From cdfad9cdbe65ec9fcf92ff70ef8ecdd2732a627e Mon Sep 17 00:00:00 2001 From: Neil Roberts Date: Wed, 11 May 2011 13:43:02 +0100 Subject: [PATCH] cogl-vertex-buffer: Fix the size of the array of attribute pointers In update_primitive_attributes it tries to fill in an array of pointers with a NULL terminator. However it was only allocating enough space for a pointer for each of the attributes plus one byte instead of plus enough bytes for another pointer. Thomas Wood found this bug with static analysis. --- cogl/cogl-vertex-buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cogl/cogl-vertex-buffer.c b/cogl/cogl-vertex-buffer.c index 514cb7a27..300acf088 100644 --- a/cogl/cogl-vertex-buffer.c +++ b/cogl/cogl-vertex-buffer.c @@ -1164,7 +1164,7 @@ update_primitive_attributes (CoglVertexBuffer *buffer) g_return_if_fail (n_attributes > 0); - attributes = g_alloca (sizeof (CoglAttribute *) * n_attributes + 1); + attributes = g_alloca (sizeof (CoglAttribute *) * (n_attributes + 1)); i = 0; for (l = buffer->submitted_vbos; l; l = l->next)