From 15ea200cfbd972139cefb74b9185700a44a978d0 Mon Sep 17 00:00:00 2001
From: Andrey Kleshchev <andreykproductengine@lindenlab.com>
Date: Sat, 25 Nov 2023 00:17:56 +0200
Subject: SL-18098 Crash inside unpackBinaryData

---
 indra/llmessage/lldatapacker.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'indra/llmessage/lldatapacker.cpp')

diff --git a/indra/llmessage/lldatapacker.cpp b/indra/llmessage/lldatapacker.cpp
index 9f7768f78e..b7013dbb6e 100644
--- a/indra/llmessage/lldatapacker.cpp
+++ b/indra/llmessage/lldatapacker.cpp
@@ -298,6 +298,13 @@ BOOL LLDataPackerBinaryBuffer::unpackBinaryData(U8 *value, S32 &size, const char
 	}
 
 	htolememcpy(&size, mCurBufferp, MVT_S32, 4);
+
+    if (size < 0)
+    {
+        LL_WARNS() << "LLDataPackerBinaryBuffer::unpackBinaryData unpacked invalid size, aborting!" << LL_ENDL;
+        return FALSE;
+    }
+
 	mCurBufferp += 4;
 
 	if (!verifyLength(size, name))
-- 
cgit v1.2.3