From f75ea457c836d73d6bdbbeed77536c74c1482f29 Mon Sep 17 00:00:00 2001 From: AndreyL ProductEngine Date: Wed, 19 Oct 2016 01:12:52 +0300 Subject: MAINT-6818 Fix for LLImageBase::allocateData crash --- indra/llimage/llimage.cpp | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) (limited to 'indra/llimage') diff --git a/indra/llimage/llimage.cpp b/indra/llimage/llimage.cpp index f71607096c..43b6b3bcd6 100644 --- a/indra/llimage/llimage.cpp +++ b/indra/llimage/llimage.cpp @@ -705,18 +705,21 @@ void LLImageBase::deleteData() // virtual U8* LLImageBase::allocateData(S32 size) { + //make this function thread-safe. + static const U32 MAX_BUFFER_SIZE = 4096 * 4096 * 16; //256 MB + mBadBufferAllocation = false; + if (size < 0) { size = mWidth * mHeight * mComponents; if (size <= 0) { - LL_ERRS() << llformat("LLImageBase::allocateData called with bad dimensions: %dx%dx%d",mWidth,mHeight,(S32)mComponents) << LL_ENDL; + LL_WARNS() << llformat("LLImageBase::allocateData called with bad dimensions: %dx%dx%d",mWidth,mHeight,(S32)mComponents) << LL_ENDL; + mBadBufferAllocation = true; } - } - - //make this function thread-safe. - static const U32 MAX_BUFFER_SIZE = 4096 * 4096 * 16 ; //256 MB - if (size < 1 || size > MAX_BUFFER_SIZE) + } + + if (!mBadBufferAllocation && (size < 1 || size > MAX_BUFFER_SIZE)) { LL_INFOS() << "width: " << mWidth << " height: " << mHeight << " components: " << mComponents << LL_ENDL ; if(mAllowOverSize) @@ -725,25 +728,31 @@ U8* LLImageBase::allocateData(S32 size) } else { - LL_ERRS() << "LLImageBase::allocateData: bad size: " << size << LL_ENDL; + LL_WARNS() << "LLImageBase::allocateData: bad size: " << size << LL_ENDL; + mBadBufferAllocation = true; } } - if (!mData || size != mDataSize) + + if (!mBadBufferAllocation && (!mData || size != mDataSize)) { deleteData(); // virtual - mBadBufferAllocation = false ; mData = (U8*)ALLOCATE_MEM(sPrivatePoolp, size); if (!mData) { LL_WARNS() << "Failed to allocate image data size [" << size << "]" << LL_ENDL; - size = 0 ; - mWidth = mHeight = 0 ; - mBadBufferAllocation = true ; + mBadBufferAllocation = true; } - mDataSize = size; - claimMem(mDataSize); } + if (mBadBufferAllocation) + { + size = 0; + mWidth = mHeight = 0; + mData = NULL; + } + mDataSize = size; + claimMem(mDataSize); + return mData; } -- cgit v1.3 From a65b586b184d9837e0586b4df0d2e758ccce63f6 Mon Sep 17 00:00:00 2001 From: AndreyL ProductEngine Date: Thu, 8 Dec 2016 17:21:05 +0200 Subject: MAINT-6729 Additional fix for crash in LLImageGL::analyzeAlpha() --- indra/llimage/llimage.cpp | 2 +- indra/llimage/llimage.h | 2 +- indra/llrender/llimagegl.cpp | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) (limited to 'indra/llimage') diff --git a/indra/llimage/llimage.cpp b/indra/llimage/llimage.cpp index 43b6b3bcd6..a07ea14621 100644 --- a/indra/llimage/llimage.cpp +++ b/indra/llimage/llimage.cpp @@ -800,7 +800,7 @@ U8* LLImageBase::getData() return mData; } -bool LLImageBase::isBufferInvalid() +bool LLImageBase::isBufferInvalid() const { return mBadBufferAllocation || mData == NULL ; } diff --git a/indra/llimage/llimage.h b/indra/llimage/llimage.h index 9cc7431a9c..d0bd4a2aef 100644 --- a/indra/llimage/llimage.h +++ b/indra/llimage/llimage.h @@ -141,7 +141,7 @@ public: const U8 *getData() const ; U8 *getData() ; - bool isBufferInvalid() ; + bool isBufferInvalid() const; void setSize(S32 width, S32 height, S32 ncomponents); U8* allocateDataSize(S32 width, S32 height, S32 ncomponents, S32 size = -1); // setSize() + allocateData() diff --git a/indra/llrender/llimagegl.cpp b/indra/llrender/llimagegl.cpp index 81a5537f78..20cba68f84 100644 --- a/indra/llrender/llimagegl.cpp +++ b/indra/llrender/llimagegl.cpp @@ -1267,6 +1267,12 @@ BOOL LLImageGL::createGLTexture(S32 discard_level, const LLImageRaw* imageraw, S llassert(gGLManager.mInited); stop_glerror(); + if (!imageraw || imageraw->isBufferInvalid()) + { + LL_WARNS() << "Trying to create a texture from invalid image data" << LL_ENDL; + return FALSE; + } + if (discard_level < 0) { llassert(mCurrentDiscardLevel >= 0); -- cgit v1.3