# HG changeset patch # User Sam Lantinga # Date 1255887097 0 # Node ID 9b464226e541520dd359323f40a9c8b055a72bd8 # Parent 1e191391e68ddb8535b8bc7e2bc82ab591c631b6 Fixed bug #855 Ludwig Nussel 2009-10-18 06:31:52 PDT an mprotect call was added to fix bug 528. However that results in a buffer that allows writing and code execution. Ie the no-execute security features of modern operating systems are defeated this way. Two mprotect calls are needed. One to make the buffer executable but not writeable when done and another one to make the buffer writeable again if the content needs to be changed. diff -r 1e191391e68d -r 9b464226e541 src/video/SDL_stretch.c --- a/src/video/SDL_stretch.c Sun Oct 18 16:23:12 2009 +0000 +++ b/src/video/SDL_stretch.c Sun Oct 18 17:31:37 2009 +0000 @@ -103,6 +103,13 @@ SDL_SetError("ASM stretch of %d bytes isn't supported\n", bpp); return(-1); } +#ifdef HAVE_MPROTECT + /* Make the code writeable */ + if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_WRITE) < 0 ) { + SDL_SetError("Couldn't make copy buffer writeable"); + return(-1); + } +#endif pos = 0x10000; inc = (src_w << 16) / dst_w; eip = copy_row; @@ -128,8 +135,8 @@ return(-1); } #ifdef HAVE_MPROTECT - /* Make the code executable */ - if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_WRITE|PROT_EXEC) < 0 ) { + /* Make the code executable but not writeable */ + if ( mprotect(copy_row, sizeof(copy_row), PROT_READ|PROT_EXEC) < 0 ) { SDL_SetError("Couldn't make copy buffer executable"); return(-1); }