Debian Bug report logs - #594824
libsdl-ttf2.0-0: rendering underlined text can lead to memory corruption

version graph

Package: libsdl-ttf2.0-0; Maintainer for libsdl-ttf2.0-0 is Debian SDL packages maintainers <>; Source for libsdl-ttf2.0-0 is src:sdl-ttf2.0.

Reported by: Lenard Lindstrom <>

Date: Sun, 29 Aug 2010 21:24:01 UTC

Severity: normal

Found in version sdl-ttf2.0/2.0.9-1

Fixed in version sdl-ttf2.0/2.0.11-1

Done: (Manuel A. Fernandez Montecelo)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Samuel Mimram <>:
Bug#594824; Package libsdl-ttf2.0-0. (Sun, 29 Aug 2010 21:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lenard Lindstrom <>:
New Bug report received and forwarded. Copy sent to Samuel Mimram <>. (Sun, 29 Aug 2010 21:24:04 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Lenard Lindstrom <>
To: Debian Bug Tracking System <>
Subject: libsdl-ttf2.0-0: rendering underlined text can lead to memory corruption
Date: Sun, 29 Aug 2010 14:20:05 -0700
[Message part 1 (text/plain, inline)]
Package: libsdl-ttf2.0-0
Version: 2.0.9-1
Severity: normal

Also tested on source libsdl-ttf2.0 2.0.9-1 built with debug information.

Fixed in SDL_ttf (pre 2.0.10) changeset 144   0f803b00e43b

When the underline style is set the TTF_RenderUNICODE_xxx functions can write
past the end of the buffer of the returned SDL surface. The happens in the line
write for loop at the end of each function.

Attached are a program demonstrating the problem and a patch fixing it. The
patch is based on the fix applied to SDL_ttf 2.0.10. To apply the patch, from
the SDL-ttf root directory:

patch <sdl-ttf2.0-2.0.9-underline_bug.patch

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libsdl-ttf2.0-0 depends on:
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
ii  libfreetype6            2.4.2-1          FreeType 2 font engine, shared lib
ii  libsdl1.2debian         1.2.14-6         Simple DirectMedia Layer
ii  zlib1g                  1: compression library - runtime

libsdl-ttf2.0-0 recommends no packages.

libsdl-ttf2.0-0 suggests no packages.
[underline.c (text/x-c, attachment)]
[sdl-ttf2.0-2.0.9-underline_bug.patch (text/x-c, attachment)]

Information forwarded to, Samuel Mimram <>:
Bug#594824; Package libsdl-ttf2.0-0. (Sun, 29 Aug 2010 23:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lenard Lindstrom <>:
Extra info received and forwarded to list. Copy sent to Samuel Mimram <>. (Sun, 29 Aug 2010 23:33:03 GMT) Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Lenard Lindstrom <>
Subject: font file used by test program
Date: Sun, 29 Aug 2010 15:49:50 -0700
[Message part 1 (text/plain, inline)]
This is the default font file used by underline.c. It was the file used 
when the bug was detected.

freesansbold.ttf is packaged with Pygame, so is probably covered under 
the same Version 1.2 LGPL license.

[freesansbold.ttf (application/x-font-ttf, attachment)]

Reply sent to (Manuel A. Fernandez Montecelo):
You have taken responsibility. (Tue, 31 Jan 2012 18:36:11 GMT) Full text and rfc822 format available.

Notification sent to Lenard Lindstrom <>:
Bug acknowledged by developer. (Tue, 31 Jan 2012 18:36:12 GMT) Full text and rfc822 format available.

Message #15 received at (full text, mbox):

From: (Manuel A. Fernandez Montecelo)
Subject: Bug#594824: fixed in sdl-ttf2.0 2.0.11-1
Date: Tue, 31 Jan 2012 18:32:58 +0000
Source: sdl-ttf2.0
Source-Version: 2.0.11-1

We believe that the bug you reported is fixed in the latest version of
sdl-ttf2.0, which is due to be installed in the Debian FTP archive:

  to main/s/sdl-ttf2.0/libsdl-ttf2.0-0_2.0.11-1_amd64.deb
  to main/s/sdl-ttf2.0/libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
  to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11-1.debian.tar.gz
  to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11-1.dsc
  to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11.orig.tar.gz

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Manuel A. Fernandez Montecelo <> (supplier of updated sdl-ttf2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.8
Date: Fri, 27 Jan 2012 11:43:59 +0000
Source: sdl-ttf2.0
Binary: libsdl-ttf2.0-0 libsdl-ttf2.0-dev
Architecture: source amd64
Version: 2.0.11-1
Distribution: unstable
Urgency: low
Maintainer: Debian SDL packages maintainers <>
Changed-By: Manuel A. Fernandez Montecelo <>
 libsdl-ttf2.0-0 - TrueType Font library for Simple DirectMedia Layer 1.2, libraries
 libsdl-ttf2.0-dev - TrueType Font library for Simple DirectMedia Layer 1.2, developme
Closes: 413069 438749 515122 594824 595739 653656
 sdl-ttf2.0 (2.0.11-1) unstable; urgency=low
   * New upstream release (Closes: #515122, #595739, #413069, #438749, #594824)
     - License switched to zlib/libpng
   * New maintainers
     - Make package as part of SDL team
     - Add myself to Uploaders, and setting DM-Upload-Allowed: yes
     - Remove previous maintainers/uploaders, inactive for years and they have
       been informed
   * Changes in packaging:
     - Switch to debhelper compat level v9 (level 4 before, obsolete)
       - Greatly simplifying debian/rules accordingly
       - Build for multiarch (Closes: #653656)
     - Bump Standards-Version to 3.9.2 (no changes needed)
     - Added 'source/format', with '3.0 (quilt)'
     - Modifications to dependencies and build options:
       - Depending on newer dpkg-dev
       - Depending on SDL >= 1.2.14 (instead of misc old versions)
     - debian/copyright: updated license and converted to DEP-5
     - Modifying slightly the descriptions
     - lintian source override for versioned debhelper warning
 9e2dbeeed477e00b43d48ab487e576ef9723a74e 2177 sdl-ttf2.0_2.0.11-1.dsc
 0ccf7c70e26b7801d83f4847766e09f09db15cc6 4053686 sdl-ttf2.0_2.0.11.orig.tar.gz
 bafc734112531e618192451dc1b0f472ff00e426 4252 sdl-ttf2.0_2.0.11-1.debian.tar.gz
 f99792cf6e3fa37cf5e253957f4a1ddc10b22c36 19916 libsdl-ttf2.0-0_2.0.11-1_amd64.deb
 f2d26bbb68700c9405e2cfb5961bbfa8e4d23fb7 29318 libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
 6f5c4cad3b291c44b83c55865497e7ee9a36238844a0e89974f52c2757c7f90b 2177 sdl-ttf2.0_2.0.11-1.dsc
 724cd895ecf4da319a3ef164892b72078bd92632a5d812111261cde248ebcdb7 4053686 sdl-ttf2.0_2.0.11.orig.tar.gz
 93cf54373f6174b2dd59aa7a8ccda02de15e3aeb3a18dddfa0badfc7122894ed 4252 sdl-ttf2.0_2.0.11-1.debian.tar.gz
 1d37ba80d1d53fe9e8214e589a21c7b9eba406e48e74b2d9090c0bdf18f2b5ea 19916 libsdl-ttf2.0-0_2.0.11-1_amd64.deb
 a4b3ade85aef9259f41a57272711d893dcbb997b4005e1c58b7a0890840cd243 29318 libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
 8093419176e23ed5678463314bb9a088 2177 libs optional sdl-ttf2.0_2.0.11-1.dsc
 61e29bd9da8d245bc2471d1b2ce591aa 4053686 libs optional sdl-ttf2.0_2.0.11.orig.tar.gz
 eea0ab4fa7c44283661b05b38e69f820 4252 libs optional sdl-ttf2.0_2.0.11-1.debian.tar.gz
 950b9a2aec03964fad2c6063cb59127b 19916 libs optional libsdl-ttf2.0-0_2.0.11-1_amd64.deb
 1f92b26da3c9796d7062da922936daae 29318 libdevel optional libsdl-ttf2.0-dev_2.0.11-1_amd64.deb

Version: GnuPG v1.4.11 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Sat, 10 Mar 2012 07:35:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Wed Apr 23 16:18:39 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.