Bug#733015: [libsdl2-2.0-0] SDL2 X11 driver buffer overflow with large X11 file descriptor

Sven Eckelmann sven at narfation.org
Tue Dec 24 08:24:56 UTC 2013

On Tuesday 24 December 2013 00:43:13 Sven Eckelmann wrote:
> I have occasional crashes here caused by the X11 backend of SDL2. It seems
> to be caused by the X11_Pending function trying to add a high number (>
> 1024) file descriptor to a fd_set before doing a select on it to avoid busy
> waiting on X11 events. This causes a buffer overflow because the file
> descriptor is larger (or equal) than the limit FD_SETSIZE.

I personally experienced this problem while hacking on the python bindings 
package for SDL2 [1] (while doing make runtest). But it easier to reproduce in 
a smaller, synthetic testcase.

It can be build + tested with:

$ gcc `sdl2-config --cflags` testkeys.c `sdl2-config --libs` -o testkeys
$ ./testkeys

[1] http://anonscm.debian.org/gitweb/?p=collab-maint/pysdl2.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testkeys.c
Type: text/x-csrc
Size: 1134 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-sdl-maintainers/attachments/20131224/7305a026/attachment.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-sdl-maintainers/attachments/20131224/7305a026/attachment.sig>

More information about the Pkg-sdl-maintainers mailing list