Skip to content

Commit 4e7736d

Browse files
committed
fixed #2238
1 parent d89dc09 commit 4e7736d

File tree

2 files changed

+23
-3
lines changed

2 files changed

+23
-3
lines changed

Diff for: build/xcode/gpac.xcodeproj/project.pbxproj

+2-2
Original file line numberDiff line numberDiff line change
@@ -3339,7 +3339,7 @@
33393339
/usr/local/lib,
33403340
/opt/local/lib,
33413341
);
3342-
MACOSX_DEPLOYMENT_TARGET = 10.6;
3342+
MACOSX_DEPLOYMENT_TARGET = 10.9;
33433343
ONLY_ACTIVE_ARCH = YES;
33443344
OTHER_LDFLAGS = "-lSDL2";
33453345
PRODUCT_NAME = "$(TARGET_NAME)";
@@ -3378,7 +3378,7 @@
33783378
/usr/local/lib,
33793379
/opt/local/lib,
33803380
);
3381-
MACOSX_DEPLOYMENT_TARGET = 10.6;
3381+
MACOSX_DEPLOYMENT_TARGET = 10.9;
33823382
OTHER_LDFLAGS = "-lSDL2";
33833383
PRODUCT_NAME = "$(TARGET_NAME)";
33843384
SDKROOT = macosx;

Diff for: src/bifs/script_dec.c

+21-1
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ typedef struct
4040
GF_List *identifiers;
4141
char *new_line;
4242
u32 indent;
43+
u32 expr_stack_size;
4344
} ScriptParser;
4445

4546

@@ -169,6 +170,7 @@ GF_Err SFScript_Parse(GF_BifsDecoder *codec, SFScript *script_field, GF_BitStrea
169170
e = GF_OK;
170171
if (gf_node_get_tag(n) != TAG_MPEG4_Script) return GF_NON_COMPLIANT_BITSTREAM;
171172

173+
memset(&parser, 0, sizeof(ScriptParser));
172174
parser.codec = codec;
173175
parser.script = n;
174176
parser.bs = bs;
@@ -209,6 +211,10 @@ GF_Err SFScript_Parse(GF_BifsDecoder *codec, SFScript *script_field, GF_BitStrea
209211
SFS_Space(&parser);
210212
SFS_StatementBlock(&parser, GF_TRUE);
211213
SFS_Line(&parser);
214+
if (codec->LastError) {
215+
e = codec->LastError;
216+
goto exit;
217+
}
212218
}
213219

214220
SFS_Line(&parser);
@@ -418,6 +424,7 @@ void SFS_CompoundExpression(ScriptParser *parser)
418424
if (parser->codec->LastError) return;
419425
SFS_Expression(parser);
420426
if (! gf_bs_read_int(parser->bs, 1)) return;
427+
if (parser->codec->LastError) return;
421428
SFS_AddString(parser, ",");
422429
SFS_CompoundExpression(parser);
423430
}
@@ -430,12 +437,20 @@ void SFS_OptionalExpression(ScriptParser *parser)
430437
}
431438
}
432439

433-
440+
#define MAX_EXPR_STACK 500
434441
void SFS_Expression(ScriptParser *parser)
435442
{
436443
u32 val = gf_bs_read_int(parser->bs, NUMBITS_EXPR_TYPE);
437444
if (parser->codec->LastError) return;
438445

446+
//limit max expression stack size
447+
parser->expr_stack_size++;
448+
if (parser->expr_stack_size>MAX_EXPR_STACK) {
449+
GF_LOG(GF_LOG_ERROR, GF_LOG_CODEC, ("[BIFS] Max stack size %d reached for expressions, not supported\n", MAX_EXPR_STACK))
450+
parser->codec->LastError = GF_NON_COMPLIANT_BITSTREAM;
451+
return;
452+
}
453+
439454
switch(val) {
440455
case ET_CURVED_EXPR:
441456
SFS_AddString(parser, "(");
@@ -675,6 +690,7 @@ void SFS_Expression(ScriptParser *parser)
675690
parser->codec->LastError = GF_NON_COMPLIANT_BITSTREAM;
676691
break;
677692
}
693+
parser->expr_stack_size--;
678694
}
679695

680696
void SFS_NewObject(ScriptParser *parser)
@@ -691,6 +707,7 @@ void SFS_ArrayDeref(ScriptParser *parser)
691707
{
692708
if (parser->codec->LastError) return;
693709
SFS_Expression(parser);
710+
if (parser->codec->LastError) return;
694711
SFS_AddString(parser, "[");
695712
SFS_CompoundExpression(parser);
696713
SFS_AddString(parser, "]");
@@ -709,6 +726,7 @@ void SFS_ObjectMemberAccess(ScriptParser *parser)
709726
{
710727
if (parser->codec->LastError) return;
711728
SFS_Expression(parser);
729+
if (parser->codec->LastError) return;
712730
SFS_AddString(parser, ".");
713731
SFS_Identifier(parser);
714732
}
@@ -718,6 +736,7 @@ void SFS_ObjectMethodCall(ScriptParser *parser)
718736
{
719737
if (parser->codec->LastError) return;
720738
SFS_Expression(parser);
739+
if (parser->codec->LastError) return;
721740
SFS_AddString(parser, ".");
722741
SFS_Identifier(parser);
723742
SFS_AddString(parser, "(");
@@ -732,6 +751,7 @@ void SFS_Params(ScriptParser *parser)
732751
val = gf_bs_read_int(parser->bs, 1);
733752
while (val) {
734753
SFS_Expression(parser);
754+
if (parser->codec->LastError) return;
735755
val = gf_bs_read_int(parser->bs, 1);
736756
if(val) SFS_AddString(parser, ",");
737757
}

0 commit comments

Comments
 (0)