sdl-ios-xcode: src/video/SDL_stretch.c comparison

comparison src/video/SDL_stretch.c @ 4355:9b464226e541 SDL-1.2

Fixed bug #855 Ludwig Nussel 2009-10-18 06:31:52 PDT an mprotect call was added to fix bug 528. However that results in a buffer that allows writing and code execution. Ie the no-execute security features of modern operating systems are defeated this way. Two mprotect calls are needed. One to make the buffer executable but not writeable when done and another one to make the buffer writeable again if the content needs to be changed.

author	Sam Lantinga <slouken@libsdl.org>
date	Sun, 18 Oct 2009 17:31:37 +0000
parents	a1b03ba2fcd0
children	ab2dfac9d5c1

comparison

equal deleted inserted replaced

-:1e191391e68d
+:9b464226e541
 		break;
 	    default:
 		SDL_SetError("ASM stretch of %d bytes isn't supported\n", bpp);
 		return(-1);
 	}
+#ifdef HAVE_MPROTECT
+	/* Make the code writeable */
+	if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_WRITE) < 0 ) {
+		SDL_SetError("Couldn't make copy buffer writeable");
+		return(-1);
+	}
+#endif
 	pos = 0x10000;
 	inc = (src_w << 16) / dst_w;
 	eip = copy_row;
 	for ( i=0; i<dst_w; ++i ) {
 		while ( pos >= 0x10000L ) {
 	if ( eip > (copy_row+sizeof(copy_row)) ) {
 		SDL_SetError("Copy buffer overflow");
 		return(-1);
 	}
 #ifdef HAVE_MPROTECT
-	/* Make the code executable */
+	/* Make the code executable but not writeable */
-	if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_WRITE|PROT_EXEC) < 0 ) {
+	if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_EXEC) < 0 ) {
 		SDL_SetError("Couldn't make copy buffer executable");
 		return(-1);
 	}
 #endif
 	last.status = 0;

Mercurial > sdl-ios-xcode

comparison src/video/SDL_stretch.c @ 4355:9b464226e541 SDL-1.2