search

sunshinexyj / oglsuperbible5

Automatically exported from code.google.com/p/oglsuperbible5
1 stars 0 forks source link

Out of array bounds in memcpy #7

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
In the file "math3d.h" there are two functions:
inline void m3dInjectRotationMatrix44(M3DMatrix44f dst, const M3DMatrix33f src)
inline void m3dInjectRotationMatrix44(M3DMatrix44d dst, const M3DMatrix33d src)

M3DMatrix33f and M3DMatrix33d are arrays with a size of 9:
typedef float   M3DMatrix33f[9];        // A 3 x 3 matrix, column major (floats) - 
OpenGL Style
typedef double  M3DMatrix33d[9];        // A 3 x 3 matrix, column major (doubles) - 
OpenGL Style

but inside the functions, src parameter is treated like an array of size 16:

    memcpy(dst, src, sizeof(float) * 4);
    memcpy(dst + 4, src + 4, sizeof(float) * 4);
    memcpy(dst + 8, src + 8, sizeof(float) * 4);

I think this is not correct.

Original issue reported on code.google.com by cesar.id...@gmail.com on 7 Nov 2010 at 8:43

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Patch added.

Original comment by cesar.id...@gmail.com on 8 Nov 2010 at 9:13

Attachments: