From 18fa2e6471fe25036341f0375a2f4d4887c8c378 Mon Sep 17 00:00:00 2001
From: Kitty Barnett <develop@catznip.com>
Date: Thu, 12 Oct 2017 22:55:15 +0200
Subject: MAINT-7081 [FIXED] Access (write) violation / buffer overrun in
 LLTextureFetchWorker::doWork()

The trouble lines are:
			U8 * buffer = (U8 *) ALLOCATE_MEM(LLImageBase::getPrivatePool(), total_size);
			if (cur_size > 0)
			{
				memcpy(buffer, mFormattedImage->getData(), cur_size);
			}

If 'cur_size > mHttpReplyOffset + append_size' then 'total_size -= src_offset' will cause
total_size to be smaller than cur_size causing a write access violation on the memcpy.

Since the response is invalid it seemed best to make it follow the other failed partial condition.
(transplanted from 737e28ec6b4d74f3ff915a4effc13d7b615a6a9b)
---
 doc/contributions.txt | 1 +
 1 file changed, 1 insertion(+)

(limited to 'doc')

diff --git a/doc/contributions.txt b/doc/contributions.txt
index dabae001a3..5307c5345c 100755
--- a/doc/contributions.txt
+++ b/doc/contributions.txt
@@ -825,6 +825,7 @@ Kitty Barnett
 	MAINT-6568
 	STORM-2149
 	MAINT-7581
+	MAINT-7081
 Kolor Fall
 Komiko Okamoto
 Korvel Noh
-- 
cgit v1.2.3