From 9eae491a07fd56c752a177d4729a33aa3aacd4dd Mon Sep 17 00:00:00 2001
From: Gabríel Arthúr Pétursson <gabriel@system.is>
Date: Sat, 3 Jun 2017 01:38:49 +0000
Subject: loader: Fix buffer overflow in loader_add_to_dev_ext_list

The size argument to a call to memcpy is for the wrong struct. The type
of `ext->list[idx].props` is VkExtensionProperties.

Credit goes to AddressSanitizer for spotting this bug.
---
 loader/loader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'loader')

diff --git a/loader/loader.c b/loader/loader.c
index f5c74a3d..cd249cb3 100644
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -910,7 +910,7 @@ VkResult loader_add_to_dev_ext_list(const struct loader_instance *inst, struct l
         ext_list->capacity *= 2;
     }
 
-    memcpy(&ext_list->list[idx].props, props, sizeof(struct loader_dev_ext_props));
+    memcpy(&ext_list->list[idx].props, props, sizeof(*props));
     ext_list->list[idx].entrypoint_count = entry_count;
     ext_list->list[idx].entrypoints =
         loader_instance_heap_alloc(inst, sizeof(char *) * entry_count, VK_SYSTEM_ALLOCATION_SCOPE_INSTANCE);
-- 
cgit v1.2.3