summaryrefslogtreecommitdiffstats
path: root/src/compiler/glsl
diff options
context:
space:
mode:
authorBartosz Tomczyk <[email protected]>2017-01-31 12:02:20 +0100
committerNicolai Hähnle <[email protected]>2017-01-31 15:58:52 +0100
commitfc27181f9e51441a26b7eb4f62794b5e9a994644 (patch)
tree22919214af47575210fa4482e98d15afb4bcff89 /src/compiler/glsl
parent658568941d5e232d690e1ffbcddbd6ea9685693a (diff)
glsl: fix heap-buffer-overflow
The `end+1` skips the ']', whereas the `strlen+1` includes the final '\0' in the move to terminate the string. Cc: [email protected] Reviewed-by: Eric Engestrom <[email protected]> Reviewed-by: Nicolai Hähnle <[email protected]>
Diffstat (limited to 'src/compiler/glsl')
-rw-r--r--src/compiler/glsl/link_uniforms.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/compiler/glsl/link_uniforms.cpp b/src/compiler/glsl/link_uniforms.cpp
index 8930d26a5ca..e9a20530b57 100644
--- a/src/compiler/glsl/link_uniforms.cpp
+++ b/src/compiler/glsl/link_uniforms.cpp
@@ -535,7 +535,7 @@ private:
const char *str_end;
while((str_start = strchr(name_copy, '[')) &&
(str_end = strchr(name_copy, ']'))) {
- memmove(str_start, str_end + 1, 1 + strlen(str_end));
+ memmove(str_start, str_end + 1, 1 + strlen(str_end + 1));
}
unsigned index = 0;