Fixed bug #855 SDL-1.2
authorSam Lantinga <slouken@libsdl.org>
Sun, 18 Oct 2009 17:31:37 +0000
branchSDL-1.2
changeset 43559b464226e541
parent 4354 1e191391e68d
child 4356 ab2dfac9d5c1
Fixed bug #855

Ludwig Nussel 2009-10-18 06:31:52 PDT

an mprotect call was added to fix bug 528. However that results in a buffer
that allows writing and code execution. Ie the no-execute security features of
modern operating systems are defeated this way. Two mprotect calls are needed.
One to make the buffer executable but not writeable when done and another one
to make the buffer writeable again if the content needs to be changed.
src/video/SDL_stretch.c
     1.1 --- a/src/video/SDL_stretch.c	Sun Oct 18 16:23:12 2009 +0000
     1.2 +++ b/src/video/SDL_stretch.c	Sun Oct 18 17:31:37 2009 +0000
     1.3 @@ -103,6 +103,13 @@
     1.4  		SDL_SetError("ASM stretch of %d bytes isn't supported\n", bpp);
     1.5  		return(-1);
     1.6  	}
     1.7 +#ifdef HAVE_MPROTECT
     1.8 +	/* Make the code writeable */
     1.9 +	if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_WRITE) < 0 ) {
    1.10 +		SDL_SetError("Couldn't make copy buffer writeable");
    1.11 +		return(-1);
    1.12 +	}
    1.13 +#endif
    1.14  	pos = 0x10000;
    1.15  	inc = (src_w << 16) / dst_w;
    1.16  	eip = copy_row;
    1.17 @@ -128,8 +135,8 @@
    1.18  		return(-1);
    1.19  	}
    1.20  #ifdef HAVE_MPROTECT
    1.21 -	/* Make the code executable */
    1.22 -	if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_WRITE|PROT_EXEC) < 0 ) {
    1.23 +	/* Make the code executable but not writeable */
    1.24 +	if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_EXEC) < 0 ) {
    1.25  		SDL_SetError("Couldn't make copy buffer executable");
    1.26  		return(-1);
    1.27  	}