| Summary: | Crash at memcpy X11_DispatchEvent(_THIS) Function | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Nitz <nitin.j4> |
| Component: | video | Assignee: | Sam Lantinga <slouken> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | major | ||
| Priority: | P2 | ||
| Version: | 2.0.0 | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
Fixed, thanks! http://hg.libsdl.org/SDL/rev/a36ab6149a10 |
In Function X11_DispatchEvent(_THIS), case SelectionNotify : static void X11_DispatchEvent(_THIS) { // Some Code case SelectionNotify: { //Some Code SDL_bool expect_lf = SDL_FALSE; char *start = NULL; // Initialised with NULL char *scan = (char*)p.data; char *fn; char *uri; int length = 0; while (p.count--) { if (!expect_lf) { if (*scan==0x0D) { expect_lf = SDL_TRUE; } else if(start == NULL) { start = scan; length = 0; } length++; } else { if (*scan==0x0A && length>0) { uri = malloc(length--); memcpy(uri, start, length); // Problem is Here, start is still NULL if control comes to else statement without initialising the start pointer, which is wrong uri[length] = 0; fn = X11_URIToLocal(uri); if (fn) SDL_SendDropFile(fn); free(uri); } expect_lf = SDL_FALSE; start = NULL; } scan++; } } As shown above how start pointer remains NULL, Patch for this issue would be: if (*scan==0x0D) { expect_lf = SDL_TRUE; } if(start == NULL) { start = scan; length = 0; } Just replace else if statement with if. Thanks, Nitz