From 833f76ab7b72ebdc78f6e24c385d06915d115fff Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Fri, 7 Feb 2020 11:49:56 -0800 Subject: [PATCH] Fixed bug 4968 - NULL passed to memcpy in WriteProprietary in SDL_hidapi_switch.c meyraud705 In SDL_hidapi_switch.c line 443: Function BTrySetupUSB call WriteProprietary with pBuf=NULL and ucLen=0 line 376: WriteProprietary check its input (!pBuf && ucLen > 0) || ucLen > sizeof(packet.rgucProprietaryData): ucLen is 0 so it passes line 382: WriteProprietary call memcpy with pBuf=NULL --- src/joystick/hidapi/SDL_hidapi_switch.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/joystick/hidapi/SDL_hidapi_switch.c b/src/joystick/hidapi/SDL_hidapi_switch.c index 746deb67d..29a05bfa4 100644 --- a/src/joystick/hidapi/SDL_hidapi_switch.c +++ b/src/joystick/hidapi/SDL_hidapi_switch.c @@ -391,7 +391,9 @@ static SDL_bool WriteProprietary(SDL_DriverSwitch_Context *ctx, ESwitchProprieta packet.ucPacketType = k_eSwitchOutputReportIDs_Proprietary; packet.ucProprietaryID = ucCommand; - SDL_memcpy(packet.rgucProprietaryData, pBuf, ucLen); + if (pBuf) { + SDL_memcpy(packet.rgucProprietaryData, pBuf, ucLen); + } if (!WritePacket(ctx, &packet, sizeof(packet))) { continue;