From eb97bff0bd6946b2fc8363de068d421048285636 Mon Sep 17 00:00:00 2001 From: Sam Lantinga Date: Wed, 17 Apr 2013 01:32:06 -0700 Subject: [PATCH] Fixed bug 1802 - NULL pointer dereference in SDL_AllocRW() if out of memory. Philipp Wiesemann There is a NULL pointer dereference in SDL_AllocRW() if the system is out of memory. The "type" field is always written. This may be fixed with an early return. Or an else{} or not writing the field and using slower SDL_calloc(). This fault was recently introduced (http://hg.libsdl.org/SDL/rev/681820ca0e78). --- src/file/SDL_rwops.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/file/SDL_rwops.c b/src/file/SDL_rwops.c index ec4f5be8f..44b0e8407 100644 --- a/src/file/SDL_rwops.c +++ b/src/file/SDL_rwops.c @@ -628,8 +628,9 @@ SDL_AllocRW(void) area = (SDL_RWops *) SDL_malloc(sizeof *area); if (area == NULL) { SDL_OutOfMemory(); + } else { + area->type = SDL_RWOPS_UNKNOWN; } - area->type = SDL_RWOPS_UNKNOWN; return (area); }