>Number:         34738
>Category:       pkg
>Synopsis:       devel/SDL: patch-aa adds bugs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Oct 07 00:20:00 +0000 2006
>Originator:     Christian Biere
>Release:        NetBSD 4.99.3
>Environment:
System: NetBSD cyclonus 4.99.3 NetBSD 4.99.3 (STARSCREAM) #0: Mon Oct 2 23:04:22 CEST 2006 src@cyclonus:/o/NetBSD/obj/sys/arch/i386/compile/STARSCREAM i386
Architecture: i386
Machine: i386
>Description:
patch-aa uses strncat() incorrectly which could cause a buffer overflow. Further,
the patch mixes code and declaration of variables. I don't know whether SDL
aims to be compilable by C89 compilers but the patch would definitely break this.
I've also removed the NUL-termination after strncat(). strncat() always terminates
strings unlike strncpy().

>How-To-Repeat:
>Fix:

$NetBSD$

--- src/loadso/dlopen/SDL_sysloadso.c.orig	2006-05-01 10:02:37.000000000 +0200
+++ src/loadso/dlopen/SDL_sysloadso.c	2006-10-07 01:27:33.000000000 +0200
@@ -31,9 +31,32 @@
 
 #include "SDL_loadso.h"
 
+static void *get_dlopen_handle(const char *sofile)
+{
+	static const char * const libdirs[] = {
+		PREFIX "/lib/",
+		X11BASE "/lib/",
+	};
+	unsigned i;
+	void *handle;
+
+	for (i = 0; i < sizeof libdirs / sizeof libdirs[0]; i++) {
+		char buf[1024];
+
+		strncpy(buf, libdirs[i], sizeof(buf) - 1);
+		buf[sizeof(buf) - 1] = '\0';
+		strncat(buf, sofile, sizeof(buf) - strlen(buf) - 1);
+
+		handle = dlopen(buf, RTLD_NOW);
+		if (handle)
+			break;
+	}
+	return handle;
+}
+
 void *SDL_LoadObject(const char *sofile)
 {
-	void *handle = dlopen(sofile, RTLD_NOW);
+	void *handle = get_dlopen_handle(sofile);
 	const char *loaderror = (char *)dlerror();
 	if ( handle == NULL ) {
 		SDL_SetError("Failed loading %s: %s", sofile, loaderror);