| Summary: | OpenGL: Buffer overflow in GL_RunCommandQueue | ||
|---|---|---|---|
| Product: | SDL | Reporter: | sowfelicity |
| Component: | render | Assignee: | Sam Lantinga <slouken> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | normal | ||
| Priority: | P2 | CC: | eric.t.scrivner, sowfelicity, sylvain.becker |
| Version: | HG 2.1 | ||
| Hardware: | x86_64 | ||
| OS: | All | ||
| Attachments: | Reset the verts pointer. | ||
Thanks fixed: https://hg.libsdl.org/SDL/rev/3276502021a5 |
Created attachment 3984 [details] Reset the verts pointer. SDL_RenderDrawLine overflows the verts buffer in opengl renderer. output of valgrind: ATTENTION: default value of option vblank_mode overridden by environment. ==19519== Conditional jump or move depends on uninitialised value(s) ==19519== at 0x408D282: GL_RunCommandQueue (SDL_render_gl.c:1233) ==19519== by 0x4086BD0: FlushRenderCommands (SDL_render.c:216) ==19519== by 0x4086BD0: SDL_RenderPresent_REAL (SDL_render.c:3089) ... src/render/opengl/SDL_render_gl.c: for (i = 0; i < count; ++i, verts += 2) { data->glVertex2f(verts[0], verts[1]); } ... #if defined(__MACOSX__) || defined(__WIN32__) /* Mac OS X and Windows seem to always leave the last point open */ data->glVertex2f(verts[(count-1)*2], verts[(count*2)-1]); #else /* Linux seems to leave the right-most or bottom-most point open */ x1 = verts[0]; y1 = verts[1]; x2 = verts[(count-1)*2]; y2 = verts[(count*2)-1]; ...