gitea/SDL3_fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Passing NULL path to SDL_OpenFileStorage() gives access to the whole filesystem

Browse Source
This commit is contained in:
Sam Lantinga
2025-11-15 08:37:06 -08:00
parent 3ae7a54c94
commit 07f995eb72
1 changed files with 21 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/storage/generic/SDL_genericstorage.c
View File

@@ -345,21 +345,22 @@ SDL_Storage *GENERIC_OpenFileStorage(const char *path)
char *prepend = NULL; char *prepend = NULL;
bool is_absolute = false; bool is_absolute = false;
if (path && !*path) { if (!path || !*path) {
path = NULL; // so we don't end up with str[-1] later due to empty string. #ifdef SDL_PLATFORM_WINDOWS
path = "C:/";
#else
path = "/";
#endif
} }
if (path) { #ifdef SDL_PLATFORM_WINDOWS
#ifdef SDL_PLATFORM_WINDOWS
const char ch = (char) SDL_toupper(path[0]); const char ch = (char) SDL_toupper(path[0]);
is_absolute = (ch == '/') || // some sort of absolute Unix-style path. is_absolute = (ch == '/') || // some sort of absolute Unix-style path.
(ch == '\\') || // some sort of absolute Windows-style path. (ch == '\\') || // some sort of absolute Windows-style path.
(((ch >= 'A') && (ch <= 'Z')) && (path[1] == ':') && ((path[2] == '\\') || (path[2] == '/'))); // an absolute path with a drive letter. (((ch >= 'A') && (ch <= 'Z')) && (path[1] == ':') && ((path[2] == '\\') || (path[2] == '/'))); // an absolute path with a drive letter.
#else #else
is_absolute = (path[0] == '/'); // some sort of absolute Unix-style path. is_absolute = (path[0] == '/'); // some sort of absolute Unix-style path.
#endif #endif
}
if (!is_absolute) { if (!is_absolute) {
prepend = SDL_GetCurrentDirectory(); prepend = SDL_GetCurrentDirectory();
if (!prepend) { if (!prepend) {
@@ -367,21 +368,18 @@ SDL_Storage *GENERIC_OpenFileStorage(const char *path)
} }
} }
const char *finalpath = path ? path : prepend; const size_t len = SDL_strlen(path);
SDL_assert(finalpath != NULL); // _one_ of these had to be non-NULL...
const size_t len = SDL_strlen(finalpath);
SDL_assert(len > 0); // _one_ of these had to be non-empty...
const char *appended_separator = ""; const char *appended_separator = "";
#ifdef SDL_PLATFORM_WINDOWS #ifdef SDL_PLATFORM_WINDOWS
if ((finalpath[len-1] != '/') && (finalpath[len-1] != '\\')) { if ((path[len-1] != '/') && (path[len-1] != '\\')) {
appended_separator = "/"; appended_separator = "/";
} }
#else #else
if (finalpath[len-1] != '/') { if (path[len-1] != '/') {
appended_separator = "/"; appended_separator = "/";
} }
#endif #endif
const int rc = SDL_asprintf(&basepath, "%s%s%s", prepend ? prepend : "", path ? path : "", appended_separator); const int rc = SDL_asprintf(&basepath, "%s%s%s", prepend ? prepend : "", path, appended_separator);
SDL_free(prepend); SDL_free(prepend);
if (rc < 0) { if (rc < 0) {
return NULL; return NULL;