We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3093 - Memory Leak in TTF_RenderUTF8_Blended_Wrapped

Summary: Memory Leak in TTF_RenderUTF8_Blended_Wrapped

Status:	RESOLVED FIXED

Alias:	None

Product:	SDL_ttf
Classification:	Unclassified
Component:	misc (show other bugs)
Version:	2.0.12
Hardware:	All All

Importance:	P2 normal
Assignee:	Sam Lantinga
QA Contact:	Sam Lantinga

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-14 11:54 UTC by Pankaj
Modified:	2017-09-10 06:22 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Freeing the allocated memory in failure case (540 bytes, patch) 2015-08-21 09:38 UTC, Amit Jain	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pankaj 2015-08-14 11:54:14 UTC

Hi Mr.Sam,
Actually I am using SDL_ttf. When I was looking inside the code.
I have found that in function "SDL_Surface *TTF_RenderUTF8_Blended_Wrapped(TTF_Font *font, const char *text, SDL_Color fg, Uint32 wrapLength)"
It is allocating "str" then allocating "strLines". If "strLines" fails to allocate, error for out of memory is set and returned NULL. But memory allocated for "str" is not freed. There should be code for freeing the memory allocated to "str" in do-while loop where NULL has returned for allocating "strLines"

Current code in SDL2_ttf-2.0.12 version:

SDL_Surface *TTF_RenderUTF8_Blended_Wrapped(TTF_Font *font, const char *text, SDL_Color fg, Uint32 wrapLength)
{
	//some code
	str = SDL_stack_alloc(char, str_len+1);
	//some code
	strLines = (char **)SDL_realloc(strLines, (numLines+1)*sizeof(*strLines));
	if (!strLines) {
		TTF_SetError("Out of memory");
        return(NULL);
    }
	//some code
}

Code with fix:

SDL_Surface *TTF_RenderUTF8_Blended_Wrapped(TTF_Font *font, const char *text, SDL_Color fg, Uint32 wrapLength)
{
	//some code
	str = SDL_stack_alloc(char, str_len+1);
	//some code
	strLines = (char **)SDL_realloc(strLines, (numLines+1)*sizeof(*strLines));
	if (!strLines) {
		TTF_SetError("Out of memory");
		SDL_stack_free(str);
        return(NULL);
    }
	//some code
}


Regards,
Pankaj

Comment 1 Philipp Wiesemann 2015-08-15 19:40:16 UTC

Additionally, if the realloc() would fail then the old strLines would not be freed.

Comment 2 Amit Jain 2015-08-21 09:38:04 UTC

Created attachment 2249 [details]
Freeing the allocated memory in failure case

Patch has been attached for solution

Explanation:
In function "SDL_Surface *TTF_RenderUTF8_Blended_Wrapped(TTF_Font *font, const char *text, SDL_Color fg, Uint32 wrapLength)"
It is allocating "str" then allocating "strLines". If "strLines" fails to allocate, error for out of memory is set and returned NULL. But memory allocated for "str" is not freed. There should be code for freeing the memory allocated to "str" in do-while loop where NULL has returned for allocating "strLines"

Comment 3 Sam Lantinga 2017-09-10 06:22:21 UTC

Fixed, thanks!
https://hg.libsdl.org/SDL_ttf/rev/36787734aedf

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.