From 89fb672503d9dee4f18b11460f66d6c74ec190fd Mon Sep 17 00:00:00 2001
From: Andrey Kleshchev <andreykproductengine@lindenlab.com>
Date: Mon, 19 Oct 2020 21:45:36 +0300
Subject: SL-13599 Missing bounds checks in deserializer code

Pulled in and updated Rider's changes
---
 indra/llprimitive/llprimitive.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'indra/llprimitive/llprimitive.h')

diff --git a/indra/llprimitive/llprimitive.h b/indra/llprimitive/llprimitive.h
index b1f8112223..309b18faa9 100644
--- a/indra/llprimitive/llprimitive.h
+++ b/indra/llprimitive/llprimitive.h
@@ -330,8 +330,8 @@ struct LLTEContents
 {
 	static const U32 MAX_TES = 45;
 
-	U8     image_data[MAX_TES*16];
-	U8	  colors[MAX_TES*4];
+    LLUUID      image_data[MAX_TES];
+    LLColor4U   colors[MAX_TES];
 	F32    scale_s[MAX_TES];
 	F32    scale_t[MAX_TES];
 	S16    offset_s[MAX_TES];
@@ -423,7 +423,6 @@ public:
 
 	void copyTEs(const LLPrimitive *primitive);
 	S32 packTEField(U8 *cur_ptr, U8 *data_ptr, U8 data_size, U8 last_face_index, EMsgVariableType type) const;
-	S32 unpackTEField(U8 *cur_ptr, U8 *buffer_end, U8 *data_ptr, U8 data_size, U8 face_count, EMsgVariableType type);
 	BOOL packTEMessage(LLMessageSystem *mesgsys) const;
 	BOOL packTEMessage(LLDataPacker &dp) const;
 	S32 unpackTEMessage(LLMessageSystem* mesgsys, char const* block_name, const S32 block_num); // Variable num of blocks
-- 
cgit v1.2.3