From f6f4664ed1c75663e71ab4e39f6de0909fcb5106 Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Tue, 5 May 2026 08:53:01 -0700 Subject: [PATCH] Fixed rare cursor corruption on Windows If the cursor was created with a temporary surface that was pointing at external memory, then when the cursor is used it might be referencing memory that had already been freed. --- src/video/windows/SDL_windowsmouse.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/video/windows/SDL_windowsmouse.c b/src/video/windows/SDL_windowsmouse.c index 2cd4e726f3..3e7772b451 100644 --- a/src/video/windows/SDL_windowsmouse.c +++ b/src/video/windows/SDL_windowsmouse.c @@ -148,9 +148,23 @@ static SDL_Cursor *WIN_CreateAnimatedCursorAndData(SDL_CursorFrameInfo *frames, data->hot_y = hot_y; data->num_frames = frame_count; for (int i = 0; i < frame_count; ++i) { - data->frames[i].surface = frames[i].surface; + SDL_Surface *surface = frames[i].surface; + if (surface->flags & SDL_SURFACE_PREALLOCATED) { + surface = SDL_DuplicateSurface(surface); + if (!surface) { + while (i > 0) { + --i; + SDL_DestroySurface(data->frames[i].surface); + } + SDL_free(data); + SDL_free(cursor); + return NULL; + } + } else { + ++surface->refcount; + } + data->frames[i].surface = surface; data->frames[i].duration = frames[i].duration; - ++frames[i].surface->refcount; } cursor->internal = data; return cursor;