LineageOS/android_development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

EmuGL: Fix heap corruption

Browse Source 
Off-by-two bug when removing textures from the tracking array could
overwrite malloc's mem chunk data structure, usually resulting in a
heap corruption abort on a later malloc/realloc/free.

Bug: 5951738
Change-Id: I11056bb62883373c2a3403f53899347ff8cdabf2
This commit is contained in:
Jesse Hall
2012-02-03 22:54:24 -08:00
parent 47365074a0
commit 0e981c8304
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tools/emulator/opengl/shared/OpenglCodecCommon/GLClientState.cpp
View File

@@ -394,7 +394,7 @@ void GLClientState::deleteTextures(GLsizei n, const GLuint* textures)
if (texrec) { if (texrec) {
const TextureRec* end = m_tex.textures + m_tex.numTextures; const TextureRec* end = m_tex.textures + m_tex.numTextures;
memmove(texrec, texrec + 1, memmove(texrec, texrec + 1,
(end - texrec + 1) * sizeof(TextureRec)); (end - texrec - 1) * sizeof(TextureRec));
m_tex.numTextures--; m_tex.numTextures--;
for (TextureUnit* unit = m_tex.unit; for (TextureUnit* unit = m_tex.unit;