I’m very occasionally seeing crashes in SDL_JoystickUpdate, usually during shutdown of our app, where joystick will suddenly be filled with 0xdd repeating (Windows debug heap free-fill).
In SDL_JoystickUpdate, it happens in this code:
/* If any joysticks were closed while updating, free them here */
for (joystick = SDL_joysticks; joystick; joystick = joystick->next) {
if (joystick->ref_count <= 0) {
SDL_JoystickClose(joystick);
}
}
Inside SDL_JoystickClose, it seems likely to SDL_free(joystick);; if I’m understanding things correctly, that invalidates that outer joystick pointer before the joystick = joystick->next?
I changed the code to this, and it seems to have resolved the problem (although it’s a bit low-repro, so not sure):
/* If any joysticks were closed while updating, free them here */
for (joystick = SDL_joysticks; joystick; ) {
next_joystick = joystick->next;
if (joystick->ref_count <= 0) {
SDL_JoystickClose(joystick);
}
joystick = next_joystick;
}
Thoughts? Should I file a bug? Upstream a patch? Other? =)