We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4006 - GetRawInputDeviceList may return less entries than requested
Summary: GetRawInputDeviceList may return less entries than requested
Status: NEW
Alias: None
Product: SDL
Classification: Unclassified
Component: joystick (show other bugs)
Version: 2.0.7
Hardware: x86 Windows 10
: P2 normal
Assignee: Sam Lantinga
QA Contact: Sam Lantinga
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-21 21:23 UTC by Mathieu Laurendeau
Modified: 2020-04-25 13:08 UTC (History)
1 user (show)

See Also:

Attachments
proposed fix (1.40 KB, patch)
2017-12-21 21:23 UTC, Mathieu Laurendeau 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mathieu Laurendeau 2017-12-21 21:23:26 UTC 
Created attachment 3117 [details]
proposed fix

Hello,

I think I found an issue in SDL_dinputjoystick.c and SDL_xinputjoystick.c.

There is no guarantee the GetRawInputDeviceList returns the requested number of entries. Moreover the provided buffer is malloc'd, which means something unexpected/random may happen.

https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms645598(v=vs.85).aspx

> If the function is successful, the return value is the number of devices stored in the buffer pointed to by pRawInputDeviceList.

See attached patch.
Comment 1 Mathieu Laurendeau 2020-04-25 13:08:54 UTC 
Please consider adding the suggested patch.