Commit 3b516e633b4a170ba54b6e96b069e89fa59b3dbc
2019-11-11T22:14:00
haiku: Fix crash when opening window. - _num_clips was not set in constructor, so a NULL _clips could be mistakenly dereferenced. - As _clips is accessible outside the class, it is not a good idea to free/reallocate it. Try to limit this by reallocating only when it needs to grow. Partially fixes Bugzilla #4442.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
diff --git a/src/video/haiku/SDL_BWin.h b/src/video/haiku/SDL_BWin.h
index da84dd5..1534059 100644
--- a/src/video/haiku/SDL_BWin.h
+++ b/src/video/haiku/SDL_BWin.h
@@ -86,6 +86,7 @@ class SDL_BWin:public BDirectWindow
_buffer_locker = new BLocker();
_bitmap = NULL;
_clips = NULL;
+ _num_clips = 0;
#ifdef DRAWTHREAD
_draw_thread_id = spawn_thread(HAIKU_DrawThread, "drawing_thread",
@@ -179,13 +180,17 @@ class SDL_BWin:public BDirectWindow
_connected = true;
case B_DIRECT_MODIFY:
- if(_clips) {
- free(_clips);
- _clips = NULL;
+ if (info->clip_list_count > _num_clips)
+ {
+ if(_clips) {
+ free(_clips);
+ _clips = NULL;
+ }
}
_num_clips = info->clip_list_count;
- _clips = (clipping_rect *)malloc(_num_clips*sizeof(clipping_rect));
+ if (_clips == NULL)
+ _clips = (clipping_rect *)malloc(_num_clips*sizeof(clipping_rect));
if(_clips) {
memcpy(_clips, info->clip_list,
_num_clips*sizeof(clipping_rect));
@@ -652,7 +657,7 @@ private:
clipping_rect _bounds;
BLocker *_buffer_locker;
clipping_rect *_clips;
- int32 _num_clips;
+ uint32 _num_clips;
int32 _bytes_per_px;
thread_id _draw_thread_id;