summaryrefslogtreecommitdiff
path: root/indra/llcommon/llsdserialize.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'indra/llcommon/llsdserialize.cpp')
-rw-r--r--indra/llcommon/llsdserialize.cpp43
1 files changed, 40 insertions, 3 deletions
diff --git a/indra/llcommon/llsdserialize.cpp b/indra/llcommon/llsdserialize.cpp
index d49ff0feb5..3a219eb998 100644
--- a/indra/llcommon/llsdserialize.cpp
+++ b/indra/llcommon/llsdserialize.cpp
@@ -1200,6 +1200,7 @@ bool LLSDBinaryParser::parseString(
read(istr, (char*)&value_nbo, sizeof(U32)); /*Flawfinder: ignore*/
S32 size = (S32)ntohl(value_nbo);
if(mCheckLimits && (size > mMaxBytesLeft)) return false;
+ if(size < 0) return false;
std::vector<char> buf;
if(size)
{
@@ -2090,7 +2091,18 @@ std::string zip_llsd(LLSD& data)
}
have = CHUNK-strm.avail_out;
- output = (U8*) realloc(output, cur_size+have);
+ U8* new_output = (U8*) realloc(output, cur_size+have);
+ if (new_output == NULL)
+ {
+ LL_WARNS() << "Failed to compress LLSD block: can't reallocate memory, current size: " << cur_size << " bytes; requested " << cur_size + have << " bytes." << LL_ENDL;
+ deflateEnd(&strm);
+ if (output)
+ {
+ free(output);
+ }
+ return std::string();
+ }
+ output = new_output;
memcpy(output+cur_size, out, have);
cur_size += have;
}
@@ -2173,7 +2185,19 @@ bool unzip_llsd(LLSD& data, std::istream& is, S32 size)
U32 have = CHUNK-strm.avail_out;
- result = (U8*) realloc(result, cur_size + have);
+ U8* new_result = (U8*)realloc(result, cur_size + have);
+ if (new_result == NULL)
+ {
+ LL_WARNS() << "Failed to unzip LLSD block: can't reallocate memory, current size: " << cur_size << " bytes; requested " << cur_size + have << " bytes." << LL_ENDL;
+ inflateEnd(&strm);
+ if (result)
+ {
+ free(result);
+ }
+ delete[] in;
+ return false;
+ }
+ result = new_result;
memcpy(result+cur_size, out, have);
cur_size += have;
@@ -2265,7 +2289,20 @@ U8* unzip_llsdNavMesh( bool& valid, unsigned int& outsize, std::istream& is, S32
U32 have = CHUNK-strm.avail_out;
- result = (U8*) realloc(result, cur_size + have);
+ U8* new_result = (U8*) realloc(result, cur_size + have);
+ if (new_result == NULL)
+ {
+ LL_WARNS() << "Failed to unzip LLSD NavMesh block: can't reallocate memory, current size: " << cur_size << " bytes; requested " << cur_size + have << " bytes." << LL_ENDL;
+ inflateEnd(&strm);
+ if (result)
+ {
+ free(result);
+ }
+ delete[] in;
+ valid = false;
+ return NULL;
+ }
+ result = new_result;
memcpy(result+cur_size, out, have);
cur_size += have;