Mesa (master): glx: fix incorrect array stack memory allocation
Brian Paul
brianp at kemper.freedesktop.org
Fri Feb 26 17:35:51 UTC 2010
Module: Mesa
Branch: master
Commit: 83f1183e769777df5ada4bf7add3390881f88d02
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=83f1183e769777df5ada4bf7add3390881f88d02
Author: Markus Fleschutz <markus.fleschutz at x-software.com>
Date: Fri Feb 26 10:34:19 2010 -0700
glx: fix incorrect array stack memory allocation
The array stack space wasn't allocated to the proper size. Fixes out of
bounds memory writes when the client/array stack depth exceeds one.
See fd.o bug 26768.
---
src/glx/indirect_vertex_array.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/glx/indirect_vertex_array.c b/src/glx/indirect_vertex_array.c
index ad98825..ec0e654 100644
--- a/src/glx/indirect_vertex_array.c
+++ b/src/glx/indirect_vertex_array.c
@@ -291,7 +291,8 @@ __glXInitVertexArrayState(__GLXcontext * gc)
arrays->stack_index = 0;
arrays->stack = malloc(sizeof(struct array_stack_state)
- * arrays->num_arrays);
+ * arrays->num_arrays
+ * __GL_CLIENT_ATTRIB_STACK_DEPTH);
}
More information about the mesa-commit
mailing list