BUGS.txt
author Sam Lantinga <slouken@libsdl.org>
Wed, 10 Jul 2013 21:57:31 -0700
changeset 7396 a36ab6149a10
parent 7238 daff4d9cedc6
child 10218 a9231c55e5cc
permissions -rw-r--r--
Fixed bug 1953 - Crash at memcpy X11_DispatchEvent(_THIS) Function Nitz In Function X11_DispatchEvent(_THIS), case SelectionNotify : static void X11_DispatchEvent(_THIS) { // Some Code case SelectionNotify: { //Some Code SDL_bool expect_lf = SDL_FALSE; char *start = NULL; // Initialised with NULL char *scan = (char*)p.data; char *fn; char *uri; int length = 0; while (p.count--) { if (!expect_lf) { if (*scan==0x0D) { expect_lf = SDL_TRUE; } else if(start == NULL) { start = scan; length = 0; } length++; } else { if (*scan==0x0A && length>0) { uri = malloc(length--); memcpy(uri, start, length); // Problem is Here, start is still NULL if control comes to else statement without initialising the start pointer, which is wrong uri[length] = 0; fn = X11_URIToLocal(uri); if (fn) SDL_SendDropFile(fn); free(uri); } expect_lf = SDL_FALSE; start = NULL; } scan++; } } As shown above how start pointer remains NULL, Patch for this issue would be: if (*scan==0x0D) { expect_lf = SDL_TRUE; } if(start == NULL) { start = scan; length = 0; } Just replace else if statement with if.


Bugs are now managed in the SDL bug tracker, here:

    http://bugzilla.libsdl.org/

You may report bugs there, and search to see if a given issue has already
 been reported, discussed, and maybe even fixed.


You may also find help on the SDL mailing list. Subscription information:

    http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

Bug reports are welcome here, but we really appreciate if you use Bugzilla, as
 bugs discussed on the mailing list may be forgotten or missed.