| Summary: | Segmentation fault from SDL_Render.c from stack overallocation using SDL_stack_alloc in SDL_RenderDrawPoints() | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Kyle Kuhn <kylekuhn99> |
| Component: | render | Assignee: | Ryan C. Gordon <icculus> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | normal | ||
| Priority: | P2 | CC: | icculus |
| Version: | 2.0.8 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Attachments: | When compiled and linked with SDL2 on Linux, this should replicate the segmentation fault in SDL_Render.c | ||
This is already fixed in the renderer rewrite, which will merge after 2.0.9 ships. --ryan. (In reply to Ryan C. Gordon from comment #1) > This is already fixed in the renderer rewrite, which will merge after 2.0.9 > ships. > > --ryan. Thank you, I'll keep an eye out for it. This is fixed in the latest snapshot: http://www.libsdl.org/tmp/SDL-2.0.zip |
Created attachment 3365 [details] When compiled and linked with SDL2 on Linux, this should replicate the segmentation fault in SDL_Render.c I have attached a file that can recreate the bug on Linux. Platform Information: I am using Fedora 28 and SDL 2.08 (with the latest updates as of 11 October 2018) with a Ryzen 3 2200G and Radeon RX560 with 16 gigabytes of RAM. How to recreate: With everything initialized properly, create window and renderer. Heap allocate an array of SDL_Point 250,000 elements in size or greater. Use SDL_RenderDrawPoints() on the valid renderer using this list and the size provided. This will cause a segmentation fault. Source of bug: I did some debugging, and traced the segmentation fault back to SDL_stack_alloc() on line 1620 of SDL_render.c. I did some quick checking and found that it was trying to allocate more than 2 megabytes onto the stack, which caused a segmentation fault from an oversized stack. Potential fix: Allocate the points on the heap instead or render directly from the buffer provided in the "const SDL_Point * points" argument. You can also add error checking to SDL_stack_alloc in order to throw NULL if it exceeds the stack space available.