Prevent accessing more arguments than provided. BUG=390111 Change-Id: Iecc2ac2354a82cca937a823e5c588c662264e36c Reviewed-on: https://chromium-review.googlesource.com/213551 Tested-by: Nicolas Capens <capn@chromium.org> Reviewed-by: Jamie Madill <jmadill@chromium.org>

commit: ffd7387a8c40f6920e39a5d192d063306a77f400 [log] [tgz]
author: Nicolas Capens <nicolascapens@chromium.org> Thu Aug 21 13:49:16 2014 -0400
committer: Nicolas Capens <capn@chromium.org> Fri Aug 22 02:24:37 2014 +0000
tree: 2a0d5edb3a14e2d9a4d8e693d056b1984d12cec8
parent: 39b434637523ef3a8f6b3e984979022af8379d10 [diff] [blame]
diff --git a/src/compiler/translator/ParseContext.cpp b/src/compiler/translator/ParseContext.cpp
index 51a1523..04797da 100644
--- a/src/compiler/translator/ParseContext.cpp
+++ b/src/compiler/translator/ParseContext.cpp

@@ -1613,7 +1613,7 @@
 
         for (size_t i = 0; i < fields.size(); i++)
         {
-            if ((*args)[i]->getAsTyped()->getType() != *fields[i]->type())
+            if (i >= args->size() || (*args)[i]->getAsTyped()->getType() != *fields[i]->type())
             {
                 error(line, "Structure constructor arguments do not match structure fields", "Error");
                 recover();
commit	ffd7387a8c40f6920e39a5d192d063306a77f400	[log] [tgz]
author	Nicolas Capens <nicolascapens@chromium.org>	Thu Aug 21 13:49:16 2014 -0400
committer	Nicolas Capens <capn@chromium.org>	Fri Aug 22 02:24:37 2014 +0000
tree	2a0d5edb3a14e2d9a4d8e693d056b1984d12cec8
parent	39b434637523ef3a8f6b3e984979022af8379d10 [diff] [blame]