We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4006

Summary:	GetRawInputDeviceList may return less entries than requested
Product:	SDL	Reporter:	Mathieu Laurendeau <mat.lau>
Component:	joystick	Assignee:	Sam Lantinga <slouken>
Status:	NEW ---	QA Contact:	Sam Lantinga <slouken>
Severity:	normal
Priority:	P2	CC:	sezeroz
Version:	2.0.7
Hardware:	x86
OS:	Windows 10
Attachments:	proposed fix

Description Mathieu Laurendeau 2017-12-21 21:23:26 UTC

Created attachment 3117 [details]
proposed fix

Hello,

I think I found an issue in SDL_dinputjoystick.c and SDL_xinputjoystick.c.

There is no guarantee the GetRawInputDeviceList returns the requested number of entries. Moreover the provided buffer is malloc'd, which means something unexpected/random may happen.

https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms645598(v=vs.85).aspx

> If the function is successful, the return value is the number of devices stored in the buffer pointed to by pRawInputDeviceList.

See attached patch.

Comment 1 Mathieu Laurendeau 2020-04-25 13:08:54 UTC

Please consider adding the suggested patch.

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4006

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.