Added some sanity checks to prevent buffer overflows. SDL-1.2
authorRyan C. Gordon
Fri, 30 Dec 2011 04:04:34 -0500
branchSDL-1.2
changeset 6123ce2493a9cefb
parent 6122 7ba8d4c1b11d
child 6124 f56b95794ac8
Added some sanity checks to prevent buffer overflows.

Fixes Bugzilla #1074. (I think.)
src/joystick/linux/SDL_sysjoystick.c
     1.1 --- a/src/joystick/linux/SDL_sysjoystick.c	Fri Dec 30 04:03:31 2011 -0500
     1.2 +++ b/src/joystick/linux/SDL_sysjoystick.c	Fri Dec 30 04:04:34 2011 -0500
     1.3 @@ -935,6 +935,10 @@
     1.4  	SDL_logical_joydecl(SDL_Joystick *logicaljoy = NULL);
     1.5  	SDL_logical_joydecl(struct joystick_logical_mapping* hats = NULL);
     1.6  
     1.7 +	if (stick->nhats <= hat) {
     1.8 +		return;  /* whoops, that shouldn't happen! */
     1.9 +	}
    1.10 +
    1.11  	the_hat = &stick->hwdata->hats[hat];
    1.12  	if ( value < 0 ) {
    1.13  		value = 0;
    1.14 @@ -973,6 +977,9 @@
    1.15  static __inline__
    1.16  void HandleBall(SDL_Joystick *stick, Uint8 ball, int axis, int value)
    1.17  {
    1.18 +	if ((stick->nballs <= ball) || (axis >= 2)) {
    1.19 +		return;  /* whoops, that shouldn't happen! */
    1.20 +	}
    1.21  	stick->hwdata->balls[ball].axis[axis] += value;
    1.22  }
    1.23