summaryrefslogtreecommitdiff
path: root/indra/newview
diff options
context:
space:
mode:
authorandreykproductengine <andreykproductengine@lindenlab.com>2018-10-11 16:57:40 +0300
committerandreykproductengine <andreykproductengine@lindenlab.com>2018-10-11 16:57:40 +0300
commitb2bb7170b33e3508aa7978ebe4fbab17b8b305d5 (patch)
treeb15b5a5ebc94f3641a5ae7f6b42e5fa72df14b40 /indra/newview
parent3a521388293c90f4d3492cf45b02cded102bced2 (diff)
SL-9649 Buffer safety checks for llviewerobject.cpp
Diffstat (limited to 'indra/newview')
-rw-r--r--indra/newview/llviewerobject.cpp9
-rw-r--r--indra/newview/llviewerobjectlist.cpp2
-rw-r--r--indra/newview/llvovolume.cpp2
3 files changed, 8 insertions, 5 deletions
diff --git a/indra/newview/llviewerobject.cpp b/indra/newview/llviewerobject.cpp
index 955cc79283..035087d52e 100644
--- a/indra/newview/llviewerobject.cpp
+++ b/indra/newview/llviewerobject.cpp
@@ -135,6 +135,7 @@ std::map<std::string, U32> LLViewerObject::sObjectDataMap;
const F32 PHYSICS_TIMESTEP = 1.f / 45.f;
const U32 MAX_INV_FILE_READ_FAILS = 25;
+const S32 MAX_OBJECT_BINARY_DATA_SIZE = 60 + 16;
static LLTrace::BlockTimerStatHandle FTM_CREATE_OBJECT("Create Object");
@@ -1132,7 +1133,9 @@ U32 LLViewerObject::processUpdateMessage(LLMessageSystem *mesgsys,
// Use getPosition, not getPositionRegion, since this is what we're comparing directly against.
LLVector3 test_pos_parent = getPosition();
- U8 data[60+16]; // This needs to match the largest size below.
+ // This needs to match the largest size below. See switch(length)
+ U8 data[MAX_OBJECT_BINARY_DATA_SIZE];
+
#ifdef LL_BIG_ENDIAN
U16 valswizzle[4];
#endif
@@ -1199,7 +1202,7 @@ U32 LLViewerObject::processUpdateMessage(LLMessageSystem *mesgsys,
mesgsys->getU8Fast( _PREHASH_ObjectData, _PREHASH_ClickAction, click_action, block_num);
mesgsys->getVector3Fast(_PREHASH_ObjectData, _PREHASH_Scale, new_scale, block_num );
length = mesgsys->getSizeFast(_PREHASH_ObjectData, block_num, _PREHASH_ObjectData);
- mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_ObjectData, data, length, block_num);
+ mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_ObjectData, data, length, block_num, MAX_OBJECT_BINARY_DATA_SIZE);
mTotalCRC = crc;
@@ -1507,7 +1510,7 @@ U32 LLViewerObject::processUpdateMessage(LLMessageSystem *mesgsys,
LL_INFOS() << "TI:" << getID() << LL_ENDL;
#endif
length = mesgsys->getSizeFast(_PREHASH_ObjectData, block_num, _PREHASH_ObjectData);
- mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_ObjectData, data, length, block_num);
+ mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_ObjectData, data, length, block_num, MAX_OBJECT_BINARY_DATA_SIZE);
count = 0;
LLVector4 collision_plane;
diff --git a/indra/newview/llviewerobjectlist.cpp b/indra/newview/llviewerobjectlist.cpp
index 23a51b99f6..f97021aedf 100644
--- a/indra/newview/llviewerobjectlist.cpp
+++ b/indra/newview/llviewerobjectlist.cpp
@@ -471,7 +471,7 @@ void LLViewerObjectList::processObjectUpdate(LLMessageSystem *mesgsys,
compressed_dp.reset();
uncompressed_length = mesgsys->getSizeFast(_PREHASH_ObjectData, i, _PREHASH_Data);
- mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_Data, compressed_dpbuffer, 0, i);
+ mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_Data, compressed_dpbuffer, 0, i, 2048);
compressed_dp.assignBuffer(compressed_dpbuffer, uncompressed_length);
if (update_type != OUT_TERSE_IMPROVED) // OUT_FULL_COMPRESSED only?
diff --git a/indra/newview/llvovolume.cpp b/indra/newview/llvovolume.cpp
index 7d6881f8a8..e746ecd87a 100644
--- a/indra/newview/llvovolume.cpp
+++ b/indra/newview/llvovolume.cpp
@@ -474,7 +474,7 @@ U32 LLVOVolume::processUpdateMessage(LLMessageSystem *mesgsys,
{
U8 tdpbuffer[1024];
LLDataPackerBinaryBuffer tdp(tdpbuffer, 1024);
- mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_TextureEntry, tdpbuffer, 0, block_num);
+ mesgsys->getBinaryDataFast(_PREHASH_ObjectData, _PREHASH_TextureEntry, tdpbuffer, 0, block_num, 1024);
S32 result = unpackTEMessage(tdp);
if (result & teDirtyBits)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 11:27:10 +0000