From 1940d289bf16163512fdd22f2b7f9d529950fbfc Mon Sep 17 00:00:00 2001 From: Sylvain Date: Wed, 8 Dec 2021 09:41:33 +0100 Subject: [PATCH] SW Renderer: fix invalid read if VSYNC hint is initially set with an empty value (eg "") because: - GeHint return a value pointer. - SetHint free internally the pointer - The -now invalid- pointer is re-read ==9363== Invalid read of size 1 ==9363== at 0x4946860: SW_CreateRenderer (SDL_render_sw.c:1044) ==9363== by 0x48F0EC3: SDL_CreateRenderer_REAL (SDL_render.c:938) ==9363== by 0x48C5921: SDL_CreateRenderer (SDL_dynapi_procs.h:332) ==9363== by 0x401584: main (main.c:421) ==9363== Address 0x9c24040 is 0 bytes inside a block of size 1 free'd ==9363== at 0x484621F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==9363== by 0x494E403: SDL_free_REAL (SDL_malloc.c:5432) ==9363== by 0x48A6153: SDL_SetHintWithPriority_REAL (SDL_hints.c:76) ==9363== by 0x48A6254: SDL_SetHint_REAL (SDL_hints.c:101) --- src/render/software/SDL_render_sw.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/render/software/SDL_render_sw.c b/src/render/software/SDL_render_sw.c index 1aaffac0e..14f49b67e 100644 --- a/src/render/software/SDL_render_sw.c +++ b/src/render/software/SDL_render_sw.c @@ -1030,17 +1030,24 @@ SW_CreateRenderer(SDL_Window * window, Uint32 flags) { const char *hint; SDL_Surface *surface; + SDL_bool no_hint_set; /* Set the vsync hint based on our flags, if it's not already set */ hint = SDL_GetHint(SDL_HINT_RENDER_VSYNC); if (!hint || !*hint) { + no_hint_set = SDL_TRUE; + } else { + no_hint_set = SDL_FALSE; + } + + if (no_hint_set) { SDL_SetHint(SDL_HINT_RENDER_VSYNC, (flags & SDL_RENDERER_PRESENTVSYNC) ? "1" : "0"); } surface = SDL_GetWindowSurface(window); /* Reset the vsync hint if we set it above */ - if (!hint || !*hint) { + if (no_hint_set) { SDL_SetHint(SDL_HINT_RENDER_VSYNC, ""); }