cogl-matrix-stack: fix use after free in matrix stack.

If the matrix was reallocated we would use values from the stack for the matrix parameters. This fixes that and also uses the function instead of out of lining the same code. https://bugzilla.gnome.org/show_bug.cgi?id=671985 Reviewed-by: Robert Bragg <robert@linux.intel.com> Reviewed-by: Neil Roberts <neil@linux.intel.com>
2012-03-13 13:03:57 +00:00 · 2012-03-13 13:03:57 +00:00 · d42efa3741
commit d42efa3741
parent 46b1727705
1 changed files with 5 additions and 2 deletions
--- a/cogl/cogl-matrix-stack.c
+++ b/cogl/cogl-matrix-stack.c
@ -110,8 +110,11 @@ _cogl_matrix_stack_top_mutable (CoglMatrixStack *stack,
  state->push_count -= 1;

  g_array_set_size (stack->stack, stack->stack->len + 1);
-  new_top = &g_array_index (stack->stack, CoglMatrixState,
-                            stack->stack->len - 1);
+  /* if g_array_set_size reallocs we need to get state
+   * pointer again */
+  state = &g_array_index (stack->stack, CoglMatrixState,
+                            stack->stack->len - 2);
+  new_top = _cogl_matrix_stack_top(stack);
  _cogl_matrix_state_init (new_top);

  if (initialize)