Fix buffer overrun in accumulate_program_metrics

The convention for the op_metrics array in the context is that callers
do not index it directly, but instead call ctx_get_op_metrics (which
will grow tha array if needed first).

diff --git a/metrics.c b/metrics.c
index c24ae3f27d298cfb7c5a692ef855ebd168534c78..9f66ded156bc997e8572fce88c258aa60f3f7313 100644 (file)
--- a/metrics.c
+++ b/metrics.c
@@ -532,6 +532,7 @@ accumulate_program_metrics (metrics_op_t op, GLuint *result, GLuint size)
 
        context_t *ctx = &current_context;
        metrics_info_t *info = &ctx->metrics_info;
+       op_metrics_t *metrics = ctx_get_op_metrics (ctx, op);
        unsigned char *p = (unsigned char *) result;
 
        while (p < ((unsigned char *) result) + size)
@@ -585,7 +586,7 @@ accumulate_program_metrics (metrics_op_t op, GLuint *result, GLuint size)
                        break;
                }
 
-               ctx->op_metrics[op].counters[group_index][counter_index] += value;
+               metrics->counters[group_index][counter_index] += value;
        }
 }