diff options
| author | Markus Fleschutz <markus.fleschutz@x-software.com> | 2010-02-26 10:38:21 -0700 |
|---|---|---|
| committer | Brian Paul <brianp@vmware.com> | 2010-02-26 10:38:21 -0700 |
| commit | 69334d6784e22b82a0449eab1645ae901c2c6842 (patch) | |
| tree | 727aad67483e747d8d323de10d61d29a0e2dbbfc | |
| parent | 61482ddc1c9443f26a4106efa113ae59edb9db10 (diff) | |
glx: fix incorrect array stack memory allocation
The array stack space wasn't allocated to the proper size. Fixes out of
bounds memory writes when the client/array stack depth exceeds one.
See fd.o bug 26768.
| -rw-r--r-- | src/glx/x11/indirect_vertex_array.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/glx/x11/indirect_vertex_array.c b/src/glx/x11/indirect_vertex_array.c index ad9882528ff..ec0e654ceae 100644 --- a/src/glx/x11/indirect_vertex_array.c +++ b/src/glx/x11/indirect_vertex_array.c @@ -291,7 +291,8 @@ __glXInitVertexArrayState(__GLXcontext * gc) arrays->stack_index = 0; arrays->stack = malloc(sizeof(struct array_stack_state) - * arrays->num_arrays); + * arrays->num_arrays + * __GL_CLIENT_ATTRIB_STACK_DEPTH); } |