If we write directly to filenames in /tmp, we're subject to
time-of-check/time-of-use symlink attacks on most systems (although
recent Linux kernels mitigate these by default). We can avoid these
attacks by securely creating a directory owned by our own uid,
and doing all our file I/O in that directory. Other uids cannot create
symbolic links in that directory, so we are protected from symlink
attacks.
This does not protect us from an attacker that is running with the same
uid, but if such an attacker exists, then we have already lost.
Resolves: https://github.com/libsdl-org/SDL/issues/11887
Signed-off-by: Simon McVittie <smcv@collabora.com>
We are expecting a specific ABI (we can see that from the declarations
listed in this file) and the whole point of SONAME versioning is to
say that the library conforms to a specific ABI. If the SONAME is not
the one we expect, then calling its functions is likely to crash.
As usual, an exception to this is that OpenBSD does not use SONAME
versioning.
Signed-off-by: Simon McVittie <smcv@collabora.com>
We use GTK 3 functions in this file, so we cannot load a libappindicator
whose SONAME indicates that it is using GTK 2.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Apply the supplied xdg-toplevel bounds to resizable windows during initial mapping. Libdecor functionality will have to be added separately, as the functionality needs to be added to the library first.
When using the libappindicator/gtk/unix Tray backend, the background
thread which calls gtk_main() is never destroyed. This means that we
detect a leaked thread as SDL_Quit().
Instead, tell gtk to shut down its main loop when no tray icons are
active. This fixes the issue here: SDL notices no leak, and repeatedly
creating / destroying tray icons seems to work fine.
Signed-off-by: David Gow <david@ingeniumdigital.com>
There are many recoverable errors that may happen internally and can be safely ignored if the public API doesn't return an error code. Seeing them causes lots of developer anxiety and they generally aren't helpful.
Fixes https://github.com/libsdl-org/SDL/issues/11813
This hint defaults on, enabling advanced controller features.
This replaces SDL_HINT_JOYSTICK_HIDAPI_PS4_RUMBLE and SDL_HINT_JOYSTICK_HIDAPI_PS5_RUMBLE, and is supported by PlayStation and Nintendo Switch controllers.
Fixes https://github.com/libsdl-org/SDL/issues/10086
If you're not using SDL for video you won't get raw input messages without this hint, and this is tripping up enough people it makes sense to have this enabled by default. There isn't much downside to this, other than having another thread processing Xbox controller input.
Fixes https://github.com/libsdl-org/SDL/issues/10576
Sometimes we'll get a Windows.Gaming.Input callback before the raw input device is even in the list, so try some other methods to better detect XInput devices.
The FORCEINLINE macro is also used by Windows SDK headers.
When it is an empty macro, FORCEINLINE-d functions will
get global visibility error and cause duplicate symbol link errors.
HRESULT_FROM_WIN32 is such a function.
Simon McVittie
Sam Lantinga
Ryan C. Gordon
Ozkan Sezer
Frank Praznik
David Gow
Erik Soma
Semphris
Katelyn Gadd
Susko3
Anonymous Maarten