eden-emu/SDL
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent crashes if freed objects are passed to SDL API functions

Browse source 
Instead of using the magic tag in the object, we'll actually keep track of valid objects

Fixes https://github.com/libsdl-org/SDL/issues/9869
Fixes https://github.com/libsdl-org/SDL/issues/9235
This commit is contained in:
Sam Lantinga 2024-06-03 04:09:28 -07:00
parent 57a15933cd
commit b0e93e4e63
28 changed files with 191 additions and 126 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/sensor/SDL_sensor.c
View file

@ -56,13 +56,12 @@ static SDL_AtomicInt SDL_sensor_lock_pending;
static int SDL_sensors_locked;
static SDL_bool SDL_sensors_initialized;
static SDL_Sensor *SDL_sensors SDL_GUARDED_BY(SDL_sensor_lock) = NULL;
static char SDL_sensor_magic;
#define CHECK_SENSOR_MAGIC(sensor, retval) \
if (!sensor || sensor->magic != &SDL_sensor_magic) { \
SDL_InvalidParamError("sensor"); \
SDL_UnlockSensors(); \
return retval; \
#define CHECK_SENSOR_MAGIC(sensor, retval) \
if (!SDL_ObjectValid(sensor, SDL_OBJECT_TYPE_SENSOR)) { \
SDL_InvalidParamError("sensor"); \
SDL_UnlockSensors(); \
return retval; \
}
SDL_bool SDL_SensorsInitialized(void)
@ -327,13 +326,14 @@ SDL_Sensor *SDL_OpenSensor(SDL_SensorID instance_id)
SDL_UnlockSensors();
return NULL;
}
sensor->magic = &SDL_sensor_magic;
SDL_SetObjectValid(sensor, SDL_OBJECT_TYPE_SENSOR, SDL_TRUE);
sensor->driver = driver;
sensor->instance_id = instance_id;
sensor->type = driver->GetDeviceType(device_index);
sensor->non_portable_type = driver->GetDeviceNonPortableType(device_index);
if (driver->Open(sensor, device_index) < 0) {
SDL_SetObjectValid(sensor, SDL_OBJECT_TYPE_SENSOR, SDL_FALSE);
SDL_free(sensor);
SDL_UnlockSensors();
return NULL;
@ -508,6 +508,7 @@ void SDL_CloseSensor(SDL_Sensor *sensor)
sensor->driver->Close(sensor);
sensor->hwdata = NULL;
SDL_SetObjectValid(sensor, SDL_OBJECT_TYPE_SENSOR, SDL_FALSE);
sensorlist = SDL_sensors;
sensorlistprev = NULL;