summaryrefslogtreecommitdiff
path: root/indra/llprimitive/llprimitive.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'indra/llprimitive/llprimitive.cpp')
-rw-r--r--indra/llprimitive/llprimitive.cpp32
1 files changed, 24 insertions, 8 deletions
diff --git a/indra/llprimitive/llprimitive.cpp b/indra/llprimitive/llprimitive.cpp
index d28cd89a1b..0578f0b192 100644
--- a/indra/llprimitive/llprimitive.cpp
+++ b/indra/llprimitive/llprimitive.cpp
@@ -1052,7 +1052,7 @@ S32 LLPrimitive::unpackTEField(U8 *cur_ptr, U8 *buffer_end, U8 *data_ptr, U8 dat
while ((cur_ptr < buffer_end) && (*cur_ptr != 0))
{
-// llinfos << "TE exception" << llendl;
+ LL_DEBUGS("TEFieldDecode") << "TE exception" << LL_ENDL;
i = 0;
while (*cur_ptr & 0x80)
{
@@ -1067,14 +1067,16 @@ S32 LLPrimitive::unpackTEField(U8 *cur_ptr, U8 *buffer_end, U8 *data_ptr, U8 dat
if (i & 0x01)
{
htonmemcpy(data_ptr+(j*data_size),cur_ptr,type,data_size);
-// char foo[64];
-// sprintf(foo,"%x %x",*(data_ptr+(j*data_size)), *(data_ptr+(j*data_size)+1));
-// llinfos << "Assigning " << foo << " to face " << j << llendl;
+ LL_DEBUGS("TEFieldDecode") << "Assigning " ;
+ char foo[64];
+ sprintf(foo,"%x %x",*(data_ptr+(j*data_size)), *(data_ptr+(j*data_size)+1));
+ LL_CONT << foo << " to face " << j << LL_ENDL;
}
i = i >> 1;
}
cur_ptr += data_size;
}
+ llassert(cur_ptr <= buffer_end); // buffer underrun
return (S32)(cur_ptr - start_loc);
}
@@ -1328,8 +1330,15 @@ S32 LLPrimitive::unpackTEMessage(LLMessageSystem* mesgsys, char const* block_nam
cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)media_flags, 1, face_count, MVT_U8);
cur_ptr++;
cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)glow, 1, face_count, MVT_U8);
- cur_ptr++;
- cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)material_data, 16, face_count, MVT_LLUUID);
+ if (cur_ptr < packed_buffer + size)
+ {
+ cur_ptr++;
+ cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)material_data, 16, face_count, MVT_LLUUID);
+ }
+ else
+ {
+ memset(material_data, 0, sizeof(material_data));
+ }
for (U32 i = 0; i < face_count; i++)
{
@@ -1429,8 +1438,15 @@ S32 LLPrimitive::unpackTEMessage(LLDataPacker &dp)
cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)media_flags, 1, face_count, MVT_U8);
cur_ptr++;
cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)glow, 1, face_count, MVT_U8);
- cur_ptr++;
- cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)material_data, 16, face_count, MVT_LLUUID);
+ if (cur_ptr < packed_buffer + size)
+ {
+ cur_ptr++;
+ cur_ptr += unpackTEField(cur_ptr, packed_buffer+size, (U8 *)material_data, 16, face_count, MVT_LLUUID);
+ }
+ else
+ {
+ memset(material_data, 0, sizeof(material_data));
+ }
for (i = 0; i < face_count; i++)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-30 16:28:22 +0000