geemili
/
SDL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check for device disconnection in HIDAPI_JoystickOpen() 

HIDAPI joystick drivers may call HIDAPI_JoystickDisconnected() in their
UpdateDevice() function during HIDAPI_JoystickOpen(). If they do this
today, the opened joystick will end up partially initialized (no name,
path, mapping GUID, etc.) because HIDAPI_GetDeviceByIndex() will no
longer be able to find the SDL_HIDAPI_Device for the removed joystick.

Worse still, joystick->hwdata->device becomes a dangling freed pointer
the next time HIDAPI_UpdateDeviceList() is called. This leads to a UAF
when the application or SDL calls SDL_JoystickClose() on this joystick.

Fix all this by checking if the device no longer has any associated
joysticks after calling UpdateDevice() and failing the open call if so.
main
Cameron Gutman 2023-10-17 21:41:30 -05:00
parent b733adb503
commit 435e7ce663
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/joystick/hidapi/SDL_hidapijoystick.c
View File

@ -1440,6 +1440,12 @@ static int HIDAPI_JoystickOpen(SDL_Joystick *joystick, int device_index)
device->updating = SDL_FALSE;
SDL_UnlockMutex(device->dev_lock);
/* UpdateDevice() may have called HIDAPI_JoystickDisconnected() if the device went away */
if (device->num_joysticks == 0) {
SDL_free(hwdata);
return SDL_SetError("HIDAPI device disconnected while opening");
}
if (!device->driver->OpenJoystick(device, joystick)) {
/* The open failed, mark this device as disconnected and update devices */
HIDAPI_JoystickDisconnected(device, joystickID);