From 3b516e633b4a170ba54b6e96b069e89fa59b3dbc Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Mon, 11 Nov 2019 22:14:00 -0500 Subject: [PATCH] haiku: Fix crash when opening window. - _num_clips was not set in constructor, so a NULL _clips could be mistakenly dereferenced. - As _clips is accessible outside the class, it is not a good idea to free/reallocate it. Try to limit this by reallocating only when it needs to grow. Partially fixes Bugzilla #4442. --- src/video/haiku/SDL_BWin.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/video/haiku/SDL_BWin.h b/src/video/haiku/SDL_BWin.h index da84dd5cf..15340596b 100644 --- a/src/video/haiku/SDL_BWin.h +++ b/src/video/haiku/SDL_BWin.h @@ -86,6 +86,7 @@ class SDL_BWin:public BDirectWindow _buffer_locker = new BLocker(); _bitmap = NULL; _clips = NULL; + _num_clips = 0; #ifdef DRAWTHREAD _draw_thread_id = spawn_thread(HAIKU_DrawThread, "drawing_thread", @@ -179,13 +180,17 @@ class SDL_BWin:public BDirectWindow _connected = true; case B_DIRECT_MODIFY: - if(_clips) { - free(_clips); - _clips = NULL; + if (info->clip_list_count > _num_clips) + { + if(_clips) { + free(_clips); + _clips = NULL; + } } _num_clips = info->clip_list_count; - _clips = (clipping_rect *)malloc(_num_clips*sizeof(clipping_rect)); + if (_clips == NULL) + _clips = (clipping_rect *)malloc(_num_clips*sizeof(clipping_rect)); if(_clips) { memcpy(_clips, info->clip_list, _num_clips*sizeof(clipping_rect)); @@ -652,7 +657,7 @@ private: clipping_rect _bounds; BLocker *_buffer_locker; clipping_rect *_clips; - int32 _num_clips; + uint32 _num_clips; int32 _bytes_per_px; thread_id _draw_thread_id;