Debian Bug report logs - #594824
libsdl-ttf2.0-0: rendering underlined text can lead to memory corruption

version graph

Package: libsdl-ttf2.0-0; Maintainer for libsdl-ttf2.0-0 is Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>; Source for libsdl-ttf2.0-0 is src:sdl-ttf2.0.

Reported by: Lenard Lindstrom <len-l@telus.net>

Date: Sun, 29 Aug 2010 21:24:01 UTC

Severity: normal

Found in version sdl-ttf2.0/2.0.9-1

Fixed in version sdl-ttf2.0/2.0.11-1

Done: manuel.montezelo@gmail.com (Manuel A. Fernandez Montecelo)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Samuel Mimram <smimram@debian.org>:
Bug#594824; Package libsdl-ttf2.0-0. (Sun, 29 Aug 2010 21:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lenard Lindstrom <len-l@telus.net>:
New Bug report received and forwarded. Copy sent to Samuel Mimram <smimram@debian.org>. (Sun, 29 Aug 2010 21:24:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Lenard Lindstrom <len-l@telus.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libsdl-ttf2.0-0: rendering underlined text can lead to memory corruption
Date: Sun, 29 Aug 2010 14:20:05 -0700
[Message part 1 (text/plain, inline)]
Package: libsdl-ttf2.0-0
Version: 2.0.9-1
Severity: normal

Also tested on source libsdl-ttf2.0 2.0.9-1 built with debug information.

Fixed in SDL_ttf (pre 2.0.10) changeset 144   0f803b00e43b
http://hg.libsdl.org/SDL_ttf/rev/0f803b00e43b

When the underline style is set the TTF_RenderUNICODE_xxx functions can write
past the end of the buffer of the returned SDL surface. The happens in the line
write for loop at the end of each function.

Attached are a program demonstrating the problem and a patch fixing it. The
patch is based on the fix applied to SDL_ttf 2.0.10. To apply the patch, from
the SDL-ttf root directory:

patch <sdl-ttf2.0-2.0.9-underline_bug.patch



-- System Information:
Debian Release: squeeze/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libsdl-ttf2.0-0 depends on:
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
ii  libfreetype6            2.4.2-1          FreeType 2 font engine, shared lib
ii  libsdl1.2debian         1.2.14-6         Simple DirectMedia Layer
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

libsdl-ttf2.0-0 recommends no packages.

libsdl-ttf2.0-0 suggests no packages.
[underline.c (text/x-c, attachment)]
[sdl-ttf2.0-2.0.9-underline_bug.patch (text/x-c, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Samuel Mimram <smimram@debian.org>:
Bug#594824; Package libsdl-ttf2.0-0. (Sun, 29 Aug 2010 23:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lenard Lindstrom <len-l@telus.net>:
Extra info received and forwarded to list. Copy sent to Samuel Mimram <smimram@debian.org>. (Sun, 29 Aug 2010 23:33:03 GMT) Full text and rfc822 format available.

Message #10 received at 594824@bugs.debian.org (full text, mbox):

From: Lenard Lindstrom <len-l@telus.net>
To: 594824@bugs.debian.org
Subject: font file used by test program
Date: Sun, 29 Aug 2010 15:49:50 -0700
[Message part 1 (text/plain, inline)]
This is the default font file used by underline.c. It was the file used 
when the bug was detected.

freesansbold.ttf is packaged with Pygame, so is probably covered under 
the same Version 1.2 LGPL license.

[freesansbold.ttf (application/x-font-ttf, attachment)]

Reply sent to manuel.montezelo@gmail.com (Manuel A. Fernandez Montecelo):
You have taken responsibility. (Tue, 31 Jan 2012 18:36:11 GMT) Full text and rfc822 format available.

Notification sent to Lenard Lindstrom <len-l@telus.net>:
Bug acknowledged by developer. (Tue, 31 Jan 2012 18:36:12 GMT) Full text and rfc822 format available.

Message #15 received at 594824-close@bugs.debian.org (full text, mbox):

From: manuel.montezelo@gmail.com (Manuel A. Fernandez Montecelo)
To: 594824-close@bugs.debian.org
Subject: Bug#594824: fixed in sdl-ttf2.0 2.0.11-1
Date: Tue, 31 Jan 2012 18:32:58 +0000
Source: sdl-ttf2.0
Source-Version: 2.0.11-1

We believe that the bug you reported is fixed in the latest version of
sdl-ttf2.0, which is due to be installed in the Debian FTP archive:

libsdl-ttf2.0-0_2.0.11-1_amd64.deb
  to main/s/sdl-ttf2.0/libsdl-ttf2.0-0_2.0.11-1_amd64.deb
libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
  to main/s/sdl-ttf2.0/libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
sdl-ttf2.0_2.0.11-1.debian.tar.gz
  to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11-1.debian.tar.gz
sdl-ttf2.0_2.0.11-1.dsc
  to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11-1.dsc
sdl-ttf2.0_2.0.11.orig.tar.gz
  to main/s/sdl-ttf2.0/sdl-ttf2.0_2.0.11.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 594824@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Manuel A. Fernandez Montecelo <manuel.montezelo@gmail.com> (supplier of updated sdl-ttf2.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 27 Jan 2012 11:43:59 +0000
Source: sdl-ttf2.0
Binary: libsdl-ttf2.0-0 libsdl-ttf2.0-dev
Architecture: source amd64
Version: 2.0.11-1
Distribution: unstable
Urgency: low
Maintainer: Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>
Changed-By: Manuel A. Fernandez Montecelo <manuel.montezelo@gmail.com>
Description: 
 libsdl-ttf2.0-0 - TrueType Font library for Simple DirectMedia Layer 1.2, libraries
 libsdl-ttf2.0-dev - TrueType Font library for Simple DirectMedia Layer 1.2, developme
Closes: 413069 438749 515122 594824 595739 653656
Changes: 
 sdl-ttf2.0 (2.0.11-1) unstable; urgency=low
 .
   * New upstream release (Closes: #515122, #595739, #413069, #438749, #594824)
     - License switched to zlib/libpng
   * New maintainers
     - Make package as part of SDL team
     - Add myself to Uploaders, and setting DM-Upload-Allowed: yes
     - Remove previous maintainers/uploaders, inactive for years and they have
       been informed
   * Changes in packaging:
     - Switch to debhelper compat level v9 (level 4 before, obsolete)
       - Greatly simplifying debian/rules accordingly
       - Build for multiarch (Closes: #653656)
     - Bump Standards-Version to 3.9.2 (no changes needed)
     - Added 'source/format', with '3.0 (quilt)'
     - Modifications to dependencies and build options:
       - Depending on newer dpkg-dev
       - Depending on SDL >= 1.2.14 (instead of misc old versions)
     - debian/copyright: updated license and converted to DEP-5
     - Modifying slightly the descriptions
     - lintian source override for versioned debhelper warning
Checksums-Sha1: 
 9e2dbeeed477e00b43d48ab487e576ef9723a74e 2177 sdl-ttf2.0_2.0.11-1.dsc
 0ccf7c70e26b7801d83f4847766e09f09db15cc6 4053686 sdl-ttf2.0_2.0.11.orig.tar.gz
 bafc734112531e618192451dc1b0f472ff00e426 4252 sdl-ttf2.0_2.0.11-1.debian.tar.gz
 f99792cf6e3fa37cf5e253957f4a1ddc10b22c36 19916 libsdl-ttf2.0-0_2.0.11-1_amd64.deb
 f2d26bbb68700c9405e2cfb5961bbfa8e4d23fb7 29318 libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
Checksums-Sha256: 
 6f5c4cad3b291c44b83c55865497e7ee9a36238844a0e89974f52c2757c7f90b 2177 sdl-ttf2.0_2.0.11-1.dsc
 724cd895ecf4da319a3ef164892b72078bd92632a5d812111261cde248ebcdb7 4053686 sdl-ttf2.0_2.0.11.orig.tar.gz
 93cf54373f6174b2dd59aa7a8ccda02de15e3aeb3a18dddfa0badfc7122894ed 4252 sdl-ttf2.0_2.0.11-1.debian.tar.gz
 1d37ba80d1d53fe9e8214e589a21c7b9eba406e48e74b2d9090c0bdf18f2b5ea 19916 libsdl-ttf2.0-0_2.0.11-1_amd64.deb
 a4b3ade85aef9259f41a57272711d893dcbb997b4005e1c58b7a0890840cd243 29318 libsdl-ttf2.0-dev_2.0.11-1_amd64.deb
Files: 
 8093419176e23ed5678463314bb9a088 2177 libs optional sdl-ttf2.0_2.0.11-1.dsc
 61e29bd9da8d245bc2471d1b2ce591aa 4053686 libs optional sdl-ttf2.0_2.0.11.orig.tar.gz
 eea0ab4fa7c44283661b05b38e69f820 4252 libs optional sdl-ttf2.0_2.0.11-1.debian.tar.gz
 950b9a2aec03964fad2c6063cb59127b 19916 libs optional libsdl-ttf2.0-0_2.0.11-1_amd64.deb
 1f92b26da3c9796d7062da922936daae 29318 libdevel optional libsdl-ttf2.0-dev_2.0.11-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPKC9KAAoJEMMfT9lJqytsc3QQAILmY3TAm0kmEV3XcLbGpUqo
hX61ri3yCg2fRLjIwg3YWbP4cunKUoHN7m4CqLleCRfMUWHFth/Iteihhl0GpEka
55il4qED97lbB9Z4WXmqUXlbqThrGa+pOmw+Q66eQ2yWamoYl8rKe5EGRqy6Kajb
RhqTBIV58QKi/9yafKzGkioBVaQpoxIBaqnvA71Qz4ptapjblprwgVnzai6XznRs
K3zHcEVYHXAdTxS9OBsaAhh/QYADAex/i8uLosYSb0VVGdTFlTDihSTvwUWsELSm
srJMpwaQaFn9gkhxksTp3V7s6d1OEZYpgTeIV9jsdrSWh3ZOah82lsc+0SqZfLe+
2n/NgXFp7CYfFBHmnefiTJ6V3tY1JcQvh+N8Dyx0ZQtb6RZMPR0mNOFRNOYnozf1
M7YC7ge1NFZi+8mJ4kK+ZsFEyJ8DUOzcIY9Rr/vuSV9IMobupksXJQt2Nghrecn8
eN9sKDCcBJQtvAxFa3VUCM+5PIx0Tt7/jhEJjwNuUhrr59oo1LuiwKDLWvfPviNi
7jN6AlNNP/Nf5lBmC8IycQDv1dIXpUblG+qz38MjR1xC/gEc3zbZu8DaKtfaO51I
l5Lg3JgYSMy/cpr15QFKkv56r3G/6LW87HiiCNTYHgeHT3OSbJ8HV++S+V2wLiy5
suPd068+EpK/TUpLHLoI
=wNSo
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 10 Mar 2012 07:35:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 23:12:08 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.