Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow w…
…ith large X11 file descriptor manuel.montezelo Original bug report (note that it was against 2.0.0, it might have been fixed in between): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733015 -------------------------------------------------------- Package: libsdl2-2.0-0 Version: 2.0.0+dfsg1-3 Severity: normal Tags: patch I have occasional crashes here caused by the X11 backend of SDL2. It seems to be caused by the X11_Pending function trying to add a high number (> 1024) file descriptor to a fd_set before doing a select on it to avoid busy waiting on X11 events. This causes a buffer overflow because the file descriptor is larger (or equal) than the limit FD_SETSIZE. Attached is a possible workaround patch. Please also keep in mind that fd_set are also used in following files which may have similar problems. src/audio/bsd/SDL_bsdaudio.c src/audio/paudio/SDL_paudio.c src/audio/qsa/SDL_qsa_audio.c src/audio/sun/SDL_sunaudio.c src/joystick/linux/SDL_sysjoystick.c -------------------------------------------------------- On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote: > I have occasional crashes here caused by the X11 backend of SDL2. It seems > to be caused by the X11_Pending function trying to add a high number (> > 1024) file descriptor to a fd_set before doing a select on it to avoid busy > waiting on X11 events. This causes a buffer overflow because the file > descriptor is larger (or equal) than the limit FD_SETSIZE. I personally experienced this problem while hacking on the python bindings package for SDL2 [1] (while doing make runtest). But it easier to reproduce in a smaller, synthetic testcase.
- Loading branch information
Showing
with
64 additions
and 145 deletions.
- +1 −1 CMakeLists.txt
- +3 −1 configure
- +3 −1 configure.in
- +1 −0 include/SDL_config.h.cmake
- +1 −0 include/SDL_config.h.in
- +1 −1 src/audio/arts/SDL_artsaudio.h
- +3 −9 src/audio/netbsd/SDL_netbsdaudio.c
- +1 −1 src/audio/netbsd/SDL_netbsdaudio.h
- +8 −20 src/audio/paudio/SDL_paudio.c
- +1 −1 src/audio/paudio/SDL_paudio.h
- +19 −60 src/audio/qsa/SDL_qsa_audio.c
- +2 −5 src/audio/sun/SDL_sunaudio.c
- +2 −0 src/core/linux/SDL_ime.h
- +5 −9 src/core/linux/SDL_udev.c
- +2 −0 src/core/linux/SDL_udev.h
- +3 −19 src/video/wayland/SDL_waylanddatamanager.c
- +5 −6 src/video/wayland/SDL_waylandevents.c
- +3 −11 src/video/x11/SDL_x11events.c
Oops, something went wrong.