[PATCH 10/27] glamor: Fix stack overflow in glamor_solid vertex handling.

Eric Anholt eric at anholt.net
Tue Mar 11 14:30:24 PDT 2014


ARRAY_SIZE(vertices) is 32 (floating point values), so we need to
divide by the number of floats in a box like we do in the overflow
case below.

Signed-off-by: Eric Anholt <eric at anholt.net>
---
 glamor/glamor_fill.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/glamor/glamor_fill.c b/glamor/glamor_fill.c
index dda55ea..75c952c 100644
--- a/glamor/glamor_fill.c
+++ b/glamor/glamor_fill.c
@@ -189,7 +189,7 @@ _glamor_solid_boxes(PixmapPtr pixmap, BoxPtr box, int nbox, float *color)
     GLfloat xscale, yscale;
     float vertices[32];
     float *pvertices = vertices;
-    int valid_nbox = ARRAY_SIZE(vertices);
+    int valid_nbox = ARRAY_SIZE(vertices) / (4 * 2);
 
     glamor_set_destination_pixmap_priv_nc(pixmap_priv);
 
-- 
1.9.0



More information about the xorg-devel mailing list