search

baylej / tmx

C tmx map loader
http://libtmx.rtfd.io/
BSD 2-Clause "Simplified" License
241 stars 54 forks source link

segmentation fault when loading TMX files #78

Closed crockeo closed 6 months ago

crockeo commented 6 months ago

I've been debugging a segmentation fault I receive when loading .tmx files with this library. In tmx_utils.c -> data_decode in the if (type==CSV) block when it attempts to run source++ on the last element of the data chunk.

Specifically, given a data tag element that looks like:

data element ```xml 132,150,132,132,150,150,151,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 150,132,132,150,150,132,151,0,0,0,0,0,45,46,47,0,0,0,0,179,0,0,0,0,0,0, 132,150,132,150,132,32,171,0,0,0,0,45,66,66,67,0,0,0,179,0,0,0,0,0,0,0, 150,150,32,170,170,171,0,0,0,0,0,85,66,66,67,0,0,179,0,0,0,181,183,0,0,0, 150,132,151,0,97,0,0,0,0,0,0,0,65,66,67,0,0,0,0,0,0,0,0,0,0,0, 170,170,171,0,117,0,0,0,0,0,0,0,85,125,87,0,0,136,0,0,0,0,139,0,0,0, 0,3221225625,0,0,117,0,0,0,38,0,0,0,0,124,0,0,181,182,183,0,79,0,159,173,0,0, 0,0,157,0,137,0,116,0,0,0,0,0,0,144,0,0,0,0,0,0,99,129,130,131,134,134, 0,0,49,50,50,50,51,0,0,0,55,0,146,145,2147483775,2147483774,0,0,95,0,99,149,150,52,130,130, 50,50,53,150,150,150,151,0,0,0,57,0,0,144,0,0,0,0,174,0,129,53,132,150,150,150, 132,150,150,150,132,150,52,51,134,0,0,0,0,165,96,155,0,138,0,172,149,150,150,150,150,150, 132,150,132,132,150,132,150,52,51,0,152,96,49,50,90,91,0,158,0,129,53,150,132,132,132,150, 150,150,150,132,150,132,132,132,52,50,50,50,53,132,132,52,90,90,90,53,150,132,150,132,132,150, 132,150,132,150,150,132,150,150,132,150,132,132,150,150,132,132,132,150,150,132,150,150,150,132,150,132, 150,150,132,150,132,150,132,132,132,132,132,132,150,150,150,150,132,150,150,150,150,150,132,132,150,132 ```

At that last 132 it tries to run strchr(source, ','), fails to find a comma, and returns NULL. source++ then runs immediately after and causes a crash. Testing locally, it seems that I can patch it to work successfully by just not incrementing source++ on this last tile.

Let me know if you'd like me to submit a patch and, preemptively, sorry if I'm just holding the library wrong! :bow:

baylej commented 6 months ago

Hello, I cannot reproduce using input file examples/data/csv.tmx Could you please attach a file to reproduce this issue? Thanks!

crockeo commented 6 months ago

Oh that's really interesting! This happens when I run against examples/data/csv.tmx as well. I realized that my original diagnosis is wrong--because you should be able to run source++ against a const char* which is NULL.

I'm calling this through zig cc, though, which seems to be the problem:

~/src/tmp$ cat asdf.c
int main() {
  const char *whatever = 0;
  whatever++;
  return 0;
}

~/src/tmp$ zig cc asdf.c && ./a.out
zsh: trace trap  ./a.out

# vs.

~/src/tmp$ gcc asdf.c && ./a.out
# no error

However if I compile that example with -fno-delete-null-pointer-checks it works:

~/src/tmp$ zig cc -fno-delete-null-pointer-checks asdf.c && ./a.out
# no error

Sorry for the false report, And thank you for making this software!