From a5525d26063703cab7b12c0c7723e8c7456bf084 Mon Sep 17 00:00:00 2001
From: Pavel Kovalenko <paul-kv@yandex.ru>
Date: Thu, 9 Oct 2014 14:26:43 +0400
Subject: [PATCH] Fix potential stack overflow in CRender::LoadBuffers.

---
 src/Layers/xrRenderPC_R4/r4_loader.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Layers/xrRenderPC_R4/r4_loader.cpp b/src/Layers/xrRenderPC_R4/r4_loader.cpp
index 537b94c0bdf..8db50d54b0e 100644
--- a/src/Layers/xrRenderPC_R4/r4_loader.cpp
+++ b/src/Layers/xrRenderPC_R4/r4_loader.cpp
@@ -194,14 +194,14 @@ void CRender::LoadBuffers		(CStreamReader *base_fs,	BOOL _alternative)
 		u32 count				= fs->r_u32();
 		_DC.resize				(count);
 		_VB.resize				(count);
+        u32 bufferSize = (MAXD3DDECLLENGTH+1)*sizeof(D3DVERTEXELEMENT9);
+        D3DVERTEXELEMENT9* dcl = (D3DVERTEXELEMENT9*)_alloca(bufferSize);
 		for (u32 i=0; i<count; i++)
 		{
 			// decl
 //			D3DVERTEXELEMENT9*	dcl		= (D3DVERTEXELEMENT9*) fs().pointer();
-			u32					buffer_size = (MAXD3DDECLLENGTH+1)*sizeof(D3DVERTEXELEMENT9);
-			D3DVERTEXELEMENT9	*dcl = (D3DVERTEXELEMENT9*)_alloca(buffer_size);
-			fs->r				(dcl,buffer_size);
-			fs->advance			(-(int)buffer_size);
+			fs->r				(dcl,bufferSize);
+			fs->advance			(-(int)bufferSize);
 
 			u32 dcl_len			= D3DXGetDeclLength		(dcl)+1;
 			_DC[i].resize		(dcl_len);