Commit 1940d289bf16163512fdd22f2b7f9d529950fbfc
2021-12-08T09:41:33
SW Renderer: fix invalid read if VSYNC hint is initially set with an empty value (eg "") because: - GeHint return a value pointer. - SetHint free internally the pointer - The -now invalid- pointer is re-read ==9363== Invalid read of size 1 ==9363== at 0x4946860: SW_CreateRenderer (SDL_render_sw.c:1044) ==9363== by 0x48F0EC3: SDL_CreateRenderer_REAL (SDL_render.c:938) ==9363== by 0x48C5921: SDL_CreateRenderer (SDL_dynapi_procs.h:332) ==9363== by 0x401584: main (main.c:421) ==9363== Address 0x9c24040 is 0 bytes inside a block of size 1 free'd ==9363== at 0x484621F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so) ==9363== by 0x494E403: SDL_free_REAL (SDL_malloc.c:5432) ==9363== by 0x48A6153: SDL_SetHintWithPriority_REAL (SDL_hints.c:76) ==9363== by 0x48A6254: SDL_SetHint_REAL (SDL_hints.c:101)
diff --git a/src/render/software/SDL_render_sw.c b/src/render/software/SDL_render_sw.c
index 1aaffac..14f49b6 100644
--- a/src/render/software/SDL_render_sw.c
+++ b/src/render/software/SDL_render_sw.c
@@ -1030,17 +1030,24 @@ SW_CreateRenderer(SDL_Window * window, Uint32 flags)
{
const char *hint;
SDL_Surface *surface;
+ SDL_bool no_hint_set;
/* Set the vsync hint based on our flags, if it's not already set */
hint = SDL_GetHint(SDL_HINT_RENDER_VSYNC);
if (!hint || !*hint) {
+ no_hint_set = SDL_TRUE;
+ } else {
+ no_hint_set = SDL_FALSE;
+ }
+
+ if (no_hint_set) {
SDL_SetHint(SDL_HINT_RENDER_VSYNC, (flags & SDL_RENDERER_PRESENTVSYNC) ? "1" : "0");
}
surface = SDL_GetWindowSurface(window);
/* Reset the vsync hint if we set it above */
- if (!hint || !*hint) {
+ if (no_hint_set) {
SDL_SetHint(SDL_HINT_RENDER_VSYNC, "");
}