Bug#828210: SWFC crashes when input script tried to use `.initaction` block

Sat, 25 Jun 2016 21:58:04 -0700 

Package: swftools
Version: 0.9.2+git20130725-4
Severity: normal
X-Debbugs-Cc: nutchanon.wetcha...@gmail.com

Hello,

I was writing some test code for GNU Flash Player's init action handling,
using SWFC's undocumented `.initaction` block (analogue to Macromedia Flash's
`#initclip` directive) using the following script "helloinit.sc":

.flash bbox=320x240 fps=12 background=white version=7
        .frame 1
                .initaction hello:
                        trace("Hello #initclip");
                .end
.end

However, When I tried to compile the script, SWFC crashed:

$ swfc -o helloinit.swf helloinit.sc
Segmentation fault (core dumped)

I'm not sure if I used `.initaction` block correctly (since it's not
documented). But in any way, SWFC should not crash.

SWFC script is attached as `helloinit.sc`.
GDB backtrace (gathered from core dump) is attached as `helloinit.sc.gdb.log`.

Please investigate.

Regards,
Nuthanon Wetchasit


-- System Information:
Debian Release: 7.0
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=th_TH, LC_CTYPE=th_TH (charmap=TIS-620)
Shell: /bin/sh linked to /bin/dash

Versions of packages swftools depends on:
ii  gsfonts       1:8.11+urwcyr1.0.7~pre44-4.2
ii  libc6         2.13-38+deb7u8
ii  libfreetype6  2.4.9-1.1
ii  libgif4       4.1.6-10
ii  libjpeg8      8d-1+deb7u1
ii  libmp3lame0   3.99.5+repack1-3+deb7u1
ii  libzzip-0-13  0.13.56-1.1
ii  zlib1g        1:1.2.7.dfsg-13

swftools recommends no packages.

Versions of packages swftools suggests:
pn  gs-common  <none>

-- no debconf information

Attachment: helloinit.sc
Description: application/vnd.ibm.secure-container

[New LWP 4322]
Core was generated by `swfc -o helloinit.swf helloinit.sc'.
Program terminated with signal 11, Segmentation fault.
#0  s_initaction (character=character@entry=0x96150c0 "hello", text=0x961937f "\n\t\t\ttrace(\"Hello #initclip\");\n\t\t") at swfc.c:1985
1985	    swf_SetU16(tag, c->id);

Registers:
eax            0x9615388	157373320
ecx            0x9615380	157373312
edx            0x9615388	157373320
ebx            0x8115ff4	135356404
esp            0xbf861fd0	0xbf861fd0
ebp            0xbf862078	0xbf862078
esi            0x9615108	157372680
edi            0x0	0
eip            0x8054e6f	0x8054e6f <s_initaction+111>
eflags         0x210286	[ PF SF IF RF ID ]
cs             0x73	115
ss             0x7b	123
ds             0x7b	123
es             0x7b	123
fs             0x0	0
gs             0x33	51

Backtrace:
#0  s_initaction (character=character@entry=0x96150c0 "hello", text=0x961937f "\n\t\t\ttrace(\"Hello #initclip\");\n\t\t") at swfc.c:1985
#1  0x08054f46 in c_initaction (args=0xbf86205c) at swfc.c:4170
#2  0x0804d1aa in parseArgumentsForCommand (command=<optimized out>) at swfc.c:4466
#3  main (argc=4, argv=0xbf862124) at swfc.c:4589

Full backtrace:
#0  s_initaction (character=character@entry=0x96150c0 "hello", text=0x961937f "\n\t\t\ttrace(\"Hello #initclip\");\n\t\t") at swfc.c:1985
        a = 0x9615108
        c = 0x0
#1  0x08054f46 in c_initaction (args=0xbf86205c) at swfc.c:4170
        character = 0x96150c0 "hello"
        filename = <optimized out>
#2  0x0804d1aa in parseArgumentsForCommand (command=<optimized out>) at swfc.c:4466
        t = <optimized out>
        args = {internal = 0x9615050}
        nr = <optimized out>
#3  main (argc=4, argv=0xbf862124) at swfc.c:4589
        t = 0

Reply via email to