We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1427 - integer passed to XChangeProperty() causes crash

Summary: integer passed to XChangeProperty() causes crash

Status:	RESOLVED FIXED

Alias:	None

Product:	SDL
Classification:	Unclassified
Component:	don't know (show other bugs)
Version:	1.2.15
Hardware:	Other NetBSD

Importance:	P2 major
Assignee:	Ryan C. Gordon
QA Contact:	Sam Lantinga

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-02-20 06:51 UTC by Julian Coleman
Modified:	2012-02-21 03:18 UTC (History)
CC List:	0 users

See Also:

Attachments
Fix for XChangeProperty crash. (1.06 KB, patch) 2012-02-20 06:51 UTC, Julian Coleman	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julian Coleman 2012-02-20 06:51:12 UTC

Created attachment 825 [details]
Fix for XChangeProperty crash.

In src/video/x11/SDL_x11video.c, the result of getpid(), i.e., a pid_t is passed to:

  XChangeProperty(..., 32, ...)

However, using 32 here means that Xlib treats the value as a long, and pid_t is an int.  So, we get a bus error inside Xlib.
The fix is to make sure that anything passed to XChangeProperty() is aligned correctly.  Note, that the other calls to XChangeProperty() pass long values here.
The proposed patch makes a union of the pid_t return type from getpid() and a dummy long.  This has been tested to fix the bus error crash on NetBSD/sparc64.

Comment 1 Sam Lantinga 2012-02-20 17:51:45 UTC

Fixed, thanks!
http://hg.libsdl.org/SDL/rev/57a55e457ef6

Can you take a look at the SDL 2.0 code and see if a similar fix is necessary there?
http://www.libsdl.org/tmp/SDL-2.0.tar.gz

Comment 2 Julian Coleman 2012-02-21 03:18:35 UTC

Hi,

Looking at src/video/x11/SDL_x11window.c in SDLK 2.0.0, XChangeProperty() is passed &data->pid.  data is a struct SDL_VideoData, and pid is a pid_t in the struct.  So, this looks like it will have the same problem as 1.2.15.  The same fix should apply, but inside the definition of struct SDL_VideoData.

Thanks,

J

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.