diff options
| author | Andrey Kleshchev <andreykproductengine@lindenlab.com> | 2025-07-21 19:30:05 +0300 |
|---|---|---|
| committer | Andrey Kleshchev <117672381+akleshchev@users.noreply.github.com> | 2025-07-21 23:12:44 +0300 |
| commit | 8df303ed8506a0c4fe8965130e1ac9df75d156b1 (patch) | |
| tree | 1ca1aaf93cb92ef77f30f0297373072f15a3d3e8 /indra | |
| parent | 4b69fe396fc0bb783c7db203fd327c16a30f6c5e (diff) | |
#4399 Crash at load_face_from_dom_triangles
Since these offsets are used for idx[i+offset] where i starts from 0,
they shouldn't be below 0 to not go out of bounds.
Diffstat (limited to 'indra')
| -rw-r--r-- | indra/llprimitive/lldaeloader.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/indra/llprimitive/lldaeloader.cpp b/indra/llprimitive/lldaeloader.cpp index a11f9b5ca2..bfcd84a43d 100644 --- a/indra/llprimitive/lldaeloader.cpp +++ b/indra/llprimitive/lldaeloader.cpp @@ -204,12 +204,15 @@ LLModel::EModelStatus load_face_from_dom_triangles( if (idx_stride <= 0 || (pos_source && pos_offset >= idx_stride) + || (pos_source && pos_offset < 0) || (tc_source && tc_offset >= idx_stride) - || (norm_source && norm_offset >= idx_stride)) + || (tc_source && tc_offset < 0) + || (norm_source && norm_offset >= idx_stride) + || (norm_source && norm_offset < 0)) { // Looks like these offsets should fit inside idx_stride // Might be good idea to also check idx.getCount()%idx_stride != 0 - LL_WARNS() << "Invalid pos_offset " << pos_offset << ", tc_offset " << tc_offset << " or norm_offset " << norm_offset << LL_ENDL; + LL_WARNS() << "Invalid idx_stride " << idx_stride << ", pos_offset " << pos_offset << ", tc_offset " << tc_offset << " or norm_offset " << norm_offset << LL_ENDL; return LLModel::BAD_ELEMENT; } |