[gnash] Fix rhbz #691699

Hicham HAOUARI hicham at fedoraproject.org
Wed Mar 30 02:13:36 UTC 2011 

commit ad9e3768923f056db50068cedd6eceef06777ccc
Author: Hicham HAOUARI <hicham.haouari at gmail.com>
Date:   Wed Mar 30 02:12:21 2011 +0000

    Fix rhbz #691699

 gnash-0.8.9-fix-handlers-vector-length.patch |   22 ++++++++++++++++++++++
 gnash.spec                                   |   11 ++++++++++-
 2 files changed, 32 insertions(+), 1 deletions(-)
---
diff --git a/gnash-0.8.9-fix-handlers-vector-length.patch b/gnash-0.8.9-fix-handlers-vector-length.patch
new file mode 100644
index 0000000..5c502ca
--- /dev/null
+++ b/gnash-0.8.9-fix-handlers-vector-length.patch
@@ -0,0 +1,22 @@
+From c2913487c8053ab649eae6a069e43b97b050712d Mon Sep 17 00:00:00 2001
+From: Bastiaan Jacques <bastiaan at bjacques.org>
+Date: Wed, 30 Mar 2011 01:38:52 +0000
+Subject: Fix off-by-one that causes an invalid opcode to read past the end of the handlers vector. Fixes bug #32950.
+
+---
+diff --git a/libcore/vm/ASHandlers.cpp b/libcore/vm/ASHandlers.cpp
+index 2137b01..089e947 100644
+--- a/libcore/vm/ASHandlers.cpp
++++ b/libcore/vm/ASHandlers.cpp
+@@ -242,7 +242,7 @@ ActionHandler::execute(ActionExec& thread) const
+ 
+ SWFHandlers::SWFHandlers()
+     :
+-    _handlers(255)
++    _handlers(256)
+ {
+ 
+     _handlers[ACTION_END] = ActionHandler(ACTION_END, ActionEnd);
+--
+cgit v0.8.3.4
+
diff --git a/gnash.spec b/gnash.spec
index dc3330e..39a0e5b 100644
--- a/gnash.spec
+++ b/gnash.spec
@@ -3,7 +3,7 @@
 
 Name:           gnash
 Version:        0.8.9
-Release:        1%{?dist}
+Release:        2%{?dist}
 Epoch:          1
 Summary:        GNU flash movie player
 
@@ -32,6 +32,11 @@ BuildRequires:  autoconf automake libtool
 Requires(post): /sbin/install-info
 Requires(preun): /sbin/install-info
 
+# Patch0:       https://bugzilla.redhat.com/show_bug.cgi?id=691699
+#               http://savannah.gnu.org/bugs/?32950
+#               http://git.savannah.gnu.org/cgit/gnash.git/commit/?id=c291348
+Patch0:         %{name}-%{version}-fix-handlers-vector-length.patch
+
 %description
 Gnash is capable of reading up to SWF v9 files and op-codes, but primarily
 supports SWF v7, with better SWF v8 and v9 support under heavy development.
@@ -123,6 +128,7 @@ to a MySQL database. The API is similar to the standard MySQL one.
 
 %prep
 %setup -q
+%patch0 -p1 -b .fix-handlers-vector-length
 autoreconf -if
 
 %build
@@ -279,6 +285,9 @@ touch --no-create %{_datadir}/icons/hicolor
 %{_libdir}/gnash/plugins/mysql.so
 
 %changelog
+* Wed Mar 30 2011 Hicham HAOUARI <hicham.haouari at gmail.com> - 1:0.8.9-2
+- Fix rhbz #691699
+
 * Fri Mar 18 2011 Hicham HAOUARI <hicham.haouari at gmail.com> - 1:0.8.9-1
 - Update to 0.8.9 final

More information about the scm-commits mailing list