[Mesa-dev] [PATCH] glsl: fix heap-buffer-overflow

Mon Jan 30 20:55:49 UTC 2017

Found by ASAN. There is no need to add +1 to strlen, we have already add
+1 to str_end.
---
 src/compiler/glsl/link_uniforms.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/compiler/glsl/link_uniforms.cpp b/src/compiler/glsl/link_uniforms.cpp
index a450aa03a8..5a03257b98 100644
--- a/src/compiler/glsl/link_uniforms.cpp
+++ b/src/compiler/glsl/link_uniforms.cpp
@@ -535,7 +535,7 @@ private:
             const char *str_end;
             while((str_start = strchr(name_copy, '[')) &&
                   (str_end = strchr(name_copy, ']'))) {
-               memmove(str_start, str_end + 1, 1 + strlen(str_end));
+               memmove(str_start, str_end + 1, strlen(str_end));
             }
 
             unsigned index = 0;
-- 
2.11.0

