projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c78f84e)
glx: fix incorrect array stack memory allocation
authorMarkus Fleschutz <markus.fleschutz@x-software.com>
Fri, 26 Feb 2010 17:34:19 +0000 (10:34 -0700)
committerBrian Paul <brianp@vmware.com>
Fri, 26 Feb 2010 17:34:21 +0000 (10:34 -0700)
The array stack space wasn't allocated to the proper size.  Fixes out of
bounds memory writes when the client/array stack depth exceeds one.

See fd.o bug 26768.

src/glx/indirect_vertex_array.c patch | blob | history

diff --git a/src/glx/indirect_vertex_array.c b/src/glx/indirect_vertex_array.c
index ad9882528ffb7bd7b206c72936284bf5d80bdac7..ec0e654ceae6bfe53baca2a3d98e33c1c5b92604 100644 (file)
--- a/src/glx/indirect_vertex_array.c
+++ b/src/glx/indirect_vertex_array.c
@@ -291,7 +291,8 @@ __glXInitVertexArrayState(__GLXcontext * gc)
 
    arrays->stack_index = 0;
    arrays->stack = malloc(sizeof(struct array_stack_state)
-                          * arrays->num_arrays);
+                          * arrays->num_arrays
+                          * __GL_CLIENT_ATTRIB_STACK_DEPTH);
 }