From 5ef6f8e30fedb3132777461c7d0996b9b7af84ce Mon Sep 17 00:00:00 2001
From: Sam Lantinga <slouken@libsdl.org>
Date: Sun, 1 Jan 2012 16:58:00 -0500
Subject: [PATCH] Fixed bug 1337 - joystick crash due to heap corruption with
 btnx

---
 src/joystick/SDL_joystick.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/joystick/SDL_joystick.c b/src/joystick/SDL_joystick.c
index 8b41ca606..9bc6e5864 100755
--- a/src/joystick/SDL_joystick.c
+++ b/src/joystick/SDL_joystick.c
@@ -427,6 +427,11 @@ SDL_PrivateJoystickAxis(SDL_Joystick * joystick, Uint8 axis, Sint16 value)
 {
     int posted;
 
+    /* Make sure we're not getting garbage events */
+    if (axis >= joystick->naxes) {
+        return 0;
+    }
+
     /* Update internal joystick state */
     joystick->axes[axis] = value;
 
@@ -454,6 +459,11 @@ SDL_PrivateJoystickHat(SDL_Joystick * joystick, Uint8 hat, Uint8 value)
 {
     int posted;
 
+    /* Make sure we're not getting garbage events */
+    if (hat >= joystick->nhats) {
+        return 0;
+    }
+
     /* Update internal joystick state */
     joystick->hats[hat] = value;
 
@@ -482,6 +492,11 @@ SDL_PrivateJoystickBall(SDL_Joystick * joystick, Uint8 ball,
 {
     int posted;
 
+    /* Make sure we're not getting garbage events */
+    if (ball >= joystick->nballs) {
+        return 0;
+    }
+
     /* Update internal mouse state */
     joystick->balls[ball].dx += xrel;
     joystick->balls[ball].dy += yrel;
@@ -526,6 +541,11 @@ SDL_PrivateJoystickButton(SDL_Joystick * joystick, Uint8 button, Uint8 state)
     }
 #endif /* !SDL_EVENTS_DISABLED */
 
+    /* Make sure we're not getting garbage events */
+    if (button >= joystick->nbuttons) {
+        return 0;
+    }
+
     /* Update internal joystick state */
     joystick->buttons[button] = state;