[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnash-dev] Re: OpenLaszlo & Gnash
From: |
strk |
Subject: |
Re: [Gnash-dev] Re: OpenLaszlo & Gnash |
Date: |
Wed, 14 Feb 2007 21:48:34 +0100 |
On Wed, Feb 14, 2007 at 03:34:34PM -0500, P T Withington wrote:
> This code comes from SWFFile.java and is written using jgenerator.
> The actionscript is compiled by our script compiler. It seems there
> is an 'off-by-one' bug here? I note that our script compiler always
> adds a NONE (0x0) opcode at the end of every script it compiles, and
> that jgenerator takes the program length from the length of the byte-
> array the script compiler returns. Is it possible that there is some
> redundancy between the 'null termination' of the script and the
> length field?
Yes, this is exactly the problem:
MALFORMED SWF: swf_event::read(), event_length = 84, but read 83.
The event is advertised to be long 84 bytes, but the END block (0x00)
is found at byte offset 83. Before I patched Gnash for "skipping"
the additional byte, it was behaving like swftools-0.4.2 (confusely
taking next action to be *very* long).
Maybe Gnash behaviour is now safe, can you confirm there should
be 4 event actions with these sizes :
MALFORMED SWF: swf_event::read(), event_length = 84, but read 83. Skipping
excessive bytes.
MALFORMED SWF: swf_event::read(), event_length = 82, but read 81. Skipping
excessive bytes.
MALFORMED SWF: swf_event::read(), event_length = 79, but read 78. Skipping
excessive bytes.
MALFORMED SWF: swf_event::read(), event_length = 77, but read 76. Skipping
excessive bytes.
If the above sounds fine next step is tracking ActionScript problems.
The first 'undefined' value I see is at call to LzNode.mvn().
BTW, it seems the compiler is pushing 14 (fourteen) 'LzNode' values on the stack
before calling that function:
20:18:14: PC:29334 - EX: ActionPushData
0) type=dict8 (10), value=LzNode
1) type=dict8 (10), value=LzNode
2) type=dict8 (10), value=LzNode
3) type=dict8 (10), value=LzNode
4) type=dict8 (10), value=LzNode
5) type=dict8 (10), value=LzNode
6) type=dict8 (10), value=LzNode
7) type=dict8 (10), value=LzNode
8) type=dict8 (10), value=LzNode
9) type=dict8 (10), value=LzNode
10) type=dict8 (10), value=LzNode
11) type=dict8 (10), value=LzNode
12) type=dict8 (10), value=LzNode
13) type=dict8 (10), value=LzNode
14) type=int32, value=0
15) type=dict16 (1060), value=mvn
After execution, PC is 29334.
Stack: "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" |
"LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" |
"LzNode"
| "0" | "mvn"
Local variables:
20:18:14: PC:29373 - EX: ActionCallFunction
at ActionExec operator() start, pc=28579, stop_pc=29333, code.size=216903.
Stack: "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" |
"LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" | "LzNode" |
"LzNode"
| "0" | "mvn"
Local registers: "undefined" | "undefined"
Local variables: |
Is that intentional/expected ?
--strk;
>
> On 2007-02-14, at 15:00 EST, Henry Minsky wrote:
>
> >I disassembled the swf using swftools-0.4.2 swfdump and it does
> >seem to be
> >confused at that tag judging by the '???' it is emitting.
> >
> >
> >[01a] 381 PLACEOBJECT2 places id 0005 at depth 0002 name
> >"frameupdate"
> >global flags: 00f0
> > flags 00000040 [key down], 84 bytes actioncode
> > ( 38 bytes) action: Constantpool(5 entries)
> >String:"gotKeyDown" String:"getCode" String:"LzKeys" String:"_root"
> >String:"Key"
> > ( 7 bytes) action: Push int:0 Lookup:4 ("Key")
> > ( 0 bytes) action: GetVariable
> > ( 2 bytes) action: Push Lookup:1 ("getCode")
> > ( 0 bytes) action: CallMethod
> > ( 7 bytes) action: Push int:1 Lookup:3 ("_root")
> > ( 0 bytes) action: GetVariable
> > ( 2 bytes) action: Push Lookup:2 ("LzKeys")
> > ( 0 bytes) action: GetMember
> > ( 2 bytes) action: Push Lookup:0 ("gotKeyDown")
> > ( 0 bytes) action: CallMethod
> > ( 0 bytes) action: Pop
> > ( 0 bytes) action: End
> > flags 00008000 [???], 20992 bytes actioncode
> > ( 0 bytes) action: End
> > flags 05002488 [mouse move][key up][???],
> >1953457920 bytes
> >actioncode
> > ( 0 bytes) action: ToString
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: unknown[79]
> > ( 0 bytes) action: GetMembers?
> > ( 0 bytes) action: unknown[70]
> > ( 0 bytes) action: End
> > flags 43746567 [on load][enter frame][unload][mouse
> >up][key
> >down][data][???], 6644847 bytes actioncode
> > ( 0 bytes) action: PushDuplicate
> > ( 0 bytes) action: unknown[7a]
> > ( 0 bytes) action: ToString
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: unknown[79]
> > ( 0 bytes) action: unknown[73]
> > ( 0 bytes) action: End
> > flags 6f6f725f [on load][enter frame][unload][mouse
> >move][mouse down][key down][???], 1699414132 bytes actioncode
> > ( 0 bytes) action: unknown[79]
> > ( 0 bytes) action: End
> > flags 07000796 [enter frame][unload][mouse down][key
> >up][data][???], 0 bytes actioncode
> > ( 0 bytes) action: ToggleQuality
> > ( 0 bytes) action: NextFrame
> > ( 0 bytes) action: GetVariable
> > ( 2 bytes) action: Push Lookup:1
> > ( 0 bytes) action: CallMethod
> > ( 7 bytes) action: Push int:1 Lookup:3
> > ( 0 bytes) action: GetVariable
> > ( 2 bytes) action: Push Lookup:2
> > ( 0 bytes) action: GetMember
> > ( 2 bytes) action: Push Lookup:0
> > ( 0 bytes) action: CallMethod
> > ( 0 bytes) action: Pop
> > ( 0 bytes) action: End
> > flags 00001000 [???], 20224 bytes actioncode
> > ( 0 bytes) action: End
> > flags 04003088 [mouse move][key up][???],
> >1299860480 bytes
> >actioncode
> > ( 0 bytes) action: unknown[6f]
> > ( 0 bytes) action: BitRShift
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: StackSwap
> > ( 0 bytes) action: BitOr
> > ( 0 bytes) action: unknown[6e]
> > ( 0 bytes) action: BitOr
> > ( 0 bytes) action: Less3?
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: unknown[72]
> > ( 0 bytes) action: End
> > flags 4d776172 [enter frame][mouse down][mouse up][key
> >down][data][???], 1702065519 bytes actioncode
> > ( 0 bytes) action: TargetPath
> > ( 0 bytes) action: unknown[76]
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: unknown[6e]
> > ( 0 bytes) action: unknown[74]
> > ( 0 bytes) action: End
> > flags 6f6d6e6f [on load][enter frame][unload][mouse
> >move][mouse up][key down][???], 1684370293 bytes actioncode
> > ( 0 bytes) action: unknown[6f]
> > ( 0 bytes) action: unknown[77]
> > ( 0 bytes) action: unknown[6e]
> > ( 0 bytes) action: End
> > flags 6f6f725f [on load][enter frame][unload][mouse
> >move][mouse down][key down][???], 160825460 bytes actioncode
> > ( 0 bytes) action: End
> > flags 01070208 [mouse move][???], 134217728 bytes
> >actioncode
> > ( 0 bytes) action: unknown[03]
> > ( 0 bytes) action: GetVariable
> > ( 2 bytes) action: Push Lookup:0
> > ( 0 bytes) action: GetMember
> > ( 2 bytes) action: Push Lookup:1
> > ( 0 bytes) action: CallMethod
> > ( 0 bytes) action: Pop
> > ( 0 bytes) action: End
> > flags 00002000 [???], 19712 bytes actioncode
> > ( 0 bytes) action: End
> > flags 04002e88 [mouse move][key up][???],
> >1299860480 bytes
> >actioncode
> > ( 0 bytes) action: unknown[6f]
> > ( 0 bytes) action: BitRShift
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: StackSwap
> > ( 0 bytes) action: BitOr
> > ( 0 bytes) action: unknown[6e]
> > ( 0 bytes) action: BitOr
> > ( 0 bytes) action: Less3?
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: unknown[72]
> > ( 0 bytes) action: End
> > flags 4d776172 [enter frame][mouse down][mouse up][key
> >down][data][???], 1702065519 bytes actioncode
> > ( 0 bytes) action: TargetPath
> > ( 0 bytes) action: unknown[76]
> > ( 0 bytes) action: BitURShift
> > ( 0 bytes) action: unknown[6e]
> > ( 0 bytes) action: unknown[74]
> > ( 0 bytes) action: End
> > flags 6f6d6e6f [on load][enter frame][unload][mouse
> >move][mouse up][key down][???], 1969582965 bytes actioncode
> > ( 0 bytes) action: unknown[70]
> > ( 0 bytes) action: End
> > flags 6f6f725f [on load][enter frame][unload][mouse
> >move][mouse down][key down][???], 160825460 bytes actioncode
> > ( 0 bytes) action: End
> > flags 01070208 [mouse move][???], 134217728 bytes
> >actioncode
> > ( 0 bytes) action: unknown[03]
> > ( 0 bytes) action: GetVariable
> > ( 2 bytes) action: Push Lookup:0
> > ( 0 bytes) action: GetMember
> > ( 2 bytes) action: Push Lookup:1
> > ( 0 bytes) action: CallMethod
> > ( 0 bytes) action: Pop
> > ( 0 bytes) action: End
> >[027] 4 DEFINESPRITE defines id 0006
> >[000] 0 END
> >
> >
> >On 2/14/07, strk <address@hidden> wrote:
> >>
> >>On Wed, Feb 14, 2007 at 01:30:12PM -0500, Henry Minsky wrote:
> >>> The structure of a Laszlo application is that the runtime LFC
> >>library is
> >>> compiled entirely by the script compiler, it is just a big
> >>action block.
> >>>
> >>> Then, the user's application is also compiled by the script
> >>compiler
> >>into a
> >>> big action block.
> >>>
> >>> Then those are inserted into a kind of boilerplate framework
> >>which is
> >>> generated using the old JGenerator library which we've modified
> >>somewhat.
> >>> That is generated by the source code in
> >>> WEB-INF/lps/server/src/org/openlaszlo/compiler/SWFFile.java, and
> >>consists of
> >>> various resources and trampolines into the LFC, such as buttons for
> >>catching
> >>> click events, keyboard events, and a video object which can be
> >>attached
> >>to
> >>> play video.
> >>>
> >>> The question I have is whether the bad opcode is coming from our
> >>script
> >>> compiler, or whether it comes in somehow when the app is
> >>assembled by
> >>> placing the compiled script code into the application framework.
> >>
> >>The Gnash-detected error is in a PLACEOBJECT2 tag events . You can
> >>also
> >>see tha name of the instanciated character (frameupdate) :
> >>
> >>SWF[444]: tag type = 26, tag length = 381
> >> place_object_2
> >> depth = 2
> >> char id = 5
> >> name = frameupdate
> >> actions: flags = 0xF0
> >>20:15:11: MALFORMED SWF: swf_event::read(), event_length = 84, but
> >>read
> >>83. Skipping excessive bytes.
> >>20:15:11: MALFORMED SWF: swf_event::read(), event_length = 82, but
> >>read
> >>81. Skipping excessive bytes.
> >>20:15:11: MALFORMED SWF: swf_event::read(), event_length = 79, but
> >>read
> >>78. Skipping excessive bytes.
> >>20:15:11: MALFORMED SWF: swf_event::read(), event_length = 77, but
> >>read
> >>76. Skipping excessive bytes.
> >>
> >>I'm both interested in making sure Gnash is fail-safe against this
> >>malformation
> >>(the proprietary player is) and improve Gnash support for the
> >>ActionScript
> >>part, which
> >>is also unsupported currently.
> >>The ActionScript failure is about a 'prototype' member being
> >>undefined
> >>(namely: prototype.prototype).
> >>
> >>--strk;
> >>
> >
> >
> >
> >--
> >Henry Minsky
> >Software Architect
> >address@hidden
>
>
>
> _______________________________________________
> Gnash-dev mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/gnash-dev
--
() ASCII Ribbon Campaign
/\ Keep it simple!