Fixed crash when the game controller mapping hint is set - the hint was duplicated and not null terminated.
authorSam Lantinga <slouken@libsdl.org>
Fri, 25 Jan 2013 14:25:19 -0800
changeset 6823e9d312d26979
parent 6822 18f6818ba281
child 6824 436b5b8a5b98
Fixed crash when the game controller mapping hint is set - the hint was duplicated and not null terminated.
src/joystick/SDL_gamecontroller.c
     1.1 --- a/src/joystick/SDL_gamecontroller.c	Thu Jan 24 07:58:59 2013 -0800
     1.2 +++ b/src/joystick/SDL_gamecontroller.c	Fri Jan 25 14:25:19 2013 -0800
     1.3 @@ -518,21 +518,26 @@
     1.4   */
     1.5  char *SDL_PrivateGetControllerNameFromMappingString( const char *pMapping )
     1.6  {
     1.7 -	const char *pFirstComma = SDL_strchr( pMapping, ',' );
     1.8 -	const char *pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
     1.9 -	if ( pFirstComma && pSecondComma )
    1.10 -	{
    1.11 -		char *pchName = SDL_malloc( pSecondComma - pFirstComma );
    1.12 -		if ( !pchName )
    1.13 -		{
    1.14 -			SDL_OutOfMemory();
    1.15 -			return NULL;
    1.16 -		}
    1.17 -		SDL_memcpy( pchName, pFirstComma + 1, pSecondComma - pFirstComma );
    1.18 -		pchName[ pSecondComma - pFirstComma - 1 ] = 0;
    1.19 -		return pchName;
    1.20 -	}
    1.21 -	return NULL;
    1.22 +	const char *pFirstComma, *pSecondComma;
    1.23 +    char *pchName;
    1.24 +
    1.25 +    pFirstComma = SDL_strchr( pMapping, ',' );
    1.26 +    if ( !pFirstComma )
    1.27 +        return NULL;
    1.28 +
    1.29 +	pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
    1.30 +    if ( !pSecondComma )
    1.31 +        return NULL;
    1.32 +
    1.33 +    pchName = SDL_malloc( pSecondComma - pFirstComma );
    1.34 +    if ( !pchName )
    1.35 +    {
    1.36 +        SDL_OutOfMemory();
    1.37 +        return NULL;
    1.38 +    }
    1.39 +    SDL_memcpy( pchName, pFirstComma + 1, pSecondComma - pFirstComma );
    1.40 +    pchName[ pSecondComma - pFirstComma - 1 ] = 0;
    1.41 +    return pchName;
    1.42  }
    1.43  
    1.44  
    1.45 @@ -541,12 +546,17 @@
    1.46   */
    1.47  const char *SDL_PrivateGetControllerMappingFromMappingString( const char *pMapping )
    1.48  {
    1.49 -	const char *pFirstComma = SDL_strchr( pMapping, ',' );
    1.50 -	const char *pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
    1.51 -	if ( pSecondComma )
    1.52 -		return pSecondComma + 1; // mapping is everything after the 3rd comma, no need to malloc it
    1.53 -	else
    1.54 -		return NULL;
    1.55 +	const char *pFirstComma, *pSecondComma;
    1.56 +
    1.57 +    pFirstComma = SDL_strchr( pMapping, ',' );
    1.58 +    if ( !pFirstComma )
    1.59 +        return NULL;
    1.60 +
    1.61 +	pSecondComma = SDL_strchr( pFirstComma + 1, ',' );
    1.62 +    if ( !pSecondComma )
    1.63 +        return NULL;
    1.64 +
    1.65 +    return pSecondComma + 1; /* mapping is everything after the 3rd comma, no need to malloc it */
    1.66  }
    1.67  
    1.68  
    1.69 @@ -603,8 +613,8 @@
    1.70  		if ( hint && hint[0] )
    1.71  		{
    1.72  			int nchHints = SDL_strlen( hint );
    1.73 -			char *pUserMappings = SDL_malloc( nchHints + 1 );
    1.74 -			SDL_memcpy( pUserMappings, hint, nchHints );
    1.75 +			char *pUserMappings = SDL_malloc( nchHints + 1 ); /* FIXME: memory leak, but we can't free it in this function because pchMapping below points into this memory */
    1.76 +			SDL_memcpy( pUserMappings, hint, nchHints + 1 );
    1.77  			while ( pUserMappings )
    1.78  			{
    1.79  				char *pchGUID;