From f2780a93c082e9c9a9557b7b0f6378980632b634 Mon Sep 17 00:00:00 2001 From: AndreyL ProductEngine Date: Wed, 7 Jun 2017 03:16:56 +0300 Subject: MAINT-6697 Added a nullcheck to unzip_llsd() --- indra/llcommon/llsdserialize.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/indra/llcommon/llsdserialize.cpp b/indra/llcommon/llsdserialize.cpp index 81ba8631c6..41cdb14886 100644 --- a/indra/llcommon/llsdserialize.cpp +++ b/indra/llcommon/llsdserialize.cpp @@ -2175,6 +2175,14 @@ bool unzip_llsd(LLSD& data, std::istream& is, S32 size) U32 have = CHUNK-strm.avail_out; result = (U8*) realloc(result, cur_size + have); + if (result == NULL) + { + LL_WARNS() << "Failed to unzip LLSD block: can't reallocate memory, current size: " << cur_size << " bytes; requested " << cur_size + have << " bytes." << LL_ENDL; + inflateEnd(&strm); + free(result); + delete[] in; + return false; + } memcpy(result+cur_size, out, have); cur_size += have; -- cgit v1.2.3 From d9fe21f17f8c392a602773fa36b0814a0c672761 Mon Sep 17 00:00:00 2001 From: AndreyL ProductEngine Date: Wed, 7 Jun 2017 19:30:32 +0300 Subject: MAINT-6697 More nullchecks for zip/unzip functions --- indra/llcommon/llsdserialize.cpp | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/indra/llcommon/llsdserialize.cpp b/indra/llcommon/llsdserialize.cpp index 41cdb14886..0568a639a0 100644 --- a/indra/llcommon/llsdserialize.cpp +++ b/indra/llcommon/llsdserialize.cpp @@ -2092,6 +2092,12 @@ std::string zip_llsd(LLSD& data) have = CHUNK-strm.avail_out; output = (U8*) realloc(output, cur_size+have); + if (output == NULL) + { + LL_WARNS() << "Failed to compress LLSD block: can't reallocate memory, current size: " << cur_size << " bytes; requested " << cur_size + have << " bytes." << LL_ENDL; + deflateEnd(&strm); + return std::string(); + } memcpy(output+cur_size, out, have); cur_size += have; } @@ -2179,7 +2185,6 @@ bool unzip_llsd(LLSD& data, std::istream& is, S32 size) { LL_WARNS() << "Failed to unzip LLSD block: can't reallocate memory, current size: " << cur_size << " bytes; requested " << cur_size + have << " bytes." << LL_ENDL; inflateEnd(&strm); - free(result); delete[] in; return false; } @@ -2275,6 +2280,14 @@ U8* unzip_llsdNavMesh( bool& valid, unsigned int& outsize, std::istream& is, S32 U32 have = CHUNK-strm.avail_out; result = (U8*) realloc(result, cur_size + have); + if (result == NULL) + { + LL_WARNS() << "Failed to unzip LLSD NavMesh block: can't reallocate memory, current size: " << cur_size << " bytes; requested " << cur_size + have << " bytes." << LL_ENDL; + inflateEnd(&strm); + delete[] in; + valid = false; + return NULL; + } memcpy(result+cur_size, out, have); cur_size += have; -- cgit v1.2.3