SDL/include
Sam Lantinga fb835f9e3b Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow with large X11 file descriptor
manuel.montezelo

Original bug report (note that it was against 2.0.0, it might have been fixed in between):  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733015

--------------------------------------------------------
Package: libsdl2-2.0-0
Version: 2.0.0+dfsg1-3
Severity: normal
Tags: patch

I have occasional crashes here caused by the X11 backend of SDL2. It seems to
be caused by the X11_Pending function trying to add a high number (> 1024)
file descriptor to a fd_set before doing a select on it to avoid busy waiting
on X11 events. This causes a buffer overflow because the file descriptor is
larger (or equal) than the limit FD_SETSIZE.

Attached is a possible workaround patch.

Please also keep in mind that fd_set are also used in following files which
may have similar problems.

src/audio/bsd/SDL_bsdaudio.c
src/audio/paudio/SDL_paudio.c
src/audio/qsa/SDL_qsa_audio.c
src/audio/sun/SDL_sunaudio.c
src/joystick/linux/SDL_sysjoystick.c


--------------------------------------------------------

On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote:
> I have occasional crashes here caused by the X11 backend of SDL2. It seems
> to be caused by the X11_Pending function trying to add a high number (>
> 1024) file descriptor to a fd_set before doing a select on it to avoid busy
> waiting on X11 events. This causes a buffer overflow because the file
> descriptor is larger (or equal) than the limit FD_SETSIZE.


I personally experienced this problem while hacking on the python bindings
package for SDL2 [1] (while doing make runtest). But it easier to reproduce in
a smaller, synthetic testcase.
2017-08-14 20:22:19 -07:00
..
SDL.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_assert.h assert: Check for Clang _and_ GCC, in case they ever drop compatibility. 2017-05-19 14:49:16 -04:00
SDL_atomic.h Make sure the memory barrier functions are always available, and now they are implemented on Android __ARM_ARCH_5TE__ 2017-02-10 11:21:15 -08:00
SDL_audio.h Fixed bug 3668 - Overflow of SDL_AudioCVT.filters with some downmixes 2017-06-12 16:39:15 -07:00
SDL_bits.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_blendmode.h Fixed compiler warning with enum 2017-08-14 10:14:07 -07:00
SDL_clipboard.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_config.h mistake: Revert the files that I did not mean to commit 2017-03-01 15:05:54 -08:00
SDL_config.h.cmake Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow with large X11 file descriptor 2017-08-14 20:22:19 -07:00
SDL_config.h.in Fixed bug 2330 - Debian bug report: SDL2 X11 driver buffer overflow with large X11 file descriptor 2017-08-14 20:22:19 -07:00
SDL_config_android.h Fixed bug 3191 - haptic system on android? 2017-08-12 08:15:09 -07:00
SDL_config_iphoneos.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_config_macosx.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_config_minimal.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_config_pandora.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_config_psp.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_config_windows.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_config_winrt.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_config_wiz.h Updated config headers to override the base SDL_config.h if both are included 2017-02-20 10:55:33 -08:00
SDL_copying.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_cpuinfo.h audio: Wired up new SSE code to build system. 2017-01-23 01:05:44 -05:00
SDL_egl.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_endian.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_error.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_events.h Fixed comment typo 2017-05-05 05:10:30 -07:00
SDL_filesystem.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_gamecontroller.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_gesture.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_haptic.h Fixed typos and documentation in haptic header file. 2017-04-02 21:32:49 +02:00
SDL_hints.h Fixed bug 3745 - specify SDLCALL as the calling convention for API callbacks 2017-08-14 06:28:21 -07:00
SDL_joystick.h Added an API to get the joystick instance ID before opening the device: SDL_JoystickGetDeviceInstanceID() 2017-03-09 16:09:16 -08:00
SDL_keyboard.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_keycode.h Added a note about number key keycodes always being SDLK_0...SDLK_9 even on AZERTY layouts 2017-08-12 15:45:46 -07:00
SDL_loadso.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_log.h Fixed bug 3745 - specify SDLCALL as the calling convention for API callbacks 2017-08-14 06:28:21 -07:00
SDL_main.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_messagebox.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_mouse.h Fixed comments in headers for doxygen output. 2017-06-04 23:15:39 +02:00
SDL_mutex.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_name.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_opengl.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_opengl_glext.h Fixed crash if initialization of EGL failed but was tried again later. 2015-06-21 17:33:46 +02:00
SDL_opengles.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_opengles2.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_opengles2_gl2.h Fixed crash if initialization of EGL failed but was tried again later. 2015-06-21 17:33:46 +02:00
SDL_opengles2_gl2ext.h Fixed crash if initialization of EGL failed but was tried again later. 2015-06-21 17:33:46 +02:00
SDL_opengles2_gl2platform.h Fixed crash if initialization of EGL failed but was tried again later. 2015-06-21 17:33:46 +02:00
SDL_opengles2_khrplatform.h Fixed crash if initialization of EGL failed but was tried again later. 2015-06-21 17:33:46 +02:00
SDL_pixels.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_platform.h Fixed bug 3752 - minor os2 defines 2017-08-14 10:15:38 -07:00
SDL_power.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_quit.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_rect.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_render.h Note that texture contents are undefined when the texture is created. 2017-08-12 13:05:26 -07:00
SDL_revision.h mistake: Revert the files that I did not mean to commit 2017-03-01 15:05:54 -08:00
SDL_rwops.h Added an API SDL_LoadFile_RW() to load all the data from an SDL data stream, and a convenience macro SDL_LoadFile() to load all the data from a file. 2017-08-09 11:58:38 -07:00
SDL_scancode.h Fixed bug 3703 - Missing media keys support on Amazon Fire TV remote control 2017-07-20 10:46:38 -07:00
SDL_shape.h Fixed typos in shape header. 2017-07-29 23:00:54 +02:00
SDL_stdinc.h Added wchar.h to fix build on some platforms with new wcs* functions 2017-08-13 22:26:44 -07:00
SDL_surface.h Fixed bug 2441 - SDL_DuplicateSurface 2017-08-14 13:37:14 -07:00
SDL_system.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_syswm.h Fixed bug 3752 - minor os2 defines 2017-08-14 10:15:38 -07:00
SDL_test.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_assert.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_common.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_compare.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_crc32.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_font.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_fuzzer.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_harness.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_images.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_log.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_md5.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_test_random.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_thread.h Fixed bug 3745 - specify SDLCALL as the calling convention for API callbacks 2017-08-14 06:28:21 -07:00
SDL_timer.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_touch.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_types.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_version.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00
SDL_video.h Fixed bug 3720 - SDL_GL_GetAttribute doesn't check for initialized video driver 2017-07-31 12:57:15 -07:00
begin_code.h Fixed bug 3752 - minor os2 defines 2017-08-14 10:15:38 -07:00
close_code.h Updated copyright for 2017 2017-01-01 18:33:28 -08:00