search

EasyRPG / Player

RPG Maker 2000/2003 and EasyRPG games interpreter
https://easyrpg.org/player/
GNU General Public License v3.0
988 stars 186 forks source link

RMG2000.fon corrupts heap #35

Closed Ghabry closed 11 years ago

Ghabry commented 12 years ago

When using RMG2000.fon (the 2nd font installed by the RPG Maker, RM2000.fon works fine) the Visual Studio Debugger reports a heap corruption.

Edit: This also happens when I move RM2000.fon in the Font folder, loading from C:\Windows\Fonts works fine. Maybe also file finder related?

Call stack:

PlayerD.exe!_CrtIsValidHeapPointer(const void * pUserData) Line 2036 PlayerD.exe!_free_dbg_nolock(void * pUserData, int nBlockUse) Line 1322 PlayerD.exe!_free_dbg(void * pUserData, int nBlockUse) Line 1265 PlayerD.exe!free(void * pUserData) Line 49 PlayerD.exe!pixman_image_unref(RPG::MoveRoute * image, int common, Game_Interpreter ) Line 210 PlayerD.exe!PixmanBitmap::~PixmanBitmap() Line 280 PlayerD.exe!PixmanBitmap::`scalar deleting destructor'(unsigned int) PlayerD.exe!Text::Draw(Surface * dest, int x, int y, int color, std::basic_string<wchar_t, [...]> wtext, Surface::TextAlignment align) Line 160 PlayerD.exe!Surface::TextDraw(int x, int y, int color, std::basic_string<wchar_t, [...]> wtext, Surface::TextAlignment align) Line 800 PlayerD.exe!Surface::TextDraw(int x, int y, int color, std::basic_string<char, [...]> text, Surface::TextAlignment align) Line 806 PlayerD.exe!Window_Command::DrawItem(int index, Font::SystemColor color) Line 52 PlayerD.exe!Window_Command::Refresh() Line 45 PlayerD.exe!Window_Command::Window_Command(std::vectorstd::basic_string<char,[...]> commands, int width, int max_item) Line 38 PlayerD.exe!Scene_Title::CreateCommandWindow() Line 212 PlayerD.exe!Scene_Title::Start() Line 89 PlayerD.exe!Scene::MainFunction() Line 69 PlayerD.exe!Player::Run() Line 131 PlayerD.exe!SDL_main(int argc, char * \ argv) Line 38

Ghabry commented 11 years ago

Working on this, problem is basicly that pixman does not verify the target rectangle if it is out of bounds -> overwrites memory.

void PixmanBitmap::MaskBlit(int x, int y, Bitmap* _src, Rect src_rect) {
    PixmanBitmap* src = (PixmanBitmap*) _src;
++  // Check here, other funcs affected, too
    pixman_image_composite32(PIXMAN_OP_DISJOINT_IN_REVERSE,
                             src->bitmap, (pixman_image_t*) NULL, bitmap,
--                           src_rect.x, src_rect.y,
                             0, 0,
                             x, y,
--                           src_rect.width, src_rect.height);

    RefreshCallback();
}
Ghabry commented 11 years ago

Indirectly fixed by #78. Shinonome looks far superior so nobody will miss this font...