mesa: Avoid out-of-bounds stack read via _mesa_Materiali

MATERIALFV may end up reading up to 4 floats from the passed parameter.

This should really set a GL_INVALID_ENUM error in the cases where it
matters, but does anybody really care?

Found by ASAN in piglit gl-1.0-beginend-coverage.

v2: fix a trivial compiler warning

Reviewed-by: Marek Olšák <marek.olsak@amd.com> (v1)
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com> (v1)

diff --git a/src/mesa/main/api_loopback.c b/src/mesa/main/api_loopback.c
index 8b63d9c..59b59d3 100644 (file)
--- a/src/mesa/main/api_loopback.c
+++ b/src/mesa/main/api_loopback.c
@@ -865,8 +865,9 @@ _mesa_Materialf( GLenum face, GLenum pname, GLfloat param )
 void GLAPIENTRY
 _mesa_Materiali(GLenum face, GLenum pname, GLint param )
 {
-   GLfloat p = (GLfloat) param;
-   MATERIALFV(face, pname, &p);
+   GLfloat p[4];
+   p[0] = (GLfloat) param;
+   MATERIALFV(face, pname, p);
 }
 
 void GLAPIENTRY