`read_i32` no longer panics if more than 28 bits are defined within the read-in integer constant.
The underlying problem is actually shift overflow - on the fifth byte in the sequence, it attempts to mask bits by shifting them off the left of the value, which doesn't work here, as we'll be shifting by -3. For those unaware, shifting by a negative does NOT shift in the opposite direction, it instead gives your C compiler permission to stuff demons up your nose. I wouldn't be surprised if this is just outright UB in Flash Player.
This commit is contained in:
parent
351fe026e9
commit
345a244ed4
|
@ -112,9 +112,13 @@ impl<R: Read> Reader<R> {
|
|||
let byte: i32 = self.read_u8()?.into();
|
||||
n |= (byte & 0b0111_1111) << i;
|
||||
i += 7;
|
||||
|
||||
if byte & 0b1000_0000 == 0 {
|
||||
n <<= 32 - i;
|
||||
n >>= 32 - i;
|
||||
if i < 32 {
|
||||
n <<= 32 - i;
|
||||
n >>= 32 - i;
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue