From f094f8e205d63e14b8d765b587cfd9f32022a67b Mon Sep 17 00:00:00 2001
From: Matthias Kramm <kramm@quiss.org>
Date: Mon, 31 Aug 2009 15:34:43 +0200
Subject: [PATCH] made parser more robust against broken as3

---
 lib/as3/pool.c |   14 ++++++++++----
 lib/q.c        |    4 ++--
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/lib/as3/pool.c b/lib/as3/pool.c
index ec089a0..2402328 100644
--- a/lib/as3/pool.c
+++ b/lib/as3/pool.c
@@ -522,14 +522,17 @@ char* multiname_tostring(multiname_t*m)
     int namelen = strlen(name);
 
     if(m->type==QNAME || m->type==QNAMEA || m->type==POSTFIXTYPE) {
-        char*nsname = escape_string(m->ns->name);
+        char*nsname = m->ns?escape_string(m->ns->name):strdup("NULL");
         mname = malloc(strlen(nsname)+namelen+32);
         strcpy(mname, "<q");
         if(m->type == QNAMEA)
             strcat(mname, ",attr");
-        strcat(mname, ">[");
-        strcat(mname,access2str(m->ns->access));
-        strcat(mname, "]");
+	strcat(mname, ">");
+	if(m->ns) {
+	    strcat(mname,"[");
+	    strcat(mname,access2str(m->ns->access));
+	    strcat(mname, "]");
+	}
         strcat(mname, nsname);
         free(nsname);
         strcat(mname, "::");
@@ -1166,6 +1169,9 @@ void pool_read(pool_t*pool, TAG*tag)
 	if(m.type==0x07 || m.type==0x0d) {
 	    int namespace_index = swf_GetU30(tag);
             m.ns = (namespace_t*)array_getkey(pool->x_namespaces, namespace_index);
+	    if(!m.ns) {
+		fprintf(stderr, "Error: Illegal reference to namespace #%d in constant pool.\n", namespace_index);
+	    }
             int name_index = swf_GetU30(tag);
             if(name_index) // 0 = '*' (any)
 	        m.name = pool_lookup_string(pool, name_index);
diff --git a/lib/q.c b/lib/q.c
index fc9f868..d70822d 100644
--- a/lib/q.c
+++ b/lib/q.c
@@ -1343,14 +1343,14 @@ array_t* array_new2(type_t*type) {
 }
 void*array_getkey(array_t*array, int nr) {
     if(nr > array->num || nr<0) {
-	printf("error: reference to element %d in array[%d]\n", nr, array->num);
+	fprintf(stderr, "error: reference to element %d in array[%d]\n", nr, array->num);
 	return 0;
     }
     return array->d[nr].name;
 }
 void*array_getvalue(array_t*array, int nr) {
     if(nr > array->num || nr<0) {
-	printf("error: reference to element %d in array[%d]\n", nr, array->num);
+	fprintf(stderr, "error: reference to element %d in array[%d]\n", nr, array->num);
 	return 0;
     }
     return array->d[nr].data;
-- 
1.7.10.4