Noticed this in SDL-1.2 where gcc-13 emits a -Wuse-after-free warning.
No such warning in SDL2 and SDL3, because unlike SDL1.2, SDL_realloc()
is not a macro expanding to libc realloc(). It warns, of course, if
SDL_realloc() is replaced with plain realloc():
src/stdlib/SDL_iconv.c: In function 'SDL_iconv_string_REAL':
src/stdlib/SDL_iconv.c:824:39: warning: pointer 'oldstring' may be used after 'realloc' [-Wuse-after-free]
824 | outbuf = string + (outbuf - oldstring);
| ~~~~~~~~^~~~~~~~~~~~
src/stdlib/SDL_iconv.c:818:30: note: call to 'realloc' here
818 | string = (char *)realloc(string, stringsize + sizeof(Uint32));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(cherry picked from commit 2205626816)
- check libiconv with a linkage test with iconv.h included
- check libc iconv with a linkage test with iconv.h included
and LIBICONV_PLUG defined (in case libiconv header is in
include path)
- add new configuration option to prefer iconv from libiconv,
if available, over the libc version, defaults to disabled:
SDL_LIBICONV for cmake, --enable-libiconv for autotools.
- change FreeBSD specific LIBICONV_PLUG define in SDL_iconv.c
to configuration result.
We don't necessarily know the size of the output characters, so do a full 32-bit zero termination on the output string.
This fixes garbage at the end of Windows clipboard text
(cherry picked from commit ecbbac7c72)
Before this, the function could not be used on buffers,
as it would not account for the zero-termination unless
it was included in the input.
(cherry picked from commit 5f5abb6805)
I updated .clang-format and ran clang-format 14 over the src and test directories to standardize the code base.
In general I let clang-format have it's way, and added markup to prevent formatting of code that would break or be completely unreadable if formatted.
The script I ran for the src directory is added as build-scripts/clang-format-src.sh
This fixes:
#6592#6593#6594
(cherry picked from commit 5750bcb174)
* Add braces after if conditions
* More add braces after if conditions
* Add braces after while() conditions
* Fix compilation because of macro being modified
* Add braces to for loop
* Add braces after if/goto
* Move comments up
* Remove extra () in the 'return ...;' statements
* More remove extra () in the 'return ...;' statements
* More remove extra () in the 'return ...;' statements after merge
* Fix inconsistent patterns are xxx == NULL vs !xxx
* More "{}" for "if() break;" and "if() continue;"
* More "{}" after if() short statement
* More "{}" after "if () return;" statement
* More fix inconsistent patterns are xxx == NULL vs !xxx
* Revert some modificaion on SDL_RLEaccel.c
* SDL_RLEaccel: no short statement
* Cleanup 'if' where the bracket is in a new line
* Cleanup 'while' where the bracket is in a new line
* Cleanup 'for' where the bracket is in a new line
* Cleanup 'else' where the bracket is in a new line
(cherry picked from commit 6a2200823c to reduce conflicts merging between SDL2 and SDL3)
Case fallthrough warnings can be suppressed using the __fallthrough__
compiler attribute. Unfortunately, not all compilers have this
attribute, or even have __has_attribute to check if they have the
__fallthrough__ attribute. [[fallthrough]] is also available in C++17
and the next C2x, but not everyone uses C++17 or C2x.
So define the SDL_FALLTHROUGH macro to deal with those problems - if we
are using C++17 or C2x, it expands to [[fallthrough]]; else if the
compiler has __has_attribute and has the __fallthrough__ attribute, then
it expands to __attribute__((__fallthrough__)); else it expands to an
empty statement, with a /* fallthrough */ comment (it's a do {} while
(0) statement, because users of this macro need to use a semicolon,
because [[fallthrough]] and __attribute__((__fallthrough__)) require a
semicolon).
Clang before Clang 10 and GCC before GCC 7 have problems with using
__attribute__ as a sole statement and warn about a "declaration not
declaring anything", so fall back to using the /* fallthrough */ comment
if we are using those older compiler versions.
Applications using SDL are also free to use this macro (because it is
defined in begin_code.h).
All existing /* fallthrough */ comments have been replaced with this
macro. Some of them were unnecessary because they were the last case in
a switch; using SDL_FALLTHROUGH in those cases would result in a compile
error on compilers that support __fallthrough__, for having a
__attribute__((__fallthrough__)) statement that didn't immediately
precede a case label.
Case fallthrough warnings can be suppressed using the __fallthrough__
compiler attribute. Unfortunately, not all compilers have this
attribute, or even have __has_attribute to check if they have the
__fallthrough__ attribute. [[fallthrough]] is also available in C++17
and the next C2x, but not everyone uses C++17 or C2x.
So define the SDL_FALLTHROUGH macro to deal with those problems - if we
are using C++17 or C2x, it expands to [[fallthrough]]; else if the
compiler has __has_attribute and has the __fallthrough__ attribute, then
it expands to __attribute__((__fallthrough__)); else it expands to an
empty statement, with a /* fallthrough */ comment (it's a do {} while
(0) statement, because users of this macro need to use a semicolon,
because [[fallthrough]] and __attribute__((__fallthrough__)) require a
semicolon).
Applications using SDL are also free to use this macro (because it is
defined in begin_code.h).
All existing /* fallthrough */ comments have been replaced with this
macro. Some of them were unnecessary because they were the last case in
a switch; using SDL_FALLTHROUGH in those cases would result in a compile
error on compilers that support __fallthrough__, for having a
__attribute__((__fallthrough__)) statement that didn't immediately
precede a case label.
This prevents conflicts with hidapi linked with applications, as well as allowing applications to make use of HIDAPI on Android and other platforms that might not normally have an implementation available.
This is needed to support CHERI, and thus Arm's experimental Morello
prototype, where pointers are implemented using unforgeable capabilities
that include bounds and permissions metadata to provide fine-grained
spatial and referential memory safety, as well as revocation by sweeping
memory to provide heap temporal memory safety.
On most systems (anything with a flat memory hierarchy rather than using
segment-based addressing), size_t and uintptr_t are the same type.
However, on CHERI, size_t is just an integer offset, whereas uintptr_t
is still a capability as described above. Casting a pointer to size_t
will strip the metadata and validity tag, and casting from size_t to a
pointer will result in a null-derived capability whose validity tag is
not set, and thus cannot be dereferenced without faulting.
The audio and cursor casts were harmless as they intend to stuff an
integer into a pointer, but using uintptr_t is the idiomatic way to do
that and silences our compiler warnings (which our build tool makes
fatal by default as they often indicate real problems). The iconv and
egl casts were true positives as SDL_iconv_t and iconv_t are pointer
types, as is NativeDisplayType on most OSes, so this would have trapped
at run time when using the round-tripped pointers. The gles2 casts were
also harmless; the OpenGL API defines this argument to be a pointer type
(and uses the argument name "pointer"), but it in fact represents an
integer offset, so like audio and cursor the additional idiomatic cast
is needed to silence the warning.
ciremo6483
In `SDL_iconv_string` the `while (inbytesleft > 0)` loop can end up in a state where it never terminates because the library `iconv` function called from `SDL_iconv` doesn't consume any bytes.
This happened when a `WCHAR_T` input string was being converted to `UTF-8` but contained invalid characters. It would first It would first skip a few bytes due to `case SDL_ICONV_EILSEQ` but when there were 3 bytes remaining of `inbytesleft` `iconv` just didn't consume anything more (but didn't throw an error either).
It just so happens that the Microsoft Classic IntelliMouse `product_string` contains such invalid characters (`"Microsoft? Classic IntelliMouse?"`), meaning the function would get stuck with said mouse plugged in.
A fix for this would be to check if `inbytesleft` was unchanged after an iteration and in that case either decrement the counter like when `SDL_ICONV_EILSEQ` is returned or simply break the loop.
Ryan C. Gordon
We still include iconv.h in SDL_stdinc.h, probably because this header might have referenced the native iconv functions and types directly. Since these are hidden behind a stable ABI now and never just a #define for the system iconv, we shouldn't need this header included from a public SDL header anymore, slowing down external apps compiles and pulling tons of stuff into the namespace.
The internal function SDL_EGL_LoadLibrary() did not delete and remove a mostly
uninitialized data structure if loading the library first failed. A later try to
use EGL then skipped initialization and assumed it was previously successful
because the data structure now already existed. This led to at least one crash
in the internal function SDL_EGL_ChooseConfig() because a NULL pointer was
dereferenced to make a call to eglBindAPI().
