glx: fix incorrect array stack memory allocation

The array stack space wasn't allocated to the proper size. Fixes out of bounds memory writes when the client/array stack depth exceeds one. See fd.o bug 26768.
author: Markus Fleschutz <markus.fleschutz@x-software.com> 2010-02-26 10:34:19 -0700
committer: Brian Paul <brianp@vmware.com> 2010-02-26 10:34:21 -0700
commit: 83f1183e769777df5ada4bf7add3390881f88d02 (patch)
tree: 8c643d324eb4f29c135696dcf848db1306c71933 /src/glx
parent: c78f84eebb3943e7a2a1eed262d85d2f67f79beb (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/glx/indirect_vertex_array.c b/src/glx/indirect_vertex_array.c
index ad9882528f..ec0e654cea 100644
--- a/src/glx/indirect_vertex_array.c
+++ b/src/glx/indirect_vertex_array.c
@@ -291,7 +291,8 @@ __glXInitVertexArrayState(__GLXcontext * gc)
 
    arrays->stack_index = 0;
    arrays->stack = malloc(sizeof(struct array_stack_state)
-                          * arrays->num_arrays);
+                          * arrays->num_arrays
+                          * __GL_CLIENT_ATTRIB_STACK_DEPTH);
 }
author	Markus Fleschutz <markus.fleschutz@x-software.com>	2010-02-26 10:34:19 -0700
committer	Brian Paul <brianp@vmware.com>	2010-02-26 10:34:21 -0700
commit	83f1183e769777df5ada4bf7add3390881f88d02 (patch)
tree	8c643d324eb4f29c135696dcf848db1306c71933 /src/glx
parent	c78f84eebb3943e7a2a1eed262d85d2f67f79beb (diff)