buffer overflow in recast

[GoogleCodeExporter]

There looks like a potential buffer overflow in rcBuildPolyMeshDetail(). There 
is a declararion:

rcIntArray stack(512);

and then this variable is eventually passed to getHeightData()
which conditionally applies the following:

memmove(&stack[0], &stack[RETRACT_SIZE*3], 
sizeof(int)*(stack.size()-RETRACT_SIZE*3));

where RETRACT_SIZE is defined as such:
static const int RETRACT_SIZE = 256;

Shouldn't the initial allocation of stack be large enough to hold RETRACT_SIZE 
* 3 * 2 integers?

Original issue reported on code.google.com by DahliaTr...@gmail.com on 4 Oct 2012 at 11:36

[GoogleCodeExporter]

This is fine, the move is done only when the stack size has grown larger than 
RETRACT_SIZE*3.

Original comment by memono...@gmail.com on 19 Sep 2013 at 6:23

• Changed state: Done