Fixed rare cursor corruption on Windows

slouken · slouken · commit f6f4664ed1c7 · 2026-05-05T08:55:28.000-07:00
If the cursor was created with a temporary surface that was pointing at external memory, then when the cursor is used it might be referencing memory that had already been freed.
diff --git a/src/video/windows/SDL_windowsmouse.c b/src/video/windows/SDL_windowsmouse.c
@@ -148,9 +148,23 @@ static SDL_Cursor *WIN_CreateAnimatedCursorAndData(SDL_CursorFrameInfo *frames,
     data->hot_y = hot_y;
     data->num_frames = frame_count;
     for (int i = 0; i < frame_count; ++i) {
-        data->frames[i].surface = frames[i].surface;
+        SDL_Surface *surface = frames[i].surface;
+        if (surface->flags & SDL_SURFACE_PREALLOCATED) {
+            surface = SDL_DuplicateSurface(surface);
+            if (!surface) {
+                while (i > 0) {
+                    --i;
+                    SDL_DestroySurface(data->frames[i].surface);
+                }
+                SDL_free(data);
+                SDL_free(cursor);
+                return NULL;
+            }
+        } else {
+            ++surface->refcount;
+        }
+        data->frames[i].surface = surface;
         data->frames[i].duration = frames[i].duration;
-        ++frames[i].surface->refcount;
     }
     cursor->internal = data;
     return cursor;
