Hi,
The code, which, in SDL_ttf, handles the copy of glyph data to the SDL surface
has an issue: some glyphs may specify a negative offset, and this is not checked
for. It may cause some nasty memory corruption / crashes.
I suggest the following patch be applied against SDL_ttf.c :
Index: SDL_ttf.c===================================================================
RCS file: /home/sdlweb/libsdl.org/cvs/SDL_ttf2/SDL_ttf.c,v
retrieving revision 1.23
diff -u -3 -p -r1.23 SDL_ttf.c
— SDL_ttf.c 16 May 2004 16:48:15 -0000 1.23
+++ SDL_ttf.c 10 Jul 2004 18:36:10 -0000
@@ -1078,7 +1078,11 @@ SDL_Surface *TTF_RenderUNICODE_Solid(TTF
}
for( row = 0; row < current->rows; ++row ) {
-
/* Make sure we don't go over the limit */
-
/* Make sure we don't go either over, or under the
-
* limit */
-
if ( row+glyph->yoffset < 0 ) {
-
continue;
-
} if ( row+glyph->yoffset >= textbuf->h ) { continue; }
@@ -1326,7 +1330,11 @@ SDL_Surface* TTF_RenderUNICODE_Shaded( T
current = &glyph->pixmap;
for( row = 0; row < current->rows; ++row ) {
-
/* Make sure we don't go over the limit */
-
/* Make sure we don't go either over, or under the
-
* limit */
-
if ( row+glyph->yoffset < 0 ) {
-
continue;
-
} if ( row+glyph->yoffset >= textbuf->h ) { continue; }
@@ -1560,7 +1568,11 @@ SDL_Surface *TTF_RenderUNICODE_Blended(T
}
for ( row = 0; row < glyph->pixmap.rows; ++row ) {
-
/* Make sure we don't go over the limit */
-
/* Make sure we don't go either over, or under the
-
* limit */
-
if ( row+glyph->yoffset < 0 ) {
-
continue;
-
} if ( row+glyph->yoffset >= textbuf->h ) { continue; }
Cheers,
Ayin,
Battle for Wesnoth - www.wesnoth.org