We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 284

Summary: IMG_ReadXPMFromArray() crashes when loading XPM from memory instead of file
Product: SDL_image Reporter: Pierre Sarrazin <sarrazip>
Component: miscAssignee: Sam Lantinga <slouken>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: normal    
Priority: P2 CC: konqueror
Version: unspecified   
Hardware: x86   
OS: Linux   
Attachments: Patch fixing several segfaults

Description Pierre Sarrazin 2006-07-19 08:30:52 UTC
My code calls IMG_ReadXPMFromArray(char **xpm) to create an SDL_Surface from an XPM array in memory.  That function calls load_xpm(xpm, NULL).  That NULL is the 'src' argument, of type SDL_RWops.  The first thing that load_xpm() does with 'src' is to call SDL_RWtell(src).  SDL/SDL_rwops.h defines SDL_RWtell(ctx) as (ctx)->seek(ctx, 0, RW_SEEK_CUR).  Since 'ctx' is null, the process crashes.  This all happens in IMG_xpm.c.

This happens with SDL_image 1.2.5.  Version 1.2.4 had a different implementation for load_xpm(): it called get_next_line(xpmlines, src, 0) instead of SDL_RWtell(src).  get_next_line() did not use 'src' if 'xpmlines' was non-null.
Comment 1 Michael Koch 2006-07-22 00:37:49 UTC
Created attachment 150 [details]
Patch fixing several segfaults

I have got a patch for the same problem in Debian. Applications that worked with SDL_Image 1.2.4 segfaulted a lot with SDL_Image 1.2.5. The attached patch fixes this. I already use this patch in Debian and it looks okay.
Comment 2 Ryan C. Gordon 2007-02-13 05:08:38 UTC
This patch is now in Subversion (revision #2970).

Thanks!

--ryan.