Commit Graph

16 Commits

Author SHA1 Message Date
Sam Lantinga
5e13087b0f Updated copyright for 2019 2019-01-04 22:01:14 -08:00
Sam Lantinga
5febdfcece Fixed whitespace 2018-09-24 11:49:25 -07:00
Sam Lantinga
e3cc5b2c6b Updated copyright for 2018 2018-01-03 10:03:25 -08:00
Sam Lantinga
0d011ec66d Renaming of guard header names to quiet -Wreserved-id-macro 2017-08-28 00:22:23 -07:00
Sam Lantinga
fb835f9e3b Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow with large X11 file descriptor
manuel.montezelo

Original bug report (note that it was against 2.0.0, it might have been fixed in between):  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733015

--------------------------------------------------------
Package: libsdl2-2.0-0
Version: 2.0.0+dfsg1-3
Severity: normal
Tags: patch

I have occasional crashes here caused by the X11 backend of SDL2. It seems to
be caused by the X11_Pending function trying to add a high number (> 1024)
file descriptor to a fd_set before doing a select on it to avoid busy waiting
on X11 events. This causes a buffer overflow because the file descriptor is
larger (or equal) than the limit FD_SETSIZE.

Attached is a possible workaround patch.

Please also keep in mind that fd_set are also used in following files which
may have similar problems.

src/audio/bsd/SDL_bsdaudio.c
src/audio/paudio/SDL_paudio.c
src/audio/qsa/SDL_qsa_audio.c
src/audio/sun/SDL_sunaudio.c
src/joystick/linux/SDL_sysjoystick.c


--------------------------------------------------------

On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote:
> I have occasional crashes here caused by the X11 backend of SDL2. It seems
> to be caused by the X11_Pending function trying to add a high number (>
> 1024) file descriptor to a fd_set before doing a select on it to avoid busy
> waiting on X11 events. This causes a buffer overflow because the file
> descriptor is larger (or equal) than the limit FD_SETSIZE.


I personally experienced this problem while hacking on the python bindings
package for SDL2 [1] (while doing make runtest). But it easier to reproduce in
a smaller, synthetic testcase.
2017-08-14 20:22:19 -07:00
Philipp Wiesemann
63b3e06f75 Corrected names of header file guards. 2017-06-03 23:00:15 +02:00
Sam Lantinga
45b774e3f7 Updated copyright for 2017 2017-01-01 18:33:28 -08:00
Ryan C. Gordon
f6a280ab7f audio: Don't trust audio drivers to drain pending audio.
This tends to be a frequent spot where drivers hang, and the waits were
often unreliable in any case.

Instead, our audio thread now alerts the driver that we're done streaming audio
(which currently XAudio2 uses to alert the system not to warn about the
impending underflow) and then SDL_Delay()'s for a duration that's reasonable
to drain the DMA buffers before closing the device.
2016-10-07 15:13:46 -04:00
Ryan C. Gordon
761a79788c audio: changed some SDL_memset() calls to SDL_zero(), other minor corrections. 2016-08-05 01:59:06 -04:00
Ryan C. Gordon
979de761c9 audio: Removed internal SDL_audiomem.h and macros.
I think this was important for SDL 1.2 because some targets needed
special device memory for DMA buffers or locked memory buffers for use in
hardware interrupts or something, but since it just defines to SDL_malloc
and SDL_free now, I took it out for clarity's sake.
2016-08-05 01:44:15 -04:00
Ryan C. Gordon
9b64772775 audio: Clean up some CloseDevice() interface details.
- It's now always called if device->hidden isn't NULL, even if OpenDevice()
  failed halfway through. This lets implementation code not have to clean up
  itself on every possible failure point; just return an error and SDL will
  handle it for you.

- Implementations can assume this->hidden != NULL and not check for it.

- implementations don't have to set this->hidden = NULL when done, because
  the caller is always about to free(this).

- Don't reset other fields that are in a block of memory about to be free()'d.

- Implementations all now free things like internal mix buffers last, after
  closing devices and such, to guarantee they definitely aren't in use anymore
  at the point of deallocation.
2016-08-05 01:44:41 -04:00
Ryan C. Gordon
30a9139bc3 arts: backed out audio capture support.
Turns out that libartsc isn't thread-safe, so if we run a capture and playback
device at the same time, it often crashes in arts's internal event loop.

We could throw mutexes around the read/write calls, but these are meant to
block, so one device could cause serious latency and stutter in the other.

Since this audio target isn't in high-demand (Ubuntu hasn't offered a libartsc
package for years), I'm just backing out the capture support. If someone needs
it, they can pull it out of the revision history.
2016-08-04 11:51:17 -04:00
Ryan C. Gordon
ecbd625c4b arts: Patched to (maybe) compile. 2016-08-03 01:53:59 -04:00
Ryan C. Gordon
a7dddacd99 arts: implemented audio capture support.
(completely untested! Not even compiled!!).
2016-08-03 01:01:44 -04:00
Sam Lantinga
42065e785d Updated copyright to 2016 2016-01-02 10:10:34 -08:00
Philipp Wiesemann
0e45984fa0 Fixed crash if initialization of EGL failed but was tried again later.
The internal function SDL_EGL_LoadLibrary() did not delete and remove a mostly
uninitialized data structure if loading the library first failed. A later try to
use EGL then skipped initialization and assumed it was previously successful
because the data structure now already existed. This led to at least one crash
in the internal function SDL_EGL_ChooseConfig() because a NULL pointer was
dereferenced to make a call to eglBindAPI().
2015-06-21 17:33:46 +02:00