From 1940d289bf16163512fdd22f2b7f9d529950fbfc Mon Sep 17 00:00:00 2001
From: Sylvain <[EMAIL REDACTED]>
Date: Wed, 8 Dec 2021 09:41:33 +0100
Subject: [PATCH] SW Renderer: fix invalid read if VSYNC hint is initially set
with an empty value (eg "") because: - GeHint return a value pointer. -
SetHint free internally the pointer - The -now invalid- pointer is re-read
==9363== Invalid read of size 1
==9363== at 0x4946860: SW_CreateRenderer (SDL_render_sw.c:1044)
==9363== by 0x48F0EC3: SDL_CreateRenderer_REAL (SDL_render.c:938)
==9363== by 0x48C5921: SDL_CreateRenderer (SDL_dynapi_procs.h:332)
==9363== by 0x401584: main (main.c:421)
==9363== Address 0x9c24040 is 0 bytes inside a block of size 1 free'd
==9363== at 0x484621F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==9363== by 0x494E403: SDL_free_REAL (SDL_malloc.c:5432)
==9363== by 0x48A6153: SDL_SetHintWithPriority_REAL (SDL_hints.c:76)
==9363== by 0x48A6254: SDL_SetHint_REAL (SDL_hints.c:101)
---
src/render/software/SDL_render_sw.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/render/software/SDL_render_sw.c b/src/render/software/SDL_render_sw.c
index 1aaffac0ed6..14f49b67e08 100644
--- a/src/render/software/SDL_render_sw.c
+++ b/src/render/software/SDL_render_sw.c
@@ -1030,17 +1030,24 @@ SW_CreateRenderer(SDL_Window * window, Uint32 flags)
{
const char *hint;
SDL_Surface *surface;
+ SDL_bool no_hint_set;
/* Set the vsync hint based on our flags, if it's not already set */
hint = SDL_GetHint(SDL_HINT_RENDER_VSYNC);
if (!hint || !*hint) {
+ no_hint_set = SDL_TRUE;
+ } else {
+ no_hint_set = SDL_FALSE;
+ }
+
+ if (no_hint_set) {
SDL_SetHint(SDL_HINT_RENDER_VSYNC, (flags & SDL_RENDERER_PRESENTVSYNC) ? "1" : "0");
}
surface = SDL_GetWindowSurface(window);
/* Reset the vsync hint if we set it above */
- if (!hint || !*hint) {
+ if (no_hint_set) {
SDL_SetHint(SDL_HINT_RENDER_VSYNC, "");
}