We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 284 - IMG_ReadXPMFromArray() crashes when loading XPM from memory instead of file

Summary: IMG_ReadXPMFromArray() crashes when loading XPM from memory instead of file

Status:	RESOLVED FIXED

Alias:	None

Product:	SDL_image
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	unspecified
Hardware:	x86 Linux

Importance:	P2 normal
Assignee:	Sam Lantinga
QA Contact:	Sam Lantinga

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-07-19 08:30 UTC by Pierre Sarrazin
Modified:	2007-02-13 05:08 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Patch fixing several segfaults (4.77 KB, patch) 2006-07-22 00:37 UTC, Michael Koch	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pierre Sarrazin 2006-07-19 08:30:52 UTC

My code calls IMG_ReadXPMFromArray(char **xpm) to create an SDL_Surface from an XPM array in memory.  That function calls load_xpm(xpm, NULL).  That NULL is the 'src' argument, of type SDL_RWops.  The first thing that load_xpm() does with 'src' is to call SDL_RWtell(src).  SDL/SDL_rwops.h defines SDL_RWtell(ctx) as (ctx)->seek(ctx, 0, RW_SEEK_CUR).  Since 'ctx' is null, the process crashes.  This all happens in IMG_xpm.c.

This happens with SDL_image 1.2.5.  Version 1.2.4 had a different implementation for load_xpm(): it called get_next_line(xpmlines, src, 0) instead of SDL_RWtell(src).  get_next_line() did not use 'src' if 'xpmlines' was non-null.

Comment 1 Michael Koch 2006-07-22 00:37:49 UTC

Created attachment 150 [details]
Patch fixing several segfaults

I have got a patch for the same problem in Debian. Applications that worked with SDL_Image 1.2.4 segfaulted a lot with SDL_Image 1.2.5. The attached patch fixes this. I already use this patch in Debian and it looks okay.

Comment 2 Ryan C. Gordon 2007-02-13 05:08:38 UTC

This patch is now in Subversion (revision #2970).

Thanks!

--ryan.

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.