From fa36f2c3b7707865867ce2b4710efeaeef993b1d Mon Sep 17 00:00:00 2001 From: Mathias Agopian <mathias@google.com> Date: Tue, 16 Feb 2010 21:01:12 -0800 Subject: [PATCH] fix [2448319] out of bounds array index in fog --- include/private/pixelflinger/ggl_context.h | 3 +-- libpixelflinger/pixelflinger.cpp | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/private/pixelflinger/ggl_context.h b/include/private/pixelflinger/ggl_context.h index 8a36fa9ee2..2d7fdcf5f1 100644 --- a/include/private/pixelflinger/ggl_context.h +++ b/include/private/pixelflinger/ggl_context.h @@ -285,8 +285,7 @@ struct clear_state_t { }; struct fog_state_t { - uint8_t color[3]; - uint8_t reserved; + uint8_t color[4]; }; struct logic_op_state_t { diff --git a/libpixelflinger/pixelflinger.cpp b/libpixelflinger/pixelflinger.cpp index b54da0c613..84e584e493 100644 --- a/libpixelflinger/pixelflinger.cpp +++ b/libpixelflinger/pixelflinger.cpp @@ -281,6 +281,7 @@ static void ggl_fogColor3xv(void* con, const GGLclampx* color) const int32_t r = gglClampx(color[0]); const int32_t g = gglClampx(color[1]); const int32_t b = gglClampx(color[2]); + c->state.fog.color[GGLFormat::ALPHA]= 0xFF; // unused c->state.fog.color[GGLFormat::RED] = (r - (r>>8))>>8; c->state.fog.color[GGLFormat::GREEN]= (g - (g>>8))>>8; c->state.fog.color[GGLFormat::BLUE] = (b - (b>>8))>>8; -- GitLab