eden-emu/SDL
18
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent crashes if freed objects are passed to SDL API functions

Browse source 
Instead of using the magic tag in the object, we'll actually keep track of valid objects

Fixes https://github.com/libsdl-org/SDL/issues/9869
Fixes https://github.com/libsdl-org/SDL/issues/9235
This commit is contained in:
Sam Lantinga 2024-06-03 04:09:28 -07:00
parent 57a15933cd
commit b0e93e4e63
28 changed files with 191 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/joystick/hidapi/SDL_hidapijoystick.c
View file

@ -91,7 +91,6 @@ static SDL_SpinLock SDL_HIDAPI_spinlock;
static SDL_bool SDL_HIDAPI_hints_changed = SDL_FALSE;
static Uint32 SDL_HIDAPI_change_count = 0;
static SDL_HIDAPI_Device *SDL_HIDAPI_devices SDL_GUARDED_BY(SDL_joystick_lock);
static char SDL_HIDAPI_device_magic;
static int SDL_HIDAPI_numjoysticks = 0;
static SDL_bool SDL_HIDAPI_combine_joycons = SDL_TRUE;
static SDL_bool initialized = SDL_FALSE;
@ -933,7 +932,7 @@ static SDL_HIDAPI_Device *HIDAPI_AddDevice(const struct SDL_hid_device_info *inf
if (!device) {
return NULL;
}
device->magic = &SDL_HIDAPI_device_magic;
SDL_SetObjectValid(device, SDL_OBJECT_TYPE_HIDAPI_JOYSTICK, SDL_TRUE);
device->path = SDL_strdup(info->path);
if (!device->path) {
SDL_free(device);
@ -1049,7 +1048,7 @@ static void HIDAPI_DelDevice(SDL_HIDAPI_Device *device)
device->children[i]->parent = NULL;
}
device->magic = NULL;
SDL_SetObjectValid(device, SDL_OBJECT_TYPE_HIDAPI_JOYSTICK, SDL_FALSE);
SDL_DestroyMutex(device->dev_lock);
SDL_free(device->manufacturer_string);
SDL_free(device->product_string);
@ -1547,7 +1546,7 @@ static SDL_bool HIDAPI_GetJoystickDevice(SDL_Joystick *joystick, SDL_HIDAPI_Devi
if (joystick && joystick->hwdata) {
*device = joystick->hwdata->device;
if (*device && (*device)->magic == &SDL_HIDAPI_device_magic && (*device)->driver != NULL) {
if (SDL_ObjectValid(*device, SDL_OBJECT_TYPE_HIDAPI_JOYSTICK) && (*device)->driver != NULL) {
return SDL_TRUE;
}
}