vbo: fix incorrect loop limit in bind_array_obj()

The generic_array[] is 16 elements in size, but the loop was doing 32
iterations.  The out of bounds array write was clobbering the following
inputs[] array but as luck would have it, that didn't matter.

diff --git a/src/mesa/vbo/vbo_exec_array.c b/src/mesa/vbo/vbo_exec_array.c
index 0e611840c2e48948a46961d3f168fc226dbcec39..65fe197a4d7d79f1f1fe7bd14b4e890f6c6ad57b 100644 (file)
--- a/src/mesa/vbo/vbo_exec_array.c
+++ b/src/mesa/vbo/vbo_exec_array.c
@@ -118,8 +118,11 @@ static void bind_array_obj( GLcontext *ctx )
    for (i = 0; i < MAX_TEXTURE_COORD_UNITS; i++)
       exec->array.legacy_array[VERT_ATTRIB_TEX0 + i] = &arrayObj->TexCoord[i];
 
-   for (i = 0; i < VERT_ATTRIB_MAX; i++)
+   for (i = 0; i < MAX_VERTEX_ATTRIBS; i++) {
+      assert(i < Elements(arrayObj->VertexAttrib));
+      assert(i < Elements(exec->array.generic_array));
       exec->array.generic_array[i] = &arrayObj->VertexAttrib[i];
+   }
    
    exec->array.array_obj = arrayObj->Name;
 }