On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote: > I have occasional crashes here caused by the X11 backend of SDL2. It seems > to be caused by the X11_Pending function trying to add a high number (> > 1024) file descriptor to a fd_set before doing a select on it to avoid busy > waiting on X11 events. This causes a buffer overflow because the file > descriptor is larger (or equal) than the limit FD_SETSIZE.
I personally experienced this problem while hacking on the python bindings package for SDL2 [1] (while doing make runtest). But it easier to reproduce in a smaller, synthetic testcase. It can be build + tested with: $ gcc `sdl2-config --cflags` testkeys.c `sdl2-config --libs` -o testkeys $ ./testkeys [1] http://anonscm.debian.org/gitweb/?p=collab-maint/pysdl2.git
/*
Copyright (C) 1997-2013 Sam Lantinga <slou...@libsdl.org>
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely.
*/
/* Print out all the scancodes we have, just to verify them */
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include "SDL.h"
#include <sys/select.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
int
main(int argc, char *argv[])
{
SDL_Scancode scancode;
int i;
for (i = 0; i < 2*FD_SETSIZE; i++)
open("/dev/null", 0);
if (SDL_Init(SDL_INIT_VIDEO) < 0) {
fprintf(stderr, "Couldn't initialize SDL: %s\n", SDL_GetError());
exit(1);
}
for (scancode = 0; scancode < SDL_NUM_SCANCODES; ++scancode) {
printf("Scancode #%d, \"%s\"\n", scancode,
SDL_GetScancodeName(scancode));
}
SDL_Quit();
return (0);
}
signature.asc
Description: This is a digitally signed message part.
