Fixed bug 3546 - SDL_EVDEV_is_console() uses type of wrong size when …
…calling ioctl


When calling ioctl(fd, KDGKBTYPE, &type) in SDL_EVDEV_is_console(), we declare type as an 'int'.  This should be a 'char'.  The subsequent syscall, and kernel code, only writes the lower byte of the word.


ucval = KB_101;
ret = put_user(ucval, (char __user *)arg);

I've observed intermittent behavior related to this, and I can force an error condition by using an int initialized to 0xFFFFFFFF.  The resulting ioctl will set type to 0XFFFFFF02, and the conditional return in SDL_EVDEV_is_console() will fail.

Recommend changing to char, or masking off unused bits.
slouken committed Jan 6, 2017
1 parent b3e8db8 commit 41be9756f0a7c78746c8a19a152b5213f6d446f4
Showing 1 changed file with 1 addition and 1 deletion.
@@ -150,7 +150,7 @@ static const char* EVDEV_consoles[] = {

static int SDL_EVDEV_is_console(int fd) {
int type;
char type;

return isatty(fd) && ioctl(fd, KDGKBTYPE, &type) == 0 &&
(type == KB_101 || type == KB_84);

