Commit Graph

14 Commits

Author SHA1 Message Date
Sam Lantinga
5e13087b0f Updated copyright for 2019 2019-01-04 22:01:14 -08:00
Sam Lantinga
e3cc5b2c6b Updated copyright for 2018 2018-01-03 10:03:25 -08:00
Sam Lantinga
0d011ec66d Renaming of guard header names to quiet -Wreserved-id-macro 2017-08-28 00:22:23 -07:00
Sam Lantinga
fb835f9e3b Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow with large X11 file descriptor
manuel.montezelo

Original bug report (note that it was against 2.0.0, it might have been fixed in between):  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733015

--------------------------------------------------------
Package: libsdl2-2.0-0
Version: 2.0.0+dfsg1-3
Severity: normal
Tags: patch

I have occasional crashes here caused by the X11 backend of SDL2. It seems to
be caused by the X11_Pending function trying to add a high number (> 1024)
file descriptor to a fd_set before doing a select on it to avoid busy waiting
on X11 events. This causes a buffer overflow because the file descriptor is
larger (or equal) than the limit FD_SETSIZE.

Attached is a possible workaround patch.

Please also keep in mind that fd_set are also used in following files which
may have similar problems.

src/audio/bsd/SDL_bsdaudio.c
src/audio/paudio/SDL_paudio.c
src/audio/qsa/SDL_qsa_audio.c
src/audio/sun/SDL_sunaudio.c
src/joystick/linux/SDL_sysjoystick.c


--------------------------------------------------------

On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote:
> I have occasional crashes here caused by the X11 backend of SDL2. It seems
> to be caused by the X11_Pending function trying to add a high number (>
> 1024) file descriptor to a fd_set before doing a select on it to avoid busy
> waiting on X11 events. This causes a buffer overflow because the file
> descriptor is larger (or equal) than the limit FD_SETSIZE.


I personally experienced this problem while hacking on the python bindings
package for SDL2 [1] (while doing make runtest). But it easier to reproduce in
a smaller, synthetic testcase.
2017-08-14 20:22:19 -07:00
Philipp Wiesemann
cea33bf5b8 aix: Removed unused local variable.
Found by Cppcheck.
2017-07-29 23:00:34 +02:00
Philipp Wiesemann
9f99b3d7ee aix: Fixed audio debug output.
DEBUG_AUDIO is checked with #ifdef not #if.
2017-07-02 22:46:49 +02:00
Philipp Wiesemann
380e0693b1 aix: Fixed compile error. 2017-07-01 23:01:49 +02:00
Philipp Wiesemann
63b3e06f75 Corrected names of header file guards. 2017-06-03 23:00:15 +02:00
Sam Lantinga
45b774e3f7 Updated copyright for 2017 2017-01-01 18:33:28 -08:00
Ryan C. Gordon
761a79788c audio: changed some SDL_memset() calls to SDL_zero(), other minor corrections. 2016-08-05 01:59:06 -04:00
Ryan C. Gordon
979de761c9 audio: Removed internal SDL_audiomem.h and macros.
I think this was important for SDL 1.2 because some targets needed
special device memory for DMA buffers or locked memory buffers for use in
hardware interrupts or something, but since it just defines to SDL_malloc
and SDL_free now, I took it out for clarity's sake.
2016-08-05 01:44:15 -04:00
Ryan C. Gordon
9b64772775 audio: Clean up some CloseDevice() interface details.
- It's now always called if device->hidden isn't NULL, even if OpenDevice()
  failed halfway through. This lets implementation code not have to clean up
  itself on every possible failure point; just return an error and SDL will
  handle it for you.

- Implementations can assume this->hidden != NULL and not check for it.

- implementations don't have to set this->hidden = NULL when done, because
  the caller is always about to free(this).

- Don't reset other fields that are in a block of memory about to be free()'d.

- Implementations all now free things like internal mix buffers last, after
  closing devices and such, to guarantee they definitely aren't in use anymore
  at the point of deallocation.
2016-08-05 01:44:41 -04:00
Sam Lantinga
42065e785d Updated copyright to 2016 2016-01-02 10:10:34 -08:00
Philipp Wiesemann
0e45984fa0 Fixed crash if initialization of EGL failed but was tried again later.
The internal function SDL_EGL_LoadLibrary() did not delete and remove a mostly
uninitialized data structure if loading the library first failed. A later try to
use EGL then skipped initialization and assumed it was previously successful
because the data structure now already existed. This led to at least one crash
in the internal function SDL_EGL_ChooseConfig() because a NULL pointer was
dereferenced to make a call to eglBindAPI().
2015-06-21 17:33:46 +02:00