| Summary: | joystick: potential NULL pointer dereference | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Patrice Mandin <patmandin> |
| Component: | joystick | Assignee: | Ryan C. Gordon <icculus> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | normal | ||
| Priority: | P2 | ||
| Version: | 1.2.13 | ||
| Hardware: | All | ||
| OS: | All | ||
| Attachments: | There's no reason to analyze what the NULL-pointer is pointing to, so we want to return. | ||
Created attachment 259 [details]
There's no reason to analyze what the NULL-pointer is pointing to, so we want to return.
I looked at the code, and as far as I can tell we should get a risk-free effect by returning immediatly instead of setting the pointer to NULL and continue the execution of the function.
Suggested patch attached.
|
Around lines 140-150 in src/joystick/SDL_joystick.c: --8<-- if ( ((joystick->naxes > 0) && !joystick->axes) || ((joystick->nhats > 0) && !joystick->hats) || ((joystick->nballs > 0) && !joystick->balls) || ((joystick->nbuttons > 0) && !joystick->buttons)) { SDL_OutOfMemory(); SDL_JoystickClose(joystick); joystick = NULL; } if ( joystick->axes ) { SDL_memset(joystick->axes, 0, joystick->naxes*sizeof(Sint16)); } --8<-- joystick variable is set to NULL, however, the checks that follow may still dereference it in this case.