From d0ac1505a7aebc98219fb5f60f6bfb73df6586ec Mon Sep 17 00:00:00 2001 From: Andrey Kleshchev Date: Tue, 13 Apr 2021 00:40:00 +0300 Subject: SL-15102 Crash at load_face_from_dom_triangles --- indra/llprimitive/lldaeloader.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'indra/llprimitive/lldaeloader.cpp') diff --git a/indra/llprimitive/lldaeloader.cpp b/indra/llprimitive/lldaeloader.cpp index dfa29fb539..33e90555fa 100644 --- a/indra/llprimitive/lldaeloader.cpp +++ b/indra/llprimitive/lldaeloader.cpp @@ -198,6 +198,17 @@ LLModel::EModelStatus load_face_from_dom_triangles(std::vector& fa } LLVolumeFace::VertexMapData::PointMap point_map; + + if (idx_stride <= 0 + || (pos_source && pos_offset >= idx_stride) + || (tc_source && tc_offset >= idx_stride) + || (norm_source && norm_offset >= idx_stride)) + { + // Looks like these offsets should fit inside idx_stride + // Might be good idea to also check idx.getCount()%idx_stride != 0 + LL_WARNS() << "Invalid pos_offset " << pos_offset << ", tc_offset " << tc_offset << " or norm_offset " << norm_offset << LL_ENDL; + return LLModel::BAD_ELEMENT; + } for (U32 i = 0; i < idx.getCount(); i += idx_stride) { -- cgit v1.2.3