Fixed bug 1802 - NULL pointer dereference in SDL_AllocRW() if out of memory.
authorSam Lantinga <slouken@libsdl.org>
Wed, 17 Apr 2013 01:32:06 -0700
changeset 7070 65df21723f58
parent 7068 1fa727447de3
child 7071 82f17e656125
Fixed bug 1802 - NULL pointer dereference in SDL_AllocRW() if out of memory. Philipp Wiesemann There is a NULL pointer dereference in SDL_AllocRW() if the system is out of memory. The "type" field is always written. This may be fixed with an early return. Or an else{} or not writing the field and using slower SDL_calloc(). This fault was recently introduced (http://hg.libsdl.org/SDL/rev/681820ca0e78).
src/file/SDL_rwops.c
--- a/src/file/SDL_rwops.c	Tue Apr 16 09:33:33 2013 -0700
+++ b/src/file/SDL_rwops.c	Wed Apr 17 01:32:06 2013 -0700
@@ -628,8 +628,9 @@
     area = (SDL_RWops *) SDL_malloc(sizeof *area);
     if (area == NULL) {
         SDL_OutOfMemory();
+    } else {
+        area->type = SDL_RWOPS_UNKNOWN;
     }
-    area->type = SDL_RWOPS_UNKNOWN;
     return (area);
 }