diff --git a/build/xcode/gpac.xcodeproj/project.pbxproj b/build/xcode/gpac.xcodeproj/project.pbxproj index 26daf1a13d..01a54f5936 100644 --- a/build/xcode/gpac.xcodeproj/project.pbxproj +++ b/build/xcode/gpac.xcodeproj/project.pbxproj @@ -3339,7 +3339,7 @@ /usr/local/lib, /opt/local/lib, ); - MACOSX_DEPLOYMENT_TARGET = 10.6; + MACOSX_DEPLOYMENT_TARGET = 10.9; ONLY_ACTIVE_ARCH = YES; OTHER_LDFLAGS = "-lSDL2"; PRODUCT_NAME = "$(TARGET_NAME)"; @@ -3378,7 +3378,7 @@ /usr/local/lib, /opt/local/lib, ); - MACOSX_DEPLOYMENT_TARGET = 10.6; + MACOSX_DEPLOYMENT_TARGET = 10.9; OTHER_LDFLAGS = "-lSDL2"; PRODUCT_NAME = "$(TARGET_NAME)"; SDKROOT = macosx; diff --git a/src/bifs/script_dec.c b/src/bifs/script_dec.c index 81613ed455..873d8c9ca7 100644 --- a/src/bifs/script_dec.c +++ b/src/bifs/script_dec.c @@ -40,6 +40,7 @@ typedef struct GF_List *identifiers; char *new_line; u32 indent; + u32 expr_stack_size; } ScriptParser; @@ -169,6 +170,7 @@ GF_Err SFScript_Parse(GF_BifsDecoder *codec, SFScript *script_field, GF_BitStrea e = GF_OK; if (gf_node_get_tag(n) != TAG_MPEG4_Script) return GF_NON_COMPLIANT_BITSTREAM; + memset(&parser, 0, sizeof(ScriptParser)); parser.codec = codec; parser.script = n; parser.bs = bs; @@ -209,6 +211,10 @@ GF_Err SFScript_Parse(GF_BifsDecoder *codec, SFScript *script_field, GF_BitStrea SFS_Space(&parser); SFS_StatementBlock(&parser, GF_TRUE); SFS_Line(&parser); + if (codec->LastError) { + e = codec->LastError; + goto exit; + } } SFS_Line(&parser); @@ -418,6 +424,7 @@ void SFS_CompoundExpression(ScriptParser *parser) if (parser->codec->LastError) return; SFS_Expression(parser); if (! gf_bs_read_int(parser->bs, 1)) return; + if (parser->codec->LastError) return; SFS_AddString(parser, ","); SFS_CompoundExpression(parser); } @@ -430,12 +437,20 @@ void SFS_OptionalExpression(ScriptParser *parser) } } - +#define MAX_EXPR_STACK 500 void SFS_Expression(ScriptParser *parser) { u32 val = gf_bs_read_int(parser->bs, NUMBITS_EXPR_TYPE); if (parser->codec->LastError) return; + //limit max expression stack size + parser->expr_stack_size++; + if (parser->expr_stack_size>MAX_EXPR_STACK) { + GF_LOG(GF_LOG_ERROR, GF_LOG_CODEC, ("[BIFS] Max stack size %d reached for expressions, not supported\n", MAX_EXPR_STACK)) + parser->codec->LastError = GF_NON_COMPLIANT_BITSTREAM; + return; + } + switch(val) { case ET_CURVED_EXPR: SFS_AddString(parser, "("); @@ -675,6 +690,7 @@ void SFS_Expression(ScriptParser *parser) parser->codec->LastError = GF_NON_COMPLIANT_BITSTREAM; break; } + parser->expr_stack_size--; } void SFS_NewObject(ScriptParser *parser) @@ -691,6 +707,7 @@ void SFS_ArrayDeref(ScriptParser *parser) { if (parser->codec->LastError) return; SFS_Expression(parser); + if (parser->codec->LastError) return; SFS_AddString(parser, "["); SFS_CompoundExpression(parser); SFS_AddString(parser, "]"); @@ -709,6 +726,7 @@ void SFS_ObjectMemberAccess(ScriptParser *parser) { if (parser->codec->LastError) return; SFS_Expression(parser); + if (parser->codec->LastError) return; SFS_AddString(parser, "."); SFS_Identifier(parser); } @@ -718,6 +736,7 @@ void SFS_ObjectMethodCall(ScriptParser *parser) { if (parser->codec->LastError) return; SFS_Expression(parser); + if (parser->codec->LastError) return; SFS_AddString(parser, "."); SFS_Identifier(parser); SFS_AddString(parser, "("); @@ -732,6 +751,7 @@ void SFS_Params(ScriptParser *parser) val = gf_bs_read_int(parser->bs, 1); while (val) { SFS_Expression(parser); + if (parser->codec->LastError) return; val = gf_bs_read_int(parser->bs, 1); if(val) SFS_AddString(parser, ","); }