summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGraham Madarasz (Graham) <graham@lindenlab.com>2013-03-04 11:10:10 -0800
committerGraham Madarasz (Graham) <graham@lindenlab.com>2013-03-04 11:10:10 -0800
commite7e617f42351876e3d003f885e89d19a02ab6f48 (patch)
tree9cefb62a6fe521e9e0f89d107a07830a489e65da
parent3849ee79c3810226d1129bcbeb6bd69144aba243 (diff)
For MAINT-2303 Fix potential stack smash from well-crafted meshes
-rw-r--r--indra/newview/llvovolume.cpp10
1 files changed, 7 insertions, 3 deletions
diff --git a/indra/newview/llvovolume.cpp b/indra/newview/llvovolume.cpp
index c0f80cf855..c7d317c526 100644
--- a/indra/newview/llvovolume.cpp
+++ b/indra/newview/llvovolume.cpp
@@ -3839,7 +3839,8 @@ void LLRiggedVolume::update(const LLMeshSkinInfo* skin, LLVOAvatar* avatar, cons
LLMatrix4a mp[64];
LLMatrix4* mat = (LLMatrix4*) mp;
- for (U32 j = 0; j < skin->mJointNames.size(); ++j)
+ U32 maxJoints = llmin(skin->mJointNames.size(), 64);
+ for (U32 j = 0; j < maxJoints; ++j)
{
LLJoint* joint = avatar->getJoint(skin->mJointNames[j]);
if (joint)
@@ -3894,8 +3895,11 @@ void LLRiggedVolume::update(const LLMeshSkinInfo* skin, LLVOAvatar* avatar, cons
F32 w = wght[k];
LLMatrix4a src;
- src.setMul(mp[idx[k]], w);
-
+ // Insure ref'd bone is in our clamped array of mats
+ llassert(idx[k] < 64);
+ // don't read garbage off the stack in release
+ if (idx[k] < 64)
+ src.setMul(mp[idx[k]], w);
final_mat.add(src);
}