#19 RC5 Array bounds error in glutBitmapCharacter

closed-accepted
James Jones
moderate (59)
5
2003-09-20
2003-09-19
Nigel Stewart
No

In freegltu_font.c there is a test of whether a character
is in range:

freeglut_return_if_fail( character >= 0 && character
< 256 );

However, the array of face entries begins at character
1, not zero:

face = font->Characters[ character - 1 ];

So, if character is 0 the routine glutBitmapCharacter
(may) crash.

The fix is to change the range check to:

freeglut_return_if_fail( character >= 1 && character
< 256 );

The stroke character routine does not appear to suffer
the same problem.

This problem was revealed by the example3.cpp GLUI
example program available from:
http://www.nigels.com/glt/glui/

Discussion

  • James Jones
    James Jones
    2003-09-20

    Logged In: YES
    user_id=71128

    Excellent catch. Thanks, Nigel!

     
  • James Jones
    James Jones
    2003-09-20

    • assigned_to: nobody --> puggles
    • status: open --> closed-accepted