CI: switch imageviewer ASan smoke from xvideo to sdl2

Run #1 of the v10 imageviewer smoke step tripped on Xvfb's
incomplete XVideo support:

   Error: [XVideo] XvQueryAdaptors() found 0 adaptors.
   Error: [Video] Cannot open video driver. Exiting...

Xvfb advertises the XVideo *extension* (which my pre-flight
check verified) but provides zero XVideo *adaptors* -- adaptors
are the hardware-acceleration backends, and Xvfb has no real
video hardware to back them with.  The xvideo driver in
gfx/drivers/xvideo.c correctly errors out via XvQueryAdaptors's
count check rather than crashing -- that's good defensive code,
not a bug -- but it means xvideo is unusable on Xvfb and we
need a different video driver for the smoke.

Pivot to SDL2.  RetroArch's sdl2 video driver
(gfx/drivers/sdl2_gfx.c) uses SDL2's X11 backend with MIT-SHM
for image transfer -- both confirmed available on Xvfb out of
the box.  A standalone SDL_CreateRenderer probe under Xvfb
returns a working SDL_RENDERER_SOFTWARE renderer cleanly
(verified locally before this patch landed).

Coverage tradeoff: we lose xvideo's YUV color-conversion +
XShm codepath but keep all the high-leverage surface (dlopen
of the core, retro_load_game, the stb_image decode path, video
driver init, the runloop, full cleanup-on-shutdown).  The
dropped xvideo-specific surface is small enough that it's not
worth the cost of finding a virtual X server with software
XVideo adaptors -- nothing widely available actually provides
those.

* .github/workflows/Linux-asan-ubsan.yml

  - Install dependencies: drop libxv-dev, libxext-dev,
    libxxf86vm-dev (xvideo build deps).  libsdl2-dev was
    already in the base set so no new packages required.

  - Configure: --enable-xvideo -> --enable-sdl2.  Same explicit-
    over-implicit reasoning: silent fall-back to a different
    driver would skew the smoke without warning.

  - Smoke step: video_driver = "xvideo" -> "sdl2" in the inline
    retroarch.cfg.  The xdpyinfo XVideo readiness probe becomes
    an MIT-SHM probe (which SDL2 actually uses).  Step comment
    rewritten to document why we pivoted from xvideo, with the
    actual error message from run #1 inlined for context.

  - Header comment: tier-2 description updated from "X11 +
    XVideo color-conversion pipeline" to "SDL2 + X11 + MIT-SHM
    rendering pipeline".

Pre-flight lesson: extension presence != functional driver.
xdpyinfo -queryExtensions told me XVideo was present; what I
should have verified is that XvQueryAdaptors returns a positive
count.  For SDL2 the equivalent positive verification is
SDL_CreateRenderer returning non-NULL, which the local probe
confirmed.

Verified locally:
  - YAML parses, 9 steps, soft-fail still scoped to only the
    imageviewer step.
  - Standalone SDL2 renderer probe (SDL_CreateWindow +
    SDL_CreateRenderer w/ SDL_RENDERER_SOFTWARE) on Xvfb display
    returns ok, exit 0.
  - Patch applies cleanly to b9777c8 + v8 (efae310 + ace9c9f
    didn't touch this file).

Cannot verify locally: the actual end-to-end run, which would
require building a sanitizer-instrumented retroarch binary
linked against SDL2.  As before, the next CI run is the
experiment.

Author: LibretroAdmin

menu/menu_displaylist.c

@@ -6790,28 +6790,43 @@ static unsigned menu_displaylist_populate_subsystem(
          {
             if (content_get_subsystem_rom_id() < subsystem->num_roms)
             {
+               /* Bound-checked piece-by-piece append.  Pre-fix this
+                * was a naive `_len += strlcpy(s + _len, src,
+                * sizeof(s) - _len)` chain that overshoots and
+                * underflows on a long subsystem->desc -- core-
+                * controlled via RETRO_ENVIRONMENT_SET_SUBSYSTEM_INFO
+                * with no length limit imposed by RetroArch -- driving
+                * the next strlcpy into an OOB write on the stack
+                * buffer s[PATH_MAX_LENGTH].  See 78c52ab for the
+                * helper rationale and the database_info_build_
+                * query_enum precedent. */
+               size_t pos = 0;
+               int    rv  = 0;
                /* TODO/FIXME - Localize string */
-               size_t _len = strlcpy(s, "Load", sizeof(s));
-               _len       += strlcpy(s + _len, " ", sizeof(s) - _len);
-               _len       += strlcpy(s + _len, subsystem->desc, sizeof(s) - _len);
-               _len       += strlcpy(s + _len, " ", sizeof(s) - _len);
-               _len       += strlcpy(s + _len, star_char, sizeof(s) - _len);
+               rv |= strlcpy_append(s, sizeof(s), &pos, "Load");
+               rv |= strlcpy_append(s, sizeof(s), &pos, " ");
+               rv |= strlcpy_append(s, sizeof(s), &pos, subsystem->desc);
+               rv |= strlcpy_append(s, sizeof(s), &pos, " ");
+               rv |= strlcpy_append(s, sizeof(s), &pos, star_char);
 
 #ifdef HAVE_RGUI
                /* If using RGUI with sublabels disabled, add the
                 * appropriate text to the menu entry itself... */
                if (is_rgui && !menu_show_sublabels)
                {
-                  _len       += strlcpy(s + _len, " [", sizeof(s) - _len);
+                  rv |= strlcpy_append(s, sizeof(s), &pos, " [");
                   /* TODO/FIXME - Localize */
-                  _len       += strlcpy(s + _len, "Current Content:", sizeof(s) - _len);
-                  _len       += strlcpy(s + _len, " ", sizeof(s) - _len);
-                  _len       += strlcpy(s + _len,
-                        subsystem->roms[content_get_subsystem_rom_id()].desc,
-                        sizeof(s)         - _len);
-                  strlcpy(s + _len, "]", sizeof(s) - _len);
+                  rv |= strlcpy_append(s, sizeof(s), &pos,
+                        "Current Content:");
+                  rv |= strlcpy_append(s, sizeof(s), &pos, " ");
+                  rv |= strlcpy_append(s, sizeof(s), &pos,
+                        subsystem->roms[content_get_subsystem_rom_id()].desc);
+                  rv |= strlcpy_append(s, sizeof(s), &pos, "]");
                }
 #endif
+               (void)rv;  /* truncation leaves s NUL-terminated at
+                           * sizeof(s) - 1; the menu entry is just
+                           * shorter than ideal, no further action. */
 
                if (menu_entries_append(list,
                   s,
@@ -6822,39 +6837,48 @@ static unsigned menu_displaylist_populate_subsystem(
             }
             else
             {
+               /* Same chain pattern as the "Load" branch above; same
+                * unbounded subsystem->desc surface. */
+               size_t pos = 0;
+               int    rv  = 0;
                /* TODO/FIXME - Localize string */
-               size_t _len = strlcpy(s, "Start", sizeof(s));
-               _len       += strlcpy(s + _len, " ", sizeof(s) - _len);
-               _len       += strlcpy(s + _len, subsystem->desc, sizeof(s) - _len);
-               _len       += strlcpy(s + _len, " ", sizeof(s) - _len);
-               _len       += strlcpy(s + _len, star_char,       sizeof(s) - _len);
+               rv |= strlcpy_append(s, sizeof(s), &pos, "Start");
+               rv |= strlcpy_append(s, sizeof(s), &pos, " ");
+               rv |= strlcpy_append(s, sizeof(s), &pos, subsystem->desc);
+               rv |= strlcpy_append(s, sizeof(s), &pos, " ");
+               rv |= strlcpy_append(s, sizeof(s), &pos, star_char);
 
 #ifdef HAVE_RGUI
                /* If using RGUI with sublabels disabled, add the
                 * appropriate text to the menu entry itself... */
                if (is_rgui && !menu_show_sublabels)
                {
-                  size_t _len2 = 0;
+                  size_t pos2  = 0;
+                  int    rv2   = 0;
                   unsigned j   = 0;
                   char rom_buff[PATH_MAX_LENGTH];
+                  rom_buff[0]  = '\0';
 
                   for (j = 0; j < content_get_subsystem_rom_id(); j++)
                   {
-                     _len2    += strlcpy(rom_buff + _len2,
-                           path_basename(content_get_subsystem_rom(j)),
-                                 sizeof(rom_buff) - _len2);
+                     rv2 |= strlcpy_append(rom_buff, sizeof(rom_buff),
+                           &pos2,
+                           path_basename(content_get_subsystem_rom(j)));
                      if (j != content_get_subsystem_rom_id() - 1)
-                        _len2 += strlcpy(rom_buff + _len2, "|", sizeof(rom_buff) - _len2);
+                        rv2 |= strlcpy_append(rom_buff, sizeof(rom_buff),
+                              &pos2, "|");
                   }
+                  (void)rv2;
 
                   if (*rom_buff)
                   {
-                     _len += strlcpy(s + _len, " [",     sizeof(s) - _len);
-                     _len += strlcpy(s + _len, rom_buff, sizeof(s) - _len);
-                     strlcpy(s + _len, "]", sizeof(s) - _len);
+                     rv |= strlcpy_append(s, sizeof(s), &pos, " [");
+                     rv |= strlcpy_append(s, sizeof(s), &pos, rom_buff);
+                     rv |= strlcpy_append(s, sizeof(s), &pos, "]");
                   }
                }
 #endif
+               (void)rv;
 
                if (menu_entries_append(list,
                   s,
@@ -6866,10 +6890,13 @@ static unsigned menu_displaylist_populate_subsystem(
          }
          else
          {
+            /* Same chain pattern as the two branches above. */
+            size_t pos = 0;
+            int    rv  = 0;
             /* TODO/FIXME - Localize */
-            size_t _len = strlcpy(s, "Load", sizeof(s));
-            _len       += strlcpy(s + _len, " ", sizeof(s) - _len);
-            _len       += strlcpy(s + _len, subsystem->desc, sizeof(s) - _len);
+            rv |= strlcpy_append(s, sizeof(s), &pos, "Load");
+            rv |= strlcpy_append(s, sizeof(s), &pos, " ");
+            rv |= strlcpy_append(s, sizeof(s), &pos, subsystem->desc);
 
 #ifdef HAVE_RGUI
             /* If using RGUI with sublabels disabled, add the
@@ -6881,16 +6908,18 @@ static unsigned menu_displaylist_populate_subsystem(
                 * anyway), but no harm in being safe... */
                if (subsystem->num_roms > 0)
                {
-                  _len += strlcpy(s + _len, " [",               sizeof(s) - _len);
+                  rv |= strlcpy_append(s, sizeof(s), &pos, " [");
                   /* TODO/FIXME - Localize */
-                  _len += strlcpy(s + _len, "Current Content:", sizeof(s) - _len);
-                  _len += strlcpy(s + _len, " ",                sizeof(s) - _len);
-                  _len += strlcpy(s + _len, subsystem->roms[0].desc,
-                                                                sizeof(s) - _len);
-                  strlcpy(s + _len, "]", sizeof(s) - _len);
+                  rv |= strlcpy_append(s, sizeof(s), &pos,
+                        "Current Content:");
+                  rv |= strlcpy_append(s, sizeof(s), &pos, " ");
+                  rv |= strlcpy_append(s, sizeof(s), &pos,
+                        subsystem->roms[0].desc);
+                  rv |= strlcpy_append(s, sizeof(s), &pos, "]");
                }
             }
 #endif
+            (void)rv;
 
             if (menu_entries_append(list,
                s,