This is needed to support CHERI, and thus Arm's experimental Morello
prototype, where pointers are implemented using unforgeable capabilities
that include bounds and permissions metadata to provide fine-grained
spatial and referential memory safety, as well as revocation by sweeping
memory to provide heap temporal memory safety.
On most systems (anything with a flat memory hierarchy rather than using
segment-based addressing), size_t and uintptr_t are the same type.
However, on CHERI, size_t is just an integer offset, whereas uintptr_t
is still a capability as described above. Casting a pointer to size_t
will strip the metadata and validity tag, and casting from size_t to a
pointer will result in a null-derived capability whose validity tag is
not set, and thus cannot be dereferenced without faulting.
The audio and cursor casts were harmless as they intend to stuff an
integer into a pointer, but using uintptr_t is the idiomatic way to do
that and silences our compiler warnings (which our build tool makes
fatal by default as they often indicate real problems). The iconv and
egl casts were true positives as SDL_iconv_t and iconv_t are pointer
types, as is NativeDisplayType on most OSes, so this would have trapped
at run time when using the round-tripped pointers. The gles2 casts were
also harmless; the OpenGL API defines this argument to be a pointer type
(and uses the argument name "pointer"), but it in fact represents an
integer offset, so like audio and cursor the additional idiomatic cast
is needed to silence the warning.
SDL_isxdigit() should only accept A-Fa-f, not A-Za-z (it shouldn't use
SDL_isalpha()).
SDL_ispunct() shouldn't accept spaces (it should use SDL_isgraph()
instead).
SDL has been missing a bunch of these 'isX' functions for some time,
where X is some characteristic of a given character.
This commit adds the rest of them to the SDL stdlib, so now we have:
- SDL_isalpha()
- SDL_isalnum()
- SDL_isblank()
- SDL_iscntrl()
- SDL_isxdigit()
- SDL_ispunct()
- SDL_isprint()
- SDL_isgraph()
Cameron Cawley
stdlib: Added SDL_round, SDL_roundf, SDL_lround and SDL_lroundf
The default implementation is based on the one used in the Windows RT video driver.
dark_sylinc
Trying to build SDL with VS2019 using CMake will encounter a linking error
More specifically:
1>SDL_string.obj : error LNK2019: unresolved external symbol memset referenced in function SDL_vsnprintf_REAL
ciremo6483
In `SDL_iconv_string` the `while (inbytesleft > 0)` loop can end up in a state where it never terminates because the library `iconv` function called from `SDL_iconv` doesn't consume any bytes.
This happened when a `WCHAR_T` input string was being converted to `UTF-8` but contained invalid characters. It would first It would first skip a few bytes due to `case SDL_ICONV_EILSEQ` but when there were 3 bytes remaining of `inbytesleft` `iconv` just didn't consume anything more (but didn't throw an error either).
It just so happens that the Microsoft Classic IntelliMouse `product_string` contains such invalid characters (`"Microsoft? Classic IntelliMouse?"`), meaning the function would get stuck with said mouse plugged in.
A fix for this would be to check if `inbytesleft` was unchanged after an iteration and in that case either decrement the counter like when `SDL_ICONV_EILSEQ` is returned or simply break the loop.
it used to place zeroes between the sign and the number. (space-padding
from within SDL_PrintString() seems OK: spaces are added before sign.)
also fixed the maxlen handling if the number has a sign.
- remove force-enabling of pad_zeroes for %u for compatibility
(was added in https://hg.libsdl.org/SDL/rev/701f4a25df89)
- ignore pad_zeroes for %s and %S
- ignore pad_zeroes for %d, %i and %u if a precision is given
The change makes sure that SDL_vsnprintf() nul terminates if it is
using _vsnprintf() for the job.
I made this patch for Watcom, whose _vsnprintf() doesn't guarantee
nul termination. The preprocessor check can be extended to windows
in general too, if required.
Closes bug #3769.
Coriiander
Here is a minor correction for a non-breaking mistake in SDL_setenv for __WIN32__ platform. See below for details.
FILE:
"SDL/src/stdlib/SDL_getenv.c"
FUNCTION: (__WIN32__ platform)
int SDL_setenv(const char *name, const char *value, int overwrite)
CODE:
if (!overwrite) {
char ch = 0;
const size_t len = GetEnvironmentVariableA(name, &ch, sizeof (ch));
if (len > 0) {
return 0; /* asked not to overwrite existing value. */
}
}
WHAT'S WRONG:
The 3th argument to GetEnvironmentVariable (being DWORD nSize) must be the number of characters, not the number of bytes. SDL currently passes "the size of 1 char", rather "1". While it is non-breaking (1=1 after all), it is incorrect. Furthermore there is no need to specify the 2nd and 3th arguments at all.
CORRECTION 1: (corrected argument_
if (!overwrite) {
char ch = 0;
const size_t len = GetEnvironmentVariableA(name, &ch, 1);
if (len > 0) {
return 0; /* asked not to overwrite existing value. */
}
}
CORRECTION 2: (stripped of unneeded code)
if (!overwrite) {
if (GetEnvironmentVariableA(name, NULL, 0) > 0) {
return 0; /* asked not to overwrite existing value. */
}
}
Like other C runtimes, it should probably produce the string "(null)".
This bug probably only affected Windows, as most platforms use their standard
C runtime's snprintf().
Tristan
The internal SDL_vsnprintf implementation accesses memory outside buffer. The bug existed also inside the format (%) processing, which was fixed with Bug 3441.
But there is still an invalid access, if we do not have any format inside the source string and the destination string is shorter than the format string. You can use any string for this test, as long it is longer than the buffer.
Example:
va_list argList;
char buffer[4];
SDL_vsnprintf(buffer, sizeof(buffer), "Testing", argList);
The bug is located on the 'else' branch of the format char test:
while (*fmt) {
if (*fmt == '%') {
...
} else {
if (left > 1) {
*text = *fmt;
--left;
}
++fmt;
++text;
}
}
if (left > 0) {
*text = '\0';
}
As you can see that text is always incremented, even when left is already one. When then on the last lines, *text is assigned the NULL char, the pointer is located outside bounds.
Mark Pizzolato
On Windows with Visual Studio, when building SDL as a static library using the x86 (32bit) mode, several intrinsic operations are implemented in code in SDL_stdlib.c.
One of these, _allshr() is not properly implemented and fails for some input. As a result, some operations on 64bit data elements (long long) don't always work.
I classified this bug as a blocker since things absolutely don't work when the affected code is invoked. The affected code is only invoked when SDL is compiled in x86 mode on Visual Studio when building a SDL as a static library. This build environment isn't common, and hence the bug hasn't been noticed previously.
I reopened#2537 and mentioned this problem and provided a fix. That fix is provided again here along with test code which could be added to some of the SDL test code. This test code verifies that the x86 intrinsic routines produce the same results as the native x64 instructions which these routines emulate under the Microsoft compiler. The point of the tests is to make sure that Visual Studio x86 code produces the same results as Visual Studio x64 code. Some of the arguments (or boundary conditions) may produce different results on other compiler environments, so the tests really shouldn't be run on all compilers. The test driver only actually exercised code when the compiler defines _MSC_VER, so the driver can generically be invoked without issue.
Ryan C. Gordon
We still include iconv.h in SDL_stdinc.h, probably because this header might have referenced the native iconv functions and types directly. Since these are hidden behind a stable ABI now and never just a #define for the system iconv, we shouldn't need this header included from a public SDL header anymore, slowing down external apps compiles and pulling tons of stuff into the namespace.
Fixes Bugzilla #3441.
"When using internal SDL_vsnprintf(), and source string length is greater
than destination, the final NULL char will be written beyond destination size.
Primary issue that is SDL_strlcpy returns length of source string
(SDL_PrintString()), not how much is written to destination. The destination
ptr is then incremented by this length before the sanity check is done.
Destination string is properly terminated, but an extra NULL char will be
written beyond destination buffer length.
Patch used internally is attached which fixes primary issue with SDL_strlcpy()
in SDL_PrintString() and adjusts sanity checks to increment destination ptr
safely."
Martin Gerhardy
According to https://msdn.microsoft.com/de-de/library/2kzt1wy3%28v=vs.120%29.aspx when one is using /MT for msvc compilations the libcmt.lib is already linked to the binary. This lib includes the symbol that is now guarded (see attached patch) by the #ifndef _MT.
