We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4308

Summary: Prebuilt SDL.dll files not compiled with ASLR support (DYNAMICBASE)
Product: SDL Reporter: Cameron Gutman <cameron.gutman>
Component: buildAssignee: Sam Lantinga <slouken>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: normal    
Priority: P2    
Version: 2.0.9   
Hardware: All   
OS: Windows 10   

Description Cameron Gutman 2018-10-13 03:53:18 UTC 
The current SDL 2.0.8 and the prerelease SDL 2.0.9 are compiled without the DYNAMICBASE flag to indicate that ASLR may relocate the DLL at load-time. https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2017

When I build SDL.dll myself using the VS2010 project, the DLL has the DYNAMICBASE flag set (as is the default). Similarly, MinGW-w64 also enables ASLR by default on all binaries for a couple years now (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836365)

How are the official release builds created? Could the build tools just be out of date?
Comment 1 Sam Lantinga 2018-11-02 23:55:18 UTC 
I built the 2.0.9 release with the latest mingw-64 toolchain. Can you check to see if this is fixed now?
Comment 2 Cameron Gutman 2018-11-03 00:09:34 UTC 
Unfortunately, it looks like it's not. It looks like it doesn't set any of the DLL characteristics in the PE header. Here's the dumpbin output from the official build and my local build in Visual Studio.

c:\temp\SDL2-2.0.9-win32-x64>dumpbin /headers SDL2.dll
Microsoft (R) COFF/PE Dumper Version 14.15.26730.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file SDL2.dll

PE signature found

File Type: DLL

FILE HEADER VALUES
            8664 machine (x64)
               C number of sections
               0 time date stamp
               0 file pointer to symbol table
               0 number of symbols
              F0 size of optional header
            222E characteristics
                   Executable
                   Line numbers stripped
                   Symbols stripped
                   Application can handle large (>2GB) addresses
                   Debug information stripped
                   DLL

OPTIONAL HEADER VALUES
             20B magic # (PE32+)
            2.31 linker version
           F8400 size of code
          144E00 size of initialized data
            3A00 size of uninitialized data
            12F7 entry point (000000006C7412F7)
            1000 base of code
        6C740000 image base (000000006C740000 to 000000006C88EFFF)
            1000 section alignment
             200 file alignment
            4.00 operating system version
            0.00 image version
            5.02 subsystem version
               0 Win32 version
          14F000 size of image
             400 size of headers
          152EE6 checksum
               3 subsystem (Windows CUI)
               0 DLL characteristics

c:\temp>dumpbin /headers SDL2-MSVC.dll
Microsoft (R) COFF/PE Dumper Version 14.15.26730.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file SDL2-MSVC.dll

PE signature found

File Type: DLL

FILE HEADER VALUES
            8664 machine (x64)
               6 number of sections
        5BD94865 time date stamp Tue Oct 30 23:15:01 2018
               0 file pointer to symbol table
               0 number of symbols
              F0 size of optional header
            2022 characteristics
                   Executable
                   Application can handle large (>2GB) addresses
                   DLL

OPTIONAL HEADER VALUES
             20B magic # (PE32+)
           14.15 linker version
           BA200 size of code
           48200 size of initialized data
               0 size of uninitialized data
            C210 entry point (000000018000C210) _DllMainCRTStartup
            1000 base of code
       180000000 image base (0000000180000000 to 0000000180104FFF)
            1000 section alignment
             200 file alignment
            6.00 operating system version
            0.00 image version
            6.00 subsystem version
               0 Win32 version
          105000 size of image
             400 size of headers
               0 checksum
               2 subsystem (Windows GUI)
             160 DLL characteristics
                   High Entropy Virtual Addresses
                   Dynamic base
                   NX compatible
Comment 3 Sam Lantinga 2018-11-03 00:33:04 UTC 
Is there a compiler flag we need to set for this?

Here's the link line:
i686-w64-mingw32-gcc -static-libgcc -shared  build/.libs/SDL.o build/.libs/SDL_assert.o build/.libs/SDL_dataqueue.o build/.libs/SDL_error.o build/.libs/SDL_hints.o build/.libs/SDL_log.o build/.libs/SDL_atomic.o build/.libs/SDL_spinlock.o build/.libs/SDL_audio.o build/.libs/SDL_audiocvt.o build/.libs/SDL_audiodev.o build/.libs/SDL_audiotypecvt.o build/.libs/SDL_mixer.o build/.libs/SDL_wave.o build/.libs/SDL_cpuinfo.o build/.libs/SDL_dynapi.o build/.libs/SDL_clipboardevents.o build/.libs/SDL_displayevents.o build/.libs/SDL_dropevents.o build/.libs/SDL_events.o build/.libs/SDL_gesture.o build/.libs/SDL_keyboard.o build/.libs/SDL_mouse.o build/.libs/SDL_quit.o build/.libs/SDL_touch.o build/.libs/SDL_windowevents.o build/.libs/SDL_rwops.o build/.libs/SDL_haptic.o build/.libs/SDL_gamecontroller.o build/.libs/SDL_joystick.o build/.libs/e_atan2.o build/.libs/e_exp.o build/.libs/e_fmod.o build/.libs/e_log.o build/.libs/e_log10.o build/.libs/e_pow.o build/.libs/e_rem_pio2.o build/.libs/e_sqrt.o build/.libs/k_cos.o build/.libs/k_rem_pio2.o build/.libs/k_sin.o build/.libs/k_tan.o build/.libs/s_atan.o build/.libs/s_copysign.o build/.libs/s_cos.o build/.libs/s_fabs.o build/.libs/s_floor.o build/.libs/s_scalbn.o build/.libs/s_sin.o build/.libs/s_tan.o build/.libs/SDL_power.o build/.libs/SDL_d3dmath.o build/.libs/SDL_render.o build/.libs/SDL_yuv_sw.o build/.libs/SDL_render_d3d.o build/.libs/SDL_shaders_d3d.o build/.libs/SDL_render_d3d11.o build/.libs/SDL_shaders_d3d11.o build/.libs/SDL_render_gl.o build/.libs/SDL_shaders_gl.o build/.libs/SDL_render_gles.o build/.libs/SDL_render_gles2.o build/.libs/SDL_shaders_gles2.o build/.libs/SDL_render_psp.o build/.libs/SDL_blendfillrect.o build/.libs/SDL_blendline.o build/.libs/SDL_blendpoint.o build/.libs/SDL_drawline.o build/.libs/SDL_drawpoint.o build/.libs/SDL_render_sw.o build/.libs/SDL_rotate.o build/.libs/SDL_sensor.o build/.libs/SDL_getenv.o build/.libs/SDL_iconv.o build/.libs/SDL_malloc.o build/.libs/SDL_qsort.o build/.libs/SDL_stdlib.o build/.libs/SDL_string.o build/.libs/SDL_thread.o build/.libs/SDL_timer.o build/.libs/SDL_RLEaccel.o build/.libs/SDL_blit.o build/.libs/SDL_blit_0.o build/.libs/SDL_blit_1.o build/.libs/SDL_blit_A.o build/.libs/SDL_blit_N.o build/.libs/SDL_blit_auto.o build/.libs/SDL_blit_copy.o build/.libs/SDL_blit_slow.o build/.libs/SDL_bmp.o build/.libs/SDL_clipboard.o build/.libs/SDL_egl.o build/.libs/SDL_fillrect.o build/.libs/SDL_pixels.o build/.libs/SDL_rect.o build/.libs/SDL_shape.o build/.libs/SDL_stretch.o build/.libs/SDL_surface.o build/.libs/SDL_video.o build/.libs/SDL_vulkan_utils.o build/.libs/SDL_yuv.o build/.libs/yuv_rgb.o build/.libs/SDL_nullevents.o build/.libs/SDL_nullframebuffer.o build/.libs/SDL_nullvideo.o build/.libs/SDL_diskaudio.o build/.libs/SDL_dummyaudio.o build/.libs/SDL_windows.o build/.libs/SDL_xinput.o build/.libs/SDL_windowsclipboard.o build/.libs/SDL_windowsevents.o build/.libs/SDL_windowsframebuffer.o build/.libs/SDL_windowskeyboard.o build/.libs/SDL_windowsmessagebox.o build/.libs/SDL_windowsmodes.o build/.libs/SDL_windowsmouse.o build/.libs/SDL_windowsopengl.o build/.libs/SDL_windowsopengles.o build/.libs/SDL_windowsshape.o build/.libs/SDL_windowsvideo.o build/.libs/SDL_windowsvulkan.o build/.libs/SDL_windowswindow.o build/.libs/SDL_winmm.o build/.libs/SDL_directsound.o build/.libs/SDL_wasapi.o build/.libs/SDL_wasapi_win32.o build/.libs/SDL_dinputjoystick.o build/.libs/SDL_mmjoystick.o build/.libs/SDL_windowsjoystick.o build/.libs/SDL_xinputjoystick.o build/.libs/SDL_hidapi_ps4.o build/.libs/SDL_hidapi_switch.o build/.libs/SDL_hidapi_xbox360.o build/.libs/SDL_hidapi_xboxone.o build/.libs/SDL_hidapijoystick.o build/.libs/hid.o build/.libs/SDL_dinputhaptic.o build/.libs/SDL_windowshaptic.o build/.libs/SDL_xinputhaptic.o build/.libs/SDL_syspower.o build/.libs/SDL_sysfilesystem.o build/.libs/SDL_sysmutex.o build/.libs/SDL_syssem.o build/.libs/SDL_systhread.o build/.libs/SDL_systls.o build/.libs/SDL_syscond.o build/.libs/SDL_systimer.o build/.libs/SDL_sysloadso.o build/.libs/SDL_dummysensor.o  build/version.o   -ldinput8 -ldxguid -ldxerr8 -luser32 -lgdi32 -lwinmm -limm32 -lole32 -loleaut32 -lshell32 -lsetupapi -lversion -luuid  -Wl,--no-undefined   -o build/.libs/SDL2.dll -Wl,--enable-auto-image-base -Xlinker --out-implib -Xlinker build/.libs/libSDL2.dll.a
Comment 4 Sam Lantinga 2018-11-03 01:07:33 UTC 
This is fixed, thanks!
https://hg.libsdl.org/SDL/rev/60f322c5984f