manuel.montezelo
Original bug report (note that it was against 2.0.0, it might have been fixed in between): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733015
--------------------------------------------------------
Package: libsdl2-2.0-0
Version: 2.0.0+dfsg1-3
Severity: normal
Tags: patch
I have occasional crashes here caused by the X11 backend of SDL2. It seems to
be caused by the X11_Pending function trying to add a high number (> 1024)
file descriptor to a fd_set before doing a select on it to avoid busy waiting
on X11 events. This causes a buffer overflow because the file descriptor is
larger (or equal) than the limit FD_SETSIZE.
Attached is a possible workaround patch.
Please also keep in mind that fd_set are also used in following files which
may have similar problems.
src/audio/bsd/SDL_bsdaudio.c
src/audio/paudio/SDL_paudio.c
src/audio/qsa/SDL_qsa_audio.c
src/audio/sun/SDL_sunaudio.c
src/joystick/linux/SDL_sysjoystick.c
--------------------------------------------------------
On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote:
> I have occasional crashes here caused by the X11 backend of SDL2. It seems
> to be caused by the X11_Pending function trying to add a high number (>
> 1024) file descriptor to a fd_set before doing a select on it to avoid busy
> waiting on X11 events. This causes a buffer overflow because the file
> descriptor is larger (or equal) than the limit FD_SETSIZE.
I personally experienced this problem while hacking on the python bindings
package for SDL2 [1] (while doing make runtest). But it easier to reproduce in
a smaller, synthetic testcase.
Now the clipboard isn't lost if you destroy a specific SDL_Window, as it
works on other platforms. You will still lose the clipboard data on
SDL_Quit() or process termination, but that's X11 for you; run a
Clipboard Manager daemon.
Fixes Bugzilla #3222.
Fixes Bugzilla #3718.
Failing to check if a key was known to be pressed by SDL was causing
SDL_SendKeyboardKey to send duplicate key pressed events with the repeat
property set to true.
Fixes Bugzilla #3637.
Alex Baines
I realized overnight that my patch probably broke text input events with UIM, and I confirmed that it does. Can't believe I overlooked that... I've been making stupid mistakes in these patches recently, sorry.
Anyway, *this* one seems to fix it properly. Knowing my luck it probably breaks something else.
Weitian Leung
Just moved ibus direct call to SDL_IME_* related functions, and adds fcitx IME support (uses DBus, too),
enable with env: SDL_IM_MODULE=fcitx (ibus still the default one)
- Cache the _NET_FRAME_EXTENTS data locally, so we don't have to query
the X server for them (instead, we update our cached data when PropertyNotify
events alert us to a change).
- Use our cached extents for X11_GetWindowBordersSize(), so it's a fast call.
- Window position was meant to refer to the client area, not the window
decorations, so adjust appropriately when getting/setting the position.
(and thanks to Cengiz for many of the previous Unreal-related
patches! They were generically credited to Epic Games, but a large
amount of that work was his contribution.)
Fixes Bugzilla #3067.
This is for corner cases where a multi-window app is activated and wants to
make a decision about where focus should go.
This patch came from Unreal Engine 4's fork of SDL, compliments of Epic Games.
This lets windows know when they are dropping a mouse event because their
hit test reported something other than SDL_HITTEST_NORMAL. It lets them know
exactly where in the event queue this happened.
This patch is based on work in Unreal Engine 4's fork of SDL,
compliments of Epic Games.
This allows an app to know when a set of drops are coming in a grouping of
some sort (for example, a user selected multiple files and dropped them all
on the window with a single drag), and when that set is complete.
This also adds a window ID to the drop events, so the app can determine to
which window a given drop was delivered. For application-level drops (for
example, you launched an app by dropping a file on its icon), the window ID
will be zero.
The internal function SDL_EGL_LoadLibrary() did not delete and remove a mostly
uninitialized data structure if loading the library first failed. A later try to
use EGL then skipped initialization and assumed it was previously successful
because the data structure now already existed. This led to at least one crash
in the internal function SDL_EGL_ChooseConfig() because a NULL pointer was
dereferenced to make a call to eglBindAPI().