| Summary: | SDL_SendSysWMEvent gets invalid pointer to local variable | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Elmar <elmar> |
| Component: | events | Assignee: | Sam Lantinga <slouken> |
| Status: | RESOLVED INVALID | QA Contact: | Sam Lantinga <slouken> |
| Severity: | major | ||
| Priority: | P2 | ||
| Version: | HG 2.1 | ||
| Hardware: | All | ||
| OS: | Windows (All) | ||
Are you actually crashing because of this? The message is copied inside SDL_AddEvent() so it's only used as a pointer within that call stack while the variable is valid. Oups, big apologies: I crashed indeed, but as it now turned out for another reason. And when I checked the source, I overlooked the part in SDL_AddEvent. Many thanks for your superfast reply and the great work! Elmar You're welcome! :) |
Dear SDL team, in file SDL_windowsevents.c, I see the code below. Note that wmmsg is a local variable on the stack, whose address is passed to SDL_SendSysWMEvent... if (SDL_GetEventState(SDL_SYSWMEVENT) == SDL_ENABLE) { SDL_SysWMmsg wmmsg; SDL_VERSION(&wmmsg.version); wmmsg.subsystem = SDL_SYSWM_WINDOWS; wmmsg.msg.win.hwnd = hwnd; wmmsg.msg.win.msg = msg; wmmsg.msg.win.wParam = wParam; wmmsg.msg.win.lParam = lParam; SDL_SendSysWMEvent(&wmmsg); } ...and SDL_SendSysWMEvent permanently stores this address in the event structure as event.syswm.msg, which is of course fatal, since the address becomes invalid immediately afterwards, causing a crash upon access: int SDL_SendSysWMEvent(SDL_SysWMmsg * message) { int posted; posted = 0; if (SDL_GetEventState(SDL_SYSWMEVENT) == SDL_ENABLE) { SDL_Event event; SDL_memset(&event, 0, sizeof(event)); event.type = SDL_SYSWMEVENT; event.syswm.msg = message; posted = (SDL_PushEvent(&event) > 0); } /* Update internal event state */ return (posted);