Relintai/sdl2_frt
1
0
Fork 0
mirror of https://github.com/Relintai/sdl2_frt.git synced 2024-12-29 20:27:12 +01:00
Code Issues Packages Projects Releases Wiki Activity
fb835f9e3b
sdl2_frt/src/video/x11
History
Sam Lantinga fb835f9e3b Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow with large X11 file descriptor 
manuel.montezelo

Original bug report (note that it was against 2.0.0, it might have been fixed in between):  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733015

--------------------------------------------------------
Package: libsdl2-2.0-0
Version: 2.0.0+dfsg1-3
Severity: normal
Tags: patch

I have occasional crashes here caused by the X11 backend of SDL2. It seems to
be caused by the X11_Pending function trying to add a high number (> 1024)
file descriptor to a fd_set before doing a select on it to avoid busy waiting
on X11 events. This causes a buffer overflow because the file descriptor is
larger (or equal) than the limit FD_SETSIZE.

Attached is a possible workaround patch.

Please also keep in mind that fd_set are also used in following files which
may have similar problems.

src/audio/bsd/SDL_bsdaudio.c
src/audio/paudio/SDL_paudio.c
src/audio/qsa/SDL_qsa_audio.c
src/audio/sun/SDL_sunaudio.c
src/joystick/linux/SDL_sysjoystick.c


--------------------------------------------------------

On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote:
> I have occasional crashes here caused by the X11 backend of SDL2. It seems
> to be caused by the X11_Pending function trying to add a high number (>
> 1024) file descriptor to a fd_set before doing a select on it to avoid busy
> waiting on X11 events. This causes a buffer overflow because the file
> descriptor is larger (or equal) than the limit FD_SETSIZE.


I personally experienced this problem while hacking on the python bindings
package for SDL2 [1] (while doing make runtest). But it easier to reproduce in
a smaller, synthetic testcase.
2017-08-14 20:22:19 -07:00
..
edid-parse.c
edid.h
imKStoUCS.c
imKStoUCS.h
SDL_x11clipboard.c
SDL_x11clipboard.h
SDL_x11dyn.c
SDL_x11dyn.h
SDL_x11events.c Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow with large X11 file descriptor 2017-08-14 20:22:19 -07:00
SDL_x11events.h
SDL_x11framebuffer.c
SDL_x11framebuffer.h
SDL_x11keyboard.c
SDL_x11keyboard.h
SDL_x11messagebox.c
SDL_x11messagebox.h
SDL_x11modes.c
SDL_x11modes.h
SDL_x11mouse.c
SDL_x11mouse.h
SDL_x11opengl.c
SDL_x11opengl.h
SDL_x11opengles.c
SDL_x11opengles.h
SDL_x11shape.c
SDL_x11shape.h
SDL_x11sym.h
SDL_x11touch.c
SDL_x11touch.h
SDL_x11video.c
SDL_x11video.h
SDL_x11window.c
SDL_x11window.h
SDL_x11xinput2.c
SDL_x11xinput2.h