From 41be9756f0a7c78746c8a19a152b5213f6d446f4 Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Thu, 5 Jan 2017 23:26:13 -0800 Subject: [PATCH] Fixed bug 3546 - SDL_EVDEV_is_console() uses type of wrong size when calling ioctl Rob When calling ioctl(fd, KDGKBTYPE, &type) in SDL_EVDEV_is_console(), we declare type as an 'int'. This should be a 'char'. The subsequent syscall, and kernel code, only writes the lower byte of the word. See: http://lxr.free-electrons.com/source/drivers/tty/vt/vt_ioctl.c?v=4.4#L399 ucval = KB_101; ret = put_user(ucval, (char __user *)arg); I've observed intermittent behavior related to this, and I can force an error condition by using an int initialized to 0xFFFFFFFF. The resulting ioctl will set type to 0XFFFFFF02, and the conditional return in SDL_EVDEV_is_console() will fail. Recommend changing to char, or masking off unused bits. --- src/core/linux/SDL_evdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/linux/SDL_evdev.c b/src/core/linux/SDL_evdev.c index b1194f21a..886de97aa 100644 --- a/src/core/linux/SDL_evdev.c +++ b/src/core/linux/SDL_evdev.c @@ -150,7 +150,7 @@ static const char* EVDEV_consoles[] = { }; static int SDL_EVDEV_is_console(int fd) { - int type; + char type; return isatty(fd) && ioctl(fd, KDGKBTYPE, &type) == 0 && (type == KB_101 || type == KB_84);