We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1683 - buffer overflow on fullscreen

Summary: buffer overflow on fullscreen

Status:	RESOLVED DUPLICATE of bug 1812

Alias:	None

Product:	SDL
Classification:	Unclassified
Component:	video (show other bugs)
Version:	HG 2.0
Hardware:	x86_64 Linux

Importance:	P2 critical
Assignee:	Sam Lantinga
QA Contact:	Sam Lantinga

URL:
Keywords:	target-2.0.0

Depends on:
Blocks:

Reported:	2013-01-07 08:32 UTC by jujulicca
Modified:	2013-07-27 00:33 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jujulicca 2013-01-07 08:32:44 UTC

Very often the program terminates with buffer overflow when trying toggle fullscreen (sometimes when go into fullscreen mode, sometimes when go out).

-------------------------------------------

Program that I'm using:

#include <SDL2/SDL.h>

int main(int argc, char* argv[])
{
    SDL_Init(SDL_INIT_VIDEO);

    SDL_Window* window = SDL_CreateWindow("SDL 2.0", 0, 0, 800, 600, SDL_WINDOW_OPENGL|SDL_WINDOW_SHOWN);
    if(window == 0) return 1;

    bool running = true;

    while(running)
    {
        SDL_Event event;
        while(SDL_PollEvent(&event))
        {
            switch(event.type)
            {
            case SDL_QUIT:
                running = false;
                break;

            case SDL_KEYDOWN:
                if(event.key.keysym.sym == SDLK_ESCAPE) running = false;
                if(event.key.keysym.sym == SDLK_F1) SDL_SetWindowFullscreen(window, SDL_TRUE);
                if(event.key.keysym.sym == SDLK_F2) SDL_SetWindowFullscreen(window, SDL_FALSE);
                break;
            }
        }
    }

    SDL_DestroyWindow(window);
    SDL_Quit();

    return 0;
}

-------------------------------------------

*** buffer overflow detected ***: ./rts terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f8f19789547]
/lib64/libc.so.6(+0xef480)[0x7f8f19787480]
/usr/lib64/libXi.so.6(+0x8b49)[0x7f8f180f7b49]
/usr/lib64/libX11.so.6(_XCopyEventCookie+0x4a)[0x7f8f1919ca4a]
/usr/lib64/libX11.so.6(XPeekEvent+0x67)[0x7f8f1918b5e7]
/usr/lib64/libSDL2-2.0.so.0(+0xb5f77)[0x7f8f1a254f77]
/usr/lib64/libSDL2-2.0.so.0(SDL_PumpEvents+0x17)[0x7f8f1a1d54a7]
/usr/lib64/libSDL2-2.0.so.0(SDL_WaitEventTimeout+0x2d)[0x7f8f1a1d550d]
./rts[0x400791]
/lib64/libc.so.6(__libc_start_main+0xed)[0x7f8f196b923d]
./rts[0x400825]

Comment 1 jujulicca 2013-01-07 11:37:19 UTC

Ok.. As can I see it happens only if you moving mouse while system switch from/to fullscreen.

Comment 2 jujulicca 2013-01-08 06:30:40 UTC

I have tested my app on some computers and systems:
openSUSE 12.1 (Radeon HD 4670 proprietary drivers, 2 monitors)
openSUSE 12.1 (Intel GMA 965 open source drivers)
openSUSE 12.2 (Radeon 7500 open source drivers)
ArchLinux (Intel GMA 945 open source drivers)

This bug present only in openSUSE 12.1, I think it is problem in Xlib.

Please check again!

Comment 3 Sam Lantinga 2013-02-11 21:02:13 UTC

Can you run the test program with valgrind and see where the memory overwrite is happening?

Comment 4 Ryan C. Gordon 2013-07-12 22:15:50 UTC

(Sorry if you get a lot of copies of this email, we're touching dozens of bug reports right now.)

Tagging a bunch of bugs as target-2.0.0, Priority 2.

This means we're in the final stretch for an official SDL 2.0.0 release! These are the bugs we really want to fix before shipping if humanly possible.

That being said, we don't promise to fix them because of this tag, we just want to make sure we don't forget to deal with them before we bless a final 2.0.0 release, and generally be organized about what we're aiming to ship.

Hopefully you'll hear more about this bug soon. If you have more information (including "this got fixed at some point, nevermind"), we would love to have you come add more information to the bug report when you have a moment.

Thanks!
--ryan.

Comment 5 Ryan C. Gordon 2013-07-27 00:33:18 UTC

As, I can now tell that this bug is a duplicate of Bug #1812. This was a bug in older versions of libXi; newer builds of x.org don't crash, and the latest in SDL's revision control avoids the issue anyhow.

--ryan.

*** This bug has been marked as a duplicate of bug 1812 ***

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.