kmx git

Commit	Date	Message
d4086e4a	2017-05-29T03:01:05	stdlib: added SDL_utf8strlen().
29a047df	2017-05-29T00:51:38	Fixed whitespace code style.
c93bca48	2017-02-14T02:49:08	stdlib: Fixed crash on SDL_snprintf("%s", NULL). Like other C runtimes, it should probably produce the string "(null)". This bug probably only affected Windows, as most platforms use their standard C runtime's snprintf().
5cb1ca55	2017-01-18T11:57:27	Fixed building with mingw32
45b774e3	2017-01-01T18:33:28	Updated copyright for 2017
880842cf	2016-12-31T16:14:51	Fixed bug 3531 - internal SDL_vsnprintf implementation access memory outside given buffer ranges Tristan The internal SDL_vsnprintf implementation accesses memory outside buffer. The bug existed also inside the format (%) processing, which was fixed with Bug 3441. But there is still an invalid access, if we do not have any format inside the source string and the destination string is shorter than the format string. You can use any string for this test, as long it is longer than the buffer. Example: va_list argList; char buffer[4]; SDL_vsnprintf(buffer, sizeof(buffer), "Testing", argList); The bug is located on the 'else' branch of the format char test: while (fmt) { if (fmt == '%') { ... } else { if (left > 1) { text = fmt; --left; } ++fmt; ++text; } } if (left > 0) { text = '\0'; } As you can see that text is always incremented, even when left is already one. When then on the last lines, text is assigned the NULL char, the pointer is located outside bounds.
57d01d7d	2016-11-13T22:57:41	Patch from Sylvain to fix clang warnings
74e1dd4c	2016-11-11T13:14:00	Define _GNU_SOURCE when building SDL
46f44f66	2016-10-04T14:25:31	Fixed potential buffer overflow in SDL_vsnprintf() (thanks, Taylor!). Fixes Bugzilla #3441. "When using internal SDL_vsnprintf(), and source string length is greater than destination, the final NULL char will be written beyond destination size. Primary issue that is SDL_strlcpy returns length of source string (SDL_PrintString()), not how much is written to destination. The destination ptr is then incremented by this length before the sanity check is done. Destination string is properly terminated, but an extra NULL char will be written beyond destination buffer length. Patch used internally is attached which fixes primary issue with SDL_strlcpy() in SDL_PrintString() and adjusts sanity checks to increment destination ptr safely."
42065e78	2016-01-02T10:10:34	Updated copyright to 2016
0e45984f	2015-06-21T17:33:46	Fixed crash if initialization of EGL failed but was tried again later. The internal function SDL_EGL_LoadLibrary() did not delete and remove a mostly uninitialized data structure if loading the library first failed. A later try to use EGL then skipped initialization and assumed it was previously successful because the data structure now already existed. This led to at least one crash in the internal function SDL_EGL_ChooseConfig() because a NULL pointer was dereferenced to make a call to eglBindAPI().

d4086e4a

2017-05-29T03:01:05

stdlib: added SDL_utf8strlen().

29a047df

2017-05-29T00:51:38

Fixed whitespace code style.

c93bca48

2017-02-14T02:49:08

stdlib: Fixed crash on SDL_snprintf("%s", NULL). Like other C runtimes, it should probably produce the string "(null)". This bug probably only affected Windows, as most platforms use their standard C runtime's snprintf().

5cb1ca55

2017-01-18T11:57:27

Fixed building with mingw32

45b774e3

2017-01-01T18:33:28

Updated copyright for 2017

880842cf

2016-12-31T16:14:51

Fixed bug 3531 - internal SDL_vsnprintf implementation access memory outside given buffer ranges Tristan The internal SDL_vsnprintf implementation accesses memory outside buffer. The bug existed also inside the format (%) processing, which was fixed with Bug 3441. But there is still an invalid access, if we do not have any format inside the source string and the destination string is shorter than the format string. You can use any string for this test, as long it is longer than the buffer. Example: va_list argList; char buffer[4]; SDL_vsnprintf(buffer, sizeof(buffer), "Testing", argList); The bug is located on the 'else' branch of the format char test: while (*fmt) { if (*fmt == '%') { ... } else { if (left > 1) { *text = *fmt; --left; } ++fmt; ++text; } } if (left > 0) { *text = '\0'; } As you can see that text is always incremented, even when left is already one. When then on the last lines, *text is assigned the NULL char, the pointer is located outside bounds.

57d01d7d

2016-11-13T22:57:41

Patch from Sylvain to fix clang warnings

74e1dd4c

2016-11-11T13:14:00

Define _GNU_SOURCE when building SDL

46f44f66

2016-10-04T14:25:31

Fixed potential buffer overflow in SDL_vsnprintf() (thanks, Taylor!). Fixes Bugzilla #3441. "When using internal SDL_vsnprintf(), and source string length is greater than destination, the final NULL char will be written beyond destination size. Primary issue that is SDL_strlcpy returns length of source string (SDL_PrintString()), not how much is written to destination. The destination ptr is then incremented by this length before the sanity check is done. Destination string is properly terminated, but an extra NULL char will be written beyond destination buffer length. Patch used internally is attached which fixes primary issue with SDL_strlcpy() in SDL_PrintString() and adjusts sanity checks to increment destination ptr safely."

42065e78

2016-01-02T10:10:34

0e45984f

2015-06-21T17:33:46

Fixed crash if initialization of EGL failed but was tried again later. The internal function SDL_EGL_LoadLibrary() did not delete and remove a mostly uninitialized data structure if loading the library first failed. A later try to use EGL then skipped initialization and assumed it was previously successful because the data structure now already existed. This led to at least one crash in the internal function SDL_EGL_ChooseConfig() because a NULL pointer was dereferenced to make a call to eglBindAPI().

kc3-lang/SDL/src/stdlib/SDL_string.c

src/stdlib/SDL_string.c

Log