mirror of
https://github.com/libsdl-org/SDL.git
synced 2026-06-26 07:48:42 +00:00
79a846d486
romain.lacroix For the windows implementation of SDL_ShowMessageBox() : ./src/video/windows/SDL_windowsmessagebox.c:345 WIN_ShowMessageBox() The implementation in 2.0.4 uses "button index" for parameter "id" of function AddDialogButton(). It then expects the value provided in param wParam of function MessageBoxDialogProc() to be a valid index of a button. It uses this value to index in the array of buttons when DialogBoxIndirect() returns (line 474 : *buttonid = buttons[which].buttonid;) However, when dismissing this box with Escape, the return value of DialogBoxIndirect will be SDL_MESSAGEBOX_BUTTON_ESCAPEKEY_DEFAULT (=2) which is not always a valid index of array buttons. When the array buttons has a length less or equal than 2, the memory access is invalid; I can see that the value written to *buttonId is uninitialized memory (random value). The fix I propose : use value "buttonid" (field of button) for parameter "id" of AddDialogButton(), then copy return value of DialogBoxIndirect() in *buttonid. This way, we will not use an out-of-bounds index in array buttons. |
||
|---|---|---|
| .. | ||
| atomic | ||
| audio | ||
| core | ||
| cpuinfo | ||
| dynapi | ||
| events | ||
| file | ||
| filesystem | ||
| haptic | ||
| joystick | ||
| libm | ||
| loadso | ||
| main | ||
| power | ||
| render | ||
| stdlib | ||
| test | ||
| thread | ||
| timer | ||
| video | ||
| SDL.c | ||
| SDL_assert.c | ||
| SDL_assert_c.h | ||
| SDL_dataqueue.c | ||
| SDL_dataqueue.h | ||
| SDL_error.c | ||
| SDL_error_c.h | ||
| SDL_hints.c | ||
| SDL_internal.h | ||
| SDL_log.c | ||