From 0bb61ad3dec04a95660e0495a7f269ed448e05d0 Mon Sep 17 00:00:00 2001
From: Alexander Gavriliuk <alexandrgproductengine@lindenlab.com>
Date: Tue, 8 Aug 2023 00:32:25 +0200
Subject: SL-19807 BugSplat Crash: LLDispatchSetEstateExperience::getIDs()

---
 indra/newview/llfloaterregioninfo.cpp | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/indra/newview/llfloaterregioninfo.cpp b/indra/newview/llfloaterregioninfo.cpp
index a24f04ccfb..7f50a2f0cc 100644
--- a/indra/newview/llfloaterregioninfo.cpp
+++ b/indra/newview/llfloaterregioninfo.cpp
@@ -144,7 +144,7 @@ public:
 		const LLUUID& invoice,
 		const sparam_t& strings);
 
-	LLSD getIDs( sparam_t::const_iterator it, sparam_t::const_iterator end, S32 count );
+	static LLSD getIDs( sparam_t::const_iterator it, sparam_t::const_iterator end, S32 count );
 };
 
 
@@ -2450,11 +2450,12 @@ bool LLDispatchSetEstateAccess::operator()(
 	return true;
 }
 
+// static
 LLSD LLDispatchSetEstateExperience::getIDs( sparam_t::const_iterator it, sparam_t::const_iterator end, S32 count )
 {
 	LLSD idList = LLSD::emptyArray();
 	LLUUID id;
-	while(count--> 0)
+	while (count-- > 0 && it < end)
 	{
 		memcpy(id.mData, (*(it++)).data(), UUID_BYTES);
 		idList.append(id);
@@ -2468,7 +2469,7 @@ LLSD LLDispatchSetEstateExperience::getIDs( sparam_t::const_iterator it, sparam_
 // strings[2] = str(num blocked)
 // strings[3] = str(num trusted)
 // strings[4] = str(num allowed)
-// strings[8] = bin(uuid) ...
+// strings[5] = bin(uuid) ...
 // ...
 bool LLDispatchSetEstateExperience::operator()(
 	const LLDispatcher* dispatcher,
@@ -2477,23 +2478,30 @@ bool LLDispatchSetEstateExperience::operator()(
 	const sparam_t& strings)
 {
 	LLPanelRegionExperiences* panel = LLFloaterRegionInfo::getPanelExperiences();
-	if (!panel) return true;
+	if (!panel)
+		return true;
+
+	const sparam_t::size_type MIN_SIZE = 5;
+	if (strings.size() < MIN_SIZE)
+		return true;
 
+	// Skip 2 parameters
 	sparam_t::const_iterator it = strings.begin();
 	++it; // U32 estate_id = strtol((*it).c_str(), NULL, 10);
 	++it; // U32 send_to_agent_only = strtoul((*(++it)).c_str(), NULL, 10);
 
+	// Read 3 parameters
 	LLUUID id;
 	S32 num_blocked = strtol((*(it++)).c_str(), NULL, 10);
 	S32 num_trusted = strtol((*(it++)).c_str(), NULL, 10);
 	S32 num_allowed = strtol((*(it++)).c_str(), NULL, 10);
 
 	LLSD ids = LLSD::emptyMap()
-		.with("blocked", getIDs(it,								strings.end(), num_blocked))
-		.with("trusted", getIDs(it + (num_blocked),				strings.end(), num_trusted))
-		.with("allowed", getIDs(it + (num_blocked+num_trusted),	strings.end(), num_allowed));
+		.with("blocked", getIDs(it, strings.end(), num_blocked))
+		.with("trusted", getIDs(it + num_blocked, strings.end(), num_trusted))
+		.with("allowed", getIDs(it + num_blocked + num_trusted, strings.end(), num_allowed));
 
-	panel->processResponse(ids);			
+	panel->processResponse(ids);
 
 	return true;
 }
-- 
cgit v1.2.3