Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SDL_SetVideoMode crashes with large height/width #485

Closed
SDLBugzilla opened this issue Feb 10, 2021 · 0 comments
Closed

SDL_SetVideoMode crashes with large height/width #485

SDLBugzilla opened this issue Feb 10, 2021 · 0 comments
Labels

Comments

@SDLBugzilla
Copy link
Collaborator

@SDLBugzilla SDLBugzilla commented Feb 10, 2021

This bug report was migrated from our old Bugzilla tracker.

These attachments are available in the static archive:

Reported in version: 1.2.13
Reported for operating system, platform: Linux, x86

Comments on the original bug report:

On 2009-06-29 14:22:01 +0000, Remko Bijker wrote:

Created attachment 335
simple test case for the crashes

SDL_SetVideoMode with large height/width causes different kinds of crashes on different versions of SDL. I know that these numbers might very well vary on your system due to different amount of memory etc.

I'm using an Core 2 Duo computer (64 bits) with Debian SID. I've got 4 GB of memory and 2 GB of swap, of which about 5 GB is free. I've got an ATI Mobility Radeon HD 3400 with ATI's drivers (9.5) and 256 MB of memory. This 'powers' a 1920x1200 LCD display.

I've attached a simple test case which makes all cases easily reproducable for me.

If width and height are 1.000.000:

  • SDL 1.2.13 segfaults in SDL_FillRect:

0 0x00007ff6bb2a1dfb in SDL_FillRect () from /usr/lib/libSDL-1.2.so.0

1 0x00007ff6bb2a4cdd in SDL_SetVideoMode () from /usr/lib/libSDL-1.2.so.0

2 0x00000000004007b0 in main ()

  • SDL 1.3 r4584 behaves correctly by returning an 'Out of memory' error.
    (nil) [Out of memory]

If width and height are 100.000:

  • SDL 1.2.13 seemingly hangs (without using any CPU); after a few minutes I killed it.

  • SDL 1.2.13 running in GDB segfaults somewhere in X or SDL_UpdateRect is passing wrong information

0 0x00007fcf79efd123 in memcpy () from /lib/libc.so.6

1 0x00007fcf770e23bd in ?? () from /usr/lib/libX11.so.6

2 0x00007fcf770e31a2 in ?? () from /usr/lib/libX11.so.6

3 0x00007fcf770e25bd in ?? () from /usr/lib/libX11.so.6

4 0x00007fcf770e35d0 in XPutImage () from /usr/lib/libX11.so.6

5 0x00007fcf7a212d0c in ?? () from /usr/lib/libSDL-1.2.so.0

6 0x00007fcf7a2052f1 in SDL_UpdateRect () from /usr/lib/libSDL-1.2.so.0

7 0x00007fcf7a20574c in SDL_Flip () from /usr/lib/libSDL-1.2.so.0

8 0x00007fcf7a205cf8 in SDL_SetVideoMode () from /usr/lib/libSDL-1.2.so.0

9 0x00000000004007b0 in main ()

  • SDL 1.3 r4584 frees an invalid pointer
    *** glibc detected *** ./a.out: free(): invalid pointer: 0x00007fbc9a34f010 ***
    ======= Backtrace: =========
    /lib/libc.so.6[0x7fbcebcec118]
    /lib/libc.so.6(cfree+0x76)[0x7fbcebcedc56]
    /usr/local/lib/libSDL-1.3.so.0[0x7fbcec27206d]
    /usr/local/lib/libSDL-1.3.so.0(SDL_DestroyRenderer+0xa0)[0x7fbcec262400]
    /usr/local/lib/libSDL-1.3.so.0(SDL_DestroyWindow+0xd5)[0x7fbcec263e45]
    /usr/local/lib/libSDL-1.3.so.0(SDL_VideoQuit+0x90)[0x7fbcec263f70]
    /usr/local/lib/libSDL-1.3.so.0(SDL_QuitSubSystem+0x5d)[0x7fbcec1f858d]
    /usr/local/lib/libSDL-1.3.so.0(SDL_Quit+0xe)[0x7fbcec1f863e]
    /usr/local/lib/libSDL-1.3.so.0[0x7fbcec1fab51]
    /lib/libpthread.so.0[0x7fbcebfdb7b0]
    /usr/local/lib/libSDL-1.3.so.0(SDL_FillRect+0x3c0)[0x7fbcec259240]
    /usr/local/lib/libSDL-1.3.so.0[0x7fbcec1f948a]
    /usr/local/lib/libSDL-1.3.so.0(SDL_SetVideoMode+0x6e9)[0x7fbcec1fa0b9]
    ./a.out[0x4007d0]
    /lib/libc.so.6(__libc_start_main+0xe6)[0x7fbcebc985a6]
    ./a.out[0x4006d9]

I would like that all cases where a too large surface is requested are handled gracefully, i.e. return NULL and set e.g. 'Out of memory' as error message.

Alternatively a method for checking whether a given surface would be possible to make, especially when SDL_ListModes returns "all modes are good"!

On 2009-09-13 16:33:07 +0000, Ryan C. Gordon wrote:

Tagging this bug with "target-1.2.14" so we can try to resolve it for SDL 1.2.14.

Please note that we may choose to resolve it as WONTFIX. This tag is largely so we have a comprehensive wishlist of bugs to examine for 1.2.14 (and so we can close bugs that we'll never fix, rather than have them live forever in Bugzilla).

--ryan.

On 2009-09-27 15:32:53 +0000, Sam Lantinga wrote:

I fixed the crash in SDL 1.2 with the width and height of 1000000

This is a really good torture test, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant