Possible sdl_ttf bug

Michael_Cowart · August 1, 2002, 4:54am

Hi, I am having a problem using sdl_ttf. I have a
dynamically allocated string that I use for a while,
but when I go to free it, I get a segfault. I debuged
the program, and it seems that when I print the text,
the pointer gets all garked up. Here’s the debug
output -

//here it looks like TTF_SizeUnicode changed my
pointer

Old value = 0x804bbb0 “This is a test”
New value = 0x8040000 <Address 0x8040000 out of
bounds>
0x400783b4 in TTF_SizeUNICODE () from
/usr/lib/libSDL_ttf-2.0.so.0

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 31679)]
0x40135b9c in free () from /lib/libc.so.6
(gdb)

I’m using the newest sdl-ttf (2.0.5-1) on Mandrake 8.1

I’m not even using TTF_SizeUNICODE, i’m using
TTF_SizeText. The text prints just fine, it’s when I
try to free it that it segfaults. Here’s the code
(this function is in a dll that my program uses)
(don’t pay attention to the pallettized - non
palettized stuff, i’m only using non-palettized
surfaces right now)

//begin code
DECLSPEC int
g_emuPrintText (SDL_Surface *surf_Dest,TTF_Font
*f_Font,
const char *ac_Text,SDL_Rect
*rect_Dest,
SDL_Color col_TextColor)
{
SDL_Surface *surf_Text = NULL;
//the temporary text surface

//figure out the size of the text
TTF_SizeText

(f_Font,ac_Text,(int*)&(rect_Dest->w),(int*)&(rect_Dest->h));

//if destination surface is palettized
if (surf_Dest->format->BitsPerPixel <= 8)
{
    surf_Text = TTF_RenderText_Solid

(f_Font,ac_Text,col_TextColor);

    //make sure text surface is valid
    if (surf_Text == NULL)
    {
        printf ("Error creating text surface:

%s\n",SDL_GetError());
return FAILURE;
}

    //now, set palette
    memcpy

(surf_Text->format->palette,surf_Dest->format->palette,sizeof
(SDL_Palette));
}
//non palettized
else
{
surf_Text = TTF_RenderText_Blended
(f_Font,ac_Text,col_TextColor);

    //make sure text surface is valid
    if (surf_Text == NULL)
    {
        printf ("Error creating text surface:

%s\n",SDL_GetError());
return FAILURE;
}
}

//now, blit
if (SDL_BlitSurface

(surf_Text,NULL,surf_Dest,rect_Dest) == FAILURE)
{
printf (“Failure blitting text:
%s\n”,SDL_GetError ());
SDL_FreeSurface (surf_Text);
return FAILURE;
}

//cleanup
SDL_FreeSurface (surf_Text);

return SUCCESS;

}
//end code

Thanks,=====
Michael Cowart
Department of Computer Engineering, University of Arkansas
@Michael_Cowart

“Elen sila lumenn’ omentielvo” - a star shines on the hour of our meeting

Do You Yahoo!?
Yahoo! Health - Feel better, live better

slouken · August 1, 2002, 9:24am

Hi, I am having a problem using sdl_ttf. I have a
dynamically allocated string that I use for a while,
but when I go to free it, I get a segfault. I debuged
the program, and it seems that when I print the text,
the pointer gets all garked up. Here’s the debug
output -

//here it looks like TTF_SizeUnicode changed my
pointer

Old value = 0x804bbb0 "This is a test"
New value = 0x8040000 <Address 0x8040000 out of
bounds>
0x400783b4 in TTF_SizeUNICODE () from
/usr/lib/libSDL_ttf-2.0.so.0

Ah, I think this is caused by the following line:

//figure out the size of the text
TTF_SizeText
(f_Font,ac_Text,(int*)&(rect_Dest->w),(int*)&(rect_Dest->h));

This isn’t correct. Whenever you have to do type casting, watch out!
What will actually happen in this case is rect_Dest->w will be filled with
a value, and 2 bytes of memory on the stack (the string pointer) will get
trashed. What you really want is the following:

int w, h;
TTF_SizeText(f_Font,ac_Text,&w,&h);
rect_Dest->w = w;
rect_Dest->h = h;

See ya!
-Sam Lantinga, Software Engineer, Blizzard Entertainment

Michael_Cowart · August 1, 2002, 9:56am

Silly me. That fixed it right up.

Thanks

— Sam Lantinga wrote:

Hi, I am having a problem using sdl_ttf. I have a
dynamically allocated string that I use for a
while,
but when I go to free it, I get a segfault. I
debuged
the program, and it seems that when I print the
text,
the pointer gets all garked up. Here’s the debug
output -

//here it looks like TTF_SizeUnicode changed my
pointer

Old value = 0x804bbb0 "This is a test"
New value = 0x8040000 <Address 0x8040000 out of
bounds>
0x400783b4 in TTF_SizeUNICODE () from
/usr/lib/libSDL_ttf-2.0.so.0

Ah, I think this is caused by the following line:
//figure out the size of the text
TTF_SizeText

(f_Font,ac_Text,(int*)&(rect_Dest->w),(int*)&(rect_Dest->h));>

This isn’t correct. Whenever you have to do type
casting, watch out!
What will actually happen in this case is
rect_Dest->w will be filled with
a value, and 2 bytes of memory on the stack (the
string pointer) will get
trashed. What you really want is the following:

int w, h;
TTF_SizeText(f_Font,ac_Text,&w,&h);
rect_Dest->w = w;
rect_Dest->h = h;

See ya!
-Sam Lantinga, Software Engineer, Blizzard
Entertainment

SDL mailing list
SDL at libsdl.org
http://www.libsdl.org/mailman/listinfo/sdl

=====
Michael Cowart
Department of Computer Engineering, University of Arkansas
@Michael_Cowart

“Elen sila lumenn’ omentielvo” - a star shines on the hour of our meeting

Do You Yahoo!?
Yahoo! Health - Feel better, live better