Skip to content
This repository has been archived by the owner on Feb 11, 2021. It is now read-only.

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed crash when the game controller mapping hint is set - the hint w…
…as duplicated and not null terminated.
  • Loading branch information
slouken committed Jan 25, 2013
1 parent f9b12b0 commit 32ba874
Showing 1 changed file with 33 additions and 23 deletions.
56 changes: 33 additions & 23 deletions src/joystick/SDL_gamecontroller.c
Expand Up @@ -518,21 +518,26 @@ char *SDL_PrivateGetControllerGUIDFromMappingString( const char *pMapping )
*/
char *SDL_PrivateGetControllerNameFromMappingString( const char *pMapping )
{
const char *pFirstComma = SDL_strchr( pMapping, ',' );
const char *pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
if ( pFirstComma && pSecondComma )
{
char *pchName = SDL_malloc( pSecondComma - pFirstComma );
if ( !pchName )
{
SDL_OutOfMemory();
return NULL;
}
SDL_memcpy( pchName, pFirstComma + 1, pSecondComma - pFirstComma );
pchName[ pSecondComma - pFirstComma - 1 ] = 0;
return pchName;
}
return NULL;
const char *pFirstComma, *pSecondComma;
char *pchName;

pFirstComma = SDL_strchr( pMapping, ',' );
if ( !pFirstComma )
return NULL;

pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
if ( !pSecondComma )
return NULL;

pchName = SDL_malloc( pSecondComma - pFirstComma );
if ( !pchName )
{
SDL_OutOfMemory();
return NULL;
}
SDL_memcpy( pchName, pFirstComma + 1, pSecondComma - pFirstComma );
pchName[ pSecondComma - pFirstComma - 1 ] = 0;
return pchName;
}


Expand All @@ -541,12 +546,17 @@ char *SDL_PrivateGetControllerNameFromMappingString( const char *pMapping )
*/
const char *SDL_PrivateGetControllerMappingFromMappingString( const char *pMapping )
{
const char *pFirstComma = SDL_strchr( pMapping, ',' );
const char *pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
if ( pSecondComma )
return pSecondComma + 1; // mapping is everything after the 3rd comma, no need to malloc it
else
return NULL;
const char *pFirstComma, *pSecondComma;

pFirstComma = SDL_strchr( pMapping, ',' );
if ( !pFirstComma )
return NULL;

pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
if ( !pSecondComma )
return NULL;

return pSecondComma + 1; /* mapping is everything after the 3rd comma, no need to malloc it */
}


Expand Down Expand Up @@ -603,8 +613,8 @@ SDL_GameControllerInit(void)
if ( hint && hint[0] )
{
int nchHints = SDL_strlen( hint );
char *pUserMappings = SDL_malloc( nchHints + 1 );
SDL_memcpy( pUserMappings, hint, nchHints );
char *pUserMappings = SDL_malloc( nchHints + 1 ); /* FIXME: memory leak, but we can't free it in this function because pchMapping below points into this memory */
SDL_memcpy( pUserMappings, hint, nchHints + 1 );
while ( pUserMappings )
{
char *pchGUID;
Expand Down

0 comments on commit 32ba874

Please sign in to comment.