[prev in list] [next in list] [prev in thread] [next in thread]
List: gnash-commit
Subject: [Gnash-commit] [bug #43867] int overflow
From: Joshua Rogers <INVALID.NOREPLY () gnu ! org>
Date: 2014-12-22 11:46:39
Message-ID: 20141222-114638.sv97858.28645 () savannah ! gnu ! org
[Download RAW message or body]
URL:
<http://savannah.gnu.org/bugs/?43867>
Summary: int overflow
Project: Gnash - The GNU Flash player
Submitted by: megamansec3
Submitted on: Mon 22 Dec 2014 11:46:38 AM GMT
Category: None
Severity: 3 - Normal
Release: None
Status: None
Privacy: Private
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Hi,
In ASHandlers.cpp:
2306 unsigned nargs = toNumber(env.pop(), getVM(env));
may cause an int overflow dur to the conversation from 64bits to 32bits
And then it is used:
2325 as_object* newobj = construct_object(constructor, env, nargs);
which will cause problems.
Thanks,
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?43867>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Gnash-commit mailing list
Gnash-commit@gnu.org
https://lists.gnu.org/mailman/listinfo/gnash-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic