mirror of
https://github.com/Relintai/sdl2_frt.git
synced 2025-03-12 04:01:17 +01:00
fb835f9e3b
manuel.montezelo Original bug report (note that it was against 2.0.0, it might have been fixed in between): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733015 -------------------------------------------------------- Package: libsdl2-2.0-0 Version: 2.0.0+dfsg1-3 Severity: normal Tags: patch I have occasional crashes here caused by the X11 backend of SDL2. It seems to be caused by the X11_Pending function trying to add a high number (> 1024) file descriptor to a fd_set before doing a select on it to avoid busy waiting on X11 events. This causes a buffer overflow because the file descriptor is larger (or equal) than the limit FD_SETSIZE. Attached is a possible workaround patch. Please also keep in mind that fd_set are also used in following files which may have similar problems. src/audio/bsd/SDL_bsdaudio.c src/audio/paudio/SDL_paudio.c src/audio/qsa/SDL_qsa_audio.c src/audio/sun/SDL_sunaudio.c src/joystick/linux/SDL_sysjoystick.c -------------------------------------------------------- On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote: > I have occasional crashes here caused by the X11 backend of SDL2. It seems > to be caused by the X11_Pending function trying to add a high number (> > 1024) file descriptor to a fd_set before doing a select on it to avoid busy > waiting on X11 events. This causes a buffer overflow because the file > descriptor is larger (or equal) than the limit FD_SETSIZE. I personally experienced this problem while hacking on the python bindings package for SDL2 [1] (while doing make runtest). But it easier to reproduce in a smaller, synthetic testcase. |
||
|---|---|---|
| .. | ||
| edid-parse.c | ||
| edid.h | ||
| imKStoUCS.c | ||
| imKStoUCS.h | ||
| SDL_x11clipboard.c | ||
| SDL_x11clipboard.h | ||
| SDL_x11dyn.c | ||
| SDL_x11dyn.h | ||
| SDL_x11events.c | ||
| SDL_x11events.h | ||
| SDL_x11framebuffer.c | ||
| SDL_x11framebuffer.h | ||
| SDL_x11keyboard.c | ||
| SDL_x11keyboard.h | ||
| SDL_x11messagebox.c | ||
| SDL_x11messagebox.h | ||
| SDL_x11modes.c | ||
| SDL_x11modes.h | ||
| SDL_x11mouse.c | ||
| SDL_x11mouse.h | ||
| SDL_x11opengl.c | ||
| SDL_x11opengl.h | ||
| SDL_x11opengles.c | ||
| SDL_x11opengles.h | ||
| SDL_x11shape.c | ||
| SDL_x11shape.h | ||
| SDL_x11sym.h | ||
| SDL_x11touch.c | ||
| SDL_x11touch.h | ||
| SDL_x11video.c | ||
| SDL_x11video.h | ||
| SDL_x11window.c | ||
| SDL_x11window.h | ||
| SDL_x11xinput2.c | ||
| SDL_x11xinput2.h | ||