From dd30160c547ca0032d3c6d16fcf8d8cbb3c3d583 Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Sun, 1 Jan 2012 16:55:06 -0500
Subject: [PATCH] Fixed bug 1337 - joystick crash due to heap corruption with
 btnx

---
 src/joystick/SDL_joystick.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/joystick/SDL_joystick.c b/src/joystick/SDL_joystick.c
index a849a9894..083b01701 100644
--- a/src/joystick/SDL_joystick.c
+++ b/src/joystick/SDL_joystick.c
@@ -433,6 +433,11 @@ int SDL_PrivateJoystickAxis(SDL_Joystick *joystick, Uint8 axis, Sint16 value)
 {
 	int posted;
 
+	/* Make sure we're not getting garbage events */
+	if (axis >= joystick->naxes) {
+		return 0;
+	}
+
 	/* Update internal joystick state */
 	joystick->axes[axis] = value;
 
@@ -458,6 +463,11 @@ int SDL_PrivateJoystickHat(SDL_Joystick *joystick, Uint8 hat, Uint8 value)
 {
 	int posted;
 
+	/* Make sure we're not getting garbage events */
+	if (hat >= joystick->nhats) {
+		return 0;
+	}
+
 	/* Update internal joystick state */
 	joystick->hats[hat] = value;
 
@@ -484,6 +494,11 @@ int SDL_PrivateJoystickBall(SDL_Joystick *joystick, Uint8 ball,
 {
 	int posted;
 
+	/* Make sure we're not getting garbage events */
+	if (ball >= joystick->nballs) {
+		return 0;
+	}
+
 	/* Update internal mouse state */
 	joystick->balls[ball].dx += xrel;
 	joystick->balls[ball].dy += yrel;
@@ -526,6 +541,11 @@ int SDL_PrivateJoystickButton(SDL_Joystick *joystick, Uint8 button, Uint8 state)
 	}
 #endif /* !SDL_EVENTS_DISABLED */
 
+	/* Make sure we're not getting garbage events */
+	if (button >= joystick->nbuttons) {
+		return 0;
+	}
+
 	/* Update internal joystick state */
 	joystick->buttons[button] = state;