Your message dated Tue, 31 Jan 2012 18:32:58 +0000
with message-id <[email protected]>
and subject line Bug#594824: fixed in sdl-ttf2.0 2.0.11-1
has caused the Debian Bug report #594824,
regarding libsdl-ttf2.0-0: rendering underlined text can lead to memory
corruption
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
594824: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594824
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libsdl-ttf2.0-0
Version: 2.0.9-1
Severity: normal
Also tested on source libsdl-ttf2.0 2.0.9-1 built with debug information.
Fixed in SDL_ttf (pre 2.0.10) changeset 144 0f803b00e43b
http://hg.libsdl.org/SDL_ttf/rev/0f803b00e43b
When the underline style is set the TTF_RenderUNICODE_xxx functions can write
past the end of the buffer of the returned SDL surface. The happens in the line
write for loop at the end of each function.
Attached are a program demonstrating the problem and a patch fixing it. The
patch is based on the fix applied to SDL_ttf 2.0.10. To apply the patch, from
the SDL-ttf root directory:
patch <sdl-ttf2.0-2.0.9-underline_bug.patch
-- System Information:
Debian Release: squeeze/sid
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libsdl-ttf2.0-0 depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libfreetype6 2.4.2-1 FreeType 2 font engine, shared lib
ii libsdl1.2debian 1.2.14-6 Simple DirectMedia Layer
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
libsdl-ttf2.0-0 recommends no packages.
libsdl-ttf2.0-0 suggests no packages.
/* Demonstrates libsdl-ttf2.0 2.0.9-1 memory corruption in TTF_RenderUNICODE_Solid
*
* underline [<font file> [<text message>]]
*
* Prints the last line and one line past, as hex byte values,
* of a rendered underlined text message.
*
* This actual trigger the following error for me:
* *** glibc detected *** ./underline: free(): invalid next size (normal): 0x084b0670 ***
*
* To build:
* gcc -g underline.c -lSDL_ttf -lSDL -o underline
*
* There are no copyright claims on this program.
*/
#include <stdio.h>
#include <SDL/SDL_ttf.h>
static int init(void);
static void quit(void);
static void print_line(SDL_Surface *surf, int line);
int main(int argc, char *argv[])
{
TTF_Font *font;
const char *filename;
const char *msg;
FILE *test;
int style;
SDL_Surface *surf;
SDL_Color foreg = {250, 240, 230, 0};
if (argc > 1) {
filename = argv[1];
}
else {
filename = "freesansbold.ttf";
}
if (argc > 2) {
msg = argv[2];
}
else {
msg = "Fonty";
}
/*check if it is a valid file, else SDL_ttf segfaults*/
test = fopen(filename, "rb");
if(!test) {
printf("Unable to open font file '%.1024s'\n", filename);
return 1;
}
fclose(test);
if (init() == -1) {
printf("%s\n", SDL_GetError());
return 1;
}
font = TTF_OpenFont(filename, 80);
if (!font) {
printf("%s\n", TTF_GetError());
quit();
return 1;
}
style = TTF_GetFontStyle(font);
TTF_SetFontStyle(font, style | TTF_STYLE_UNDERLINE);
surf = TTF_RenderText_Solid(font, msg, foreg);
if (surf == NULL) {
TTF_CloseFont(font);
printf("%s\n", TTF_GetError());
quit();
return 1;
}
print_line(surf, surf->h - 1);
print_line(surf, surf->h);
SDL_FreeSurface(surf);
TTF_CloseFont(font);
quit();
return 0;
}
int init(void)
{
return TTF_Init();
}
void quit(void)
{
TTF_Quit();
}
void print_line(SDL_Surface *surf, int line)
{
unsigned char *lptr = (unsigned char *)surf->pixels + (surf->pitch * line);
unsigned char *lendptr = lptr + surf->w;
printf("[");
while (lptr < lendptr) {
printf(" %.2x ", (unsigned)*lptr);
++lptr;
}
printf("]\n");
}
--- /usr/local/src/sdl-ttf2.0-2.0.9/SDL_ttf.c 2007-07-14 23:18:29.000000000 -0700
+++ SDL_ttf.c 2010-08-29 12:01:40.000000000 -0700
@@ -1204,7 +1204,7 @@
row = (textbuf->h-1) - font->underline_height;
}
dst = (Uint8 *)textbuf->pixels + row * textbuf->pitch;
- for ( row=font->underline_height; row>0; --row ) {
+ for ( row=font->underline_height; row>0 && dst < dst_check; --row ) {
/* 1 because 0 is the bg color */
memset( dst, 1, textbuf->w );
dst += textbuf->pitch;
@@ -1465,7 +1465,7 @@
row = (textbuf->h-1) - font->underline_height;
}
dst = (Uint8 *)textbuf->pixels + row * textbuf->pitch;
- for ( row=font->underline_height; row>0; --row ) {
+ for ( row=font->underline_height; row>0 && dst < dst_check; --row ) {
memset( dst, NUM_GRAYS - 1, textbuf->w );
dst += textbuf->pitch;
}
@@ -1721,7 +1721,7 @@
}
dst = (Uint32 *)textbuf->pixels + row * textbuf->pitch/4;
pixel |= 0xFF000000; /* Amask */
- for ( row=font->underline_height; row>0; --row ) {
+ for ( row=font->underline_height; row>0 && dst < dst_check; --row ) {
for ( col=0; col < textbuf->w; ++col ) {
dst[col] = pixel;
}
--- End Message ---
--- Begin Message ---
Source: sdl-ttf2.0
Source-Version: 2.0.11-1
We believe that the bug you reported is fixed in the latest version of
sdl-ttf2.0, which is due to be installed in the Debian FTP archive:
libsdl-ttf2.0-0_2.0.11-1_amd64.deb
to main/s/sdl-ttf2.0/libsdl-ttf2.0-0_2.0.11-1_amd64.deb
libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
to main/s/sdl-ttf2.0/libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
sdl-ttf2.0_2.0.11-1.debian.tar.gz
to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11-1.debian.tar.gz
sdl-ttf2.0_2.0.11-1.dsc
to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11-1.dsc
sdl-ttf2.0_2.0.11.orig.tar.gz
to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Manuel A. Fernandez Montecelo <[email protected]> (supplier of updated
sdl-ttf2.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 27 Jan 2012 11:43:59 +0000
Source: sdl-ttf2.0
Binary: libsdl-ttf2.0-0 libsdl-ttf2.0-dev
Architecture: source amd64
Version: 2.0.11-1
Distribution: unstable
Urgency: low
Maintainer: Debian SDL packages maintainers
<[email protected]>
Changed-By: Manuel A. Fernandez Montecelo <[email protected]>
Description:
libsdl-ttf2.0-0 - TrueType Font library for Simple DirectMedia Layer 1.2,
libraries
libsdl-ttf2.0-dev - TrueType Font library for Simple DirectMedia Layer 1.2,
developme
Closes: 413069 438749 515122 594824 595739 653656
Changes:
sdl-ttf2.0 (2.0.11-1) unstable; urgency=low
.
* New upstream release (Closes: #515122, #595739, #413069, #438749, #594824)
- License switched to zlib/libpng
* New maintainers
- Make package as part of SDL team
- Add myself to Uploaders, and setting DM-Upload-Allowed: yes
- Remove previous maintainers/uploaders, inactive for years and they have
been informed
* Changes in packaging:
- Switch to debhelper compat level v9 (level 4 before, obsolete)
- Greatly simplifying debian/rules accordingly
- Build for multiarch (Closes: #653656)
- Bump Standards-Version to 3.9.2 (no changes needed)
- Added 'source/format', with '3.0 (quilt)'
- Modifications to dependencies and build options:
- Depending on newer dpkg-dev
- Depending on SDL >= 1.2.14 (instead of misc old versions)
- debian/copyright: updated license and converted to DEP-5
- Modifying slightly the descriptions
- lintian source override for versioned debhelper warning
Checksums-Sha1:
9e2dbeeed477e00b43d48ab487e576ef9723a74e 2177 sdl-ttf2.0_2.0.11-1.dsc
0ccf7c70e26b7801d83f4847766e09f09db15cc6 4053686 sdl-ttf2.0_2.0.11.orig.tar.gz
bafc734112531e618192451dc1b0f472ff00e426 4252 sdl-ttf2.0_2.0.11-1.debian.tar.gz
f99792cf6e3fa37cf5e253957f4a1ddc10b22c36 19916
libsdl-ttf2.0-0_2.0.11-1_amd64.deb
f2d26bbb68700c9405e2cfb5961bbfa8e4d23fb7 29318
libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
Checksums-Sha256:
6f5c4cad3b291c44b83c55865497e7ee9a36238844a0e89974f52c2757c7f90b 2177
sdl-ttf2.0_2.0.11-1.dsc
724cd895ecf4da319a3ef164892b72078bd92632a5d812111261cde248ebcdb7 4053686
sdl-ttf2.0_2.0.11.orig.tar.gz
93cf54373f6174b2dd59aa7a8ccda02de15e3aeb3a18dddfa0badfc7122894ed 4252
sdl-ttf2.0_2.0.11-1.debian.tar.gz
1d37ba80d1d53fe9e8214e589a21c7b9eba406e48e74b2d9090c0bdf18f2b5ea 19916
libsdl-ttf2.0-0_2.0.11-1_amd64.deb
a4b3ade85aef9259f41a57272711d893dcbb997b4005e1c58b7a0890840cd243 29318
libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
Files:
8093419176e23ed5678463314bb9a088 2177 libs optional sdl-ttf2.0_2.0.11-1.dsc
61e29bd9da8d245bc2471d1b2ce591aa 4053686 libs optional
sdl-ttf2.0_2.0.11.orig.tar.gz
eea0ab4fa7c44283661b05b38e69f820 4252 libs optional
sdl-ttf2.0_2.0.11-1.debian.tar.gz
950b9a2aec03964fad2c6063cb59127b 19916 libs optional
libsdl-ttf2.0-0_2.0.11-1_amd64.deb
1f92b26da3c9796d7062da922936daae 29318 libdevel optional
libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJPKC9KAAoJEMMfT9lJqytsc3QQAILmY3TAm0kmEV3XcLbGpUqo
hX61ri3yCg2fRLjIwg3YWbP4cunKUoHN7m4CqLleCRfMUWHFth/Iteihhl0GpEka
55il4qED97lbB9Z4WXmqUXlbqThrGa+pOmw+Q66eQ2yWamoYl8rKe5EGRqy6Kajb
RhqTBIV58QKi/9yafKzGkioBVaQpoxIBaqnvA71Qz4ptapjblprwgVnzai6XznRs
K3zHcEVYHXAdTxS9OBsaAhh/QYADAex/i8uLosYSb0VVGdTFlTDihSTvwUWsELSm
srJMpwaQaFn9gkhxksTp3V7s6d1OEZYpgTeIV9jsdrSWh3ZOah82lsc+0SqZfLe+
2n/NgXFp7CYfFBHmnefiTJ6V3tY1JcQvh+N8Dyx0ZQtb6RZMPR0mNOFRNOYnozf1
M7YC7ge1NFZi+8mJ4kK+ZsFEyJ8DUOzcIY9Rr/vuSV9IMobupksXJQt2Nghrecn8
eN9sKDCcBJQtvAxFa3VUCM+5PIx0Tt7/jhEJjwNuUhrr59oo1LuiwKDLWvfPviNi
7jN6AlNNP/Nf5lBmC8IycQDv1dIXpUblG+qz38MjR1xC/gEc3zbZu8DaKtfaO51I
l5Lg3JgYSMy/cpr15QFKkv56r3G/6LW87HiiCNTYHgeHT3OSbJ8HV++S+V2wLiy5
suPd068+EpK/TUpLHLoI
=wNSo
-----END PGP SIGNATURE-----
--- End Message ---
