[bug] memory overrun

in opengl_txfm.c lines 1231 1235 1239 1243
glPixelMapfv ( GL_PIXEL_MAP_I_TO_R, 2, array );
array is declared as "GLfloat array[ 4 ];"
and passed as size = 2 (2nd parameter of the function).


Paul Jimenez's picture

In my copy of OCC 6.3, those calls are about 20 lines below. Anyway, I don't really see a problem in that. The array is allocated in the stack, and the only thing that is happening is that the OpenGL method is told the array is 2 floats long when it's really 4 (if it was the other way around, then it would be problematic).

At the end, it's only making that function take 8 more bytes when called than needed, but since those 8 bytes are taken from the stack (which should have way more than that available), it's not a problem.

Stephane Routelous's picture

it's maybe not a problem, but it's not clean.
I just reported the problem because DevPartner reported it.
The lines were for OCC6.2, but I checked it was not solved in 6.3.