = 0;
switch (el->getType()) {
case Element::BOOLEAN_AMF0:
- outsize = el->getNameSize() + 3;
+ outsize = el->getNameSize() + 4;
memcpy(ptr, var->reference(), outsize);
ptr += outsize;
break;
case Element::OBJECT_AMF0:
outsize = el->getNameSize() + 5;
assert(ptr+outsize < endPtr);
- outsize = el->getNameSize() + 5;
+// outsize = el->getNameSize() + 5;
memcpy(ptr, var->reference(), outsize);
ptr += outsize;
*ptr++ = Element::OBJECT_END_AMF0;
- *ptr++ = 0; // objects are terminated too!
+// *ptr++ = 0; // objects are terminated too!
break;
case Element::NUMBER_AMF0:
- outsize = el->getNameSize() + AMF0_NUMBER_SIZE + 2;
+ outsize = el->getNameSize() + AMF0_NUMBER_SIZE + 3;
assert(ptr+outsize < endPtr);
memcpy(ptr, var->reference(), outsize);
ptr += outsize;
- *ptr++ = 0; // doubles are terminated too!
- *ptr++ = 0; // doubles are terminated too!
+// *ptr++ = 0; // doubles are terminated too!
+// *ptr++ = 0; // doubles are terminated too!
break;
case Element::STRING_AMF0:
if (el->getLength() == 0) {
@@ -338,7 +338,7 @@
_filesize = st.st_size;
buf = new Network::byte_t[_filesize + sizeof(int)];
ptr = buf;
- Network::byte_t* tooFar = buf+_filesize+sizeof(int);
+ Network::byte_t* tooFar = buf+_filesize;
bodysize = st.st_size - 6;
_filespec = filespec;
@@ -399,9 +399,6 @@
if (ptr) {
el = amf_obj.extractProperty(ptr, tooFar);
if (el != 0) {
- // Unlike RTMP, SOL files tack an extra
- // zero byte after every property, so we
- // want to skip past this one too.
ptr += amf_obj.totalsize() + 1;
_amfobjs.push_back(el);
} else {
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] /srv/bzr/gnash/rtmp r9582: add patch from JasonWoof after modifications.,
rob <=