Commit 9e8e0fb7b14034a19365f0d4c3b8c250cd441163

Sam Lantinga 2018-09-28T20:48:18

Fixed bug 4283 - SDL's version of memset is different from libc's janisozaur memset's documentation reads: * The memset() function shall copy c (converted to an unsigned char) into each of the first n bytes of the object pointed to by s. (http://pubs.opengroup.org/onlinepubs/9699919799/functions/memset.html) * Sets the first count characters of dest to the character c. (https://msdn.microsoft.com/en-us/library/1fdeehz6.aspx) * write a byte to a byte string (https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/memset.3.html) The highlight here is they all mean a single _byte_, even though memset receives a parameter of type int, which can hold more data than a single byte. SDL's implementation of memset, however, does not clear any of the higher bits, causing an erroneous behaviour when passed an argument bigger than 0xff.

diff --git a/src/stdlib/SDL_string.c b/src/stdlib/SDL_string.c
index 0fedcf4..a563adf 100644
--- a/src/stdlib/SDL_string.c
+++ b/src/stdlib/SDL_string.c
@@ -271,12 +271,16 @@ SDL_memset(SDL_OUT_BYTECAP(len) void *dst, int c, size_t len)
     size_t left;
     Uint32 *dstp4;
     Uint8 *dstp1 = (Uint8 *) dst;
-    Uint32 value4 = (c | (c << 8) | (c << 16) | (c << 24));
-    Uint8 value1 = (Uint8) c;
+    Uint8 value1;
+    Uint32 value4;
+
+    /* The value used in memset() is a byte, passed as an int */
+    c &= 0xff;
 
     /* The destination pointer needs to be aligned on a 4-byte boundary to
      * execute a 32-bit set. Set first bytes manually if needed until it is
      * aligned. */
+    value1 = (Uint8)c;
     while ((intptr_t)dstp1 & 0x3) {
         if (len--) {
             *dstp1++ = value1;
@@ -285,6 +289,7 @@ SDL_memset(SDL_OUT_BYTECAP(len) void *dst, int c, size_t len)
         }
     }
 
+    value4 = (c | (c << 8) | (c << 16) | (c << 24));
     dstp4 = (Uint32 *) dstp1;
     left = (len % 4);
     len /= 4;