Home Explore Help
Sign In
lenn
/
libsdl-org-mirror
mirror of https://github.com/libsdl-org/SDL.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix stack address escape in SDL_CameraDevicePermissionOutcome()

If allocation of 'p' fails, 'pending_tail' points to 'pending'.
Mathieu Eyraud 10 months ago
parent
c226630086
commit
43c2b42517
1 changed files with 8 additions and 6 deletions
Split View Show Diff Stats
  1. 8 6
      src/camera/SDL_camera.c

+ 8 - 6
src/camera/SDL_camera.c
View File 

@@ -599,12 +599,14 @@ void SDL_CameraDevicePermissionOutcome(SDL_CameraDevice *device, SDL_bool approv
 
 
     ReleaseCameraDevice(device);
 
 
-    SDL_LockRWLockForWriting(camera_driver.device_hash_lock);
 
-    SDL_assert(camera_driver.pending_events_tail != NULL);
 
-    SDL_assert(camera_driver.pending_events_tail->next == NULL);
 
-    camera_driver.pending_events_tail->next = pending.next;
 
-    camera_driver.pending_events_tail = pending_tail;
 
-    SDL_UnlockRWLock(camera_driver.device_hash_lock);
 
+    if (pending.next) {  // NULL if event is disabled or disaster struck.
 
+        SDL_LockRWLockForWriting(camera_driver.device_hash_lock);
 
+        SDL_assert(camera_driver.pending_events_tail != NULL);
 
+        SDL_assert(camera_driver.pending_events_tail->next == NULL);
 
+        camera_driver.pending_events_tail->next = pending.next;
 
+        camera_driver.pending_events_tail = pending_tail;
 
+        SDL_UnlockRWLock(camera_driver.device_hash_lock);
 
+    }
 
 }