Bug 12793

Summary: Crash playing a swf file (because of missing NULL ptr check)
Product: swfdec Reporter: Stéphane Loeuillet <s.loeuillet>
Component: libraryAssignee: swfdec ml <swfdec>
Status: RESOLVED FIXED QA Contact: swfdec ml <swfdec>
Severity: normal    
Priority: high    
Version: unspecified   
Hardware: x86 (IA32)   
OS: All   
URL: http://www.leroutier.net/floss/swfdec/bugzilla/fdo12793.swf
Whiteboard:
i915 platform: i915 features:

Description Stéphane Loeuillet 2007-10-13 02:31:50 UTC 
Trying to play a swf file on my harddrive, I had a crash.
Looking at gdb's output, I saw that :

SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec 2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 0 has no path
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec 2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 0 has no path
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD is not yet implemented
SWFDEC: FIXME: swfdec_pattern.c(446): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 0 has no path
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec 2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec 2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec 2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec 2 doesn't match sound codec 0
SWFDEC: FIXME: swfdec_sound.c(254): tag_func_sound_stream_head: playback codec 2 doesn't match sound codec 0
[New Thread -1236038768 (LWP 14016)]
[Thread -1227646064 (LWP 14015) exited]

(swfplay:14010): Swfdec-CRITICAL **: swfdec_buffer_queue_pull: assertion `length > 0' failed

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1223689344 (LWP 14010)]
0xb7f46add in swfdec_sound_get_decoded (sound=0x81a4770, format=0x8203d80) at swfdec_sound.c:205
205       SWFDEC_LOG ("after decoding, got %u samples, should get %u and skip %u", 
(gdb) p tmp
$1 = (SwfdecBuffer *) 0x0

The code does :
  SWFDEC_LOG ("after decoding, got %u samples, should get %u and skip %u", 
      tmp->length / sample_bytes, n_samples, sound->skip);

tmp->length is the culprit.
but tmp is used more and more after that so perhaps a small if (!tmp) is not enough.

Attaching a link to the file once it has been uploaded
Comment 1 Benjamin Otte 2007-10-14 02:42:01 UTC 
Thanks, fixed in 9ee02d87b2f6837237a717b3b6232ebe7ec63c63

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.