Prevent crashes if freed objects are passed to SDL API functions

Instead of using the magic tag in the object, we'll actually keep track of valid objects Fixes https://github.com/libsdl-org/SDL/issues/9869 Fixes https://github.com/libsdl-org/SDL/issues/9235
2024-06-03 04:09:28 -07:00 · 2024-06-03 04:09:28 -07:00 · b0e93e4e63
commit b0e93e4e63
parent 57a15933cd
28 changed files with 191 additions and 126 deletions
--- a/src/events/SDL_keyboard.c
+++ b/src/events/SDL_keyboard.c
@ -891,7 +891,7 @@ int SDL_SetKeyboardFocus(SDL_Window *window)
    SDL_Keyboard *keyboard = &SDL_keyboard;

    if (window) {
-        if (!video || window->magic != &video->window_magic || window->is_destroying) {
+        if (!SDL_ObjectValid(window, SDL_OBJECT_TYPE_WINDOW) || window->is_destroying) {
            return SDL_SetError("Invalid window");
        }
    }