Fixed bug 1953 - Crash at memcpy X11_DispatchEvent(_THIS) Function
Nitz
In Function X11_DispatchEvent(_THIS), case SelectionNotify :
static void
X11_DispatchEvent(_THIS)
{
// Some Code
case SelectionNotify: {
//Some Code
SDL_bool expect_lf = SDL_FALSE;
char *start = NULL; // Initialised with NULL
char *scan = (char*)p.data;
char *fn;
char *uri;
int length = 0;
while (p.count--) {
if (!expect_lf) {
if (*scan==0x0D) {
expect_lf = SDL_TRUE;
} else if(start == NULL) {
start = scan;
length = 0;
}
length++;
} else {
if (*scan==0x0A && length>0) {
uri = malloc(length--);
memcpy(uri, start, length); // Problem is Here, start is still NULL if control comes to else statement without initialising the start pointer, which is wrong
uri[length] = 0;
fn = X11_URIToLocal(uri);
if (fn) SDL_SendDropFile(fn);
free(uri);
}
expect_lf = SDL_FALSE;
start = NULL;
}
scan++;
}
}
As shown above how start pointer remains NULL, Patch for this issue would be:
if (*scan==0x0D) {
expect_lf = SDL_TRUE;
}
if(start == NULL) {
start = scan;
length = 0;
}
Just replace else if statement with if.
/*
Simple DirectMedia Layer
Copyright (C) 1997-2013 Sam Lantinga <slouken@libsdl.org>
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software
in a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
*/
#include "SDL_config.h"
/* vi: set ts=4 sw=4 expandtab: */