mirror of
https://github.com/Relintai/sdl2_frt.git
synced 2025-02-17 20:34:28 +01:00
356c2eadf4
felix
Here's a snippet of SDL_DestroyRenderer from hg revision 10746:7540ff5d0e0e:
SDL_Texture *texture = NULL;
SDL_Texture *nexttexture = NULL;
/* ... */
for (texture = renderer->textures; texture; texture = nexttexture) {
nexttexture = texture->next;
SDL_DestroyTexture(texture);
}
SDL_DestroyTexture removes the texture from the linked list pointed to by the renderer and ends up calling SDL_DestroyTextureInternal, which contains this:
if (texture->native) {
SDL_DestroyTexture(texture->native);
}
If it happens that texture->native is an alias of nexttexture two stack frames up, SDL_DestroyRenderer will end up trying to destroy an already freed texture. I've had this very situation happen in dosemu2.
Bug introduced in revision 10650:a8253d439914, which has a somewhat ironic description of "Fixed all known static analysis bugs"...
|
||
|---|---|---|
| .. | ||
| atomic | ||
| audio | ||
| core | ||
| cpuinfo | ||
| dynapi | ||
| events | ||
| file | ||
| filesystem | ||
| haptic | ||
| joystick | ||
| libm | ||
| loadso | ||
| main | ||
| power | ||
| render | ||
| stdlib | ||
| test | ||
| thread | ||
| timer | ||
| video | ||
| SDL_assert_c.h | ||
| SDL_assert.c | ||
| SDL_dataqueue.c | ||
| SDL_dataqueue.h | ||
| SDL_error_c.h | ||
| SDL_error.c | ||
| SDL_hints.c | ||
| SDL_internal.h | ||
| SDL_log.c | ||
| SDL.c | ||