From d38bcb66217376745b0687f9002c8dd8267b5019 Mon Sep 17 00:00:00 2001
From: Graham Linden <graham@lindenlab.com>
Date: Mon, 16 Sep 2013 09:40:58 -0700
Subject: MAINT-2388 replace stomped fix to not crash when handed bogus model
 data

---
 indra/llprimitive/llmodel.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'indra/llprimitive')

diff --git a/indra/llprimitive/llmodel.cpp b/indra/llprimitive/llmodel.cpp
index e236f98fe6..4d93627116 100755
--- a/indra/llprimitive/llmodel.cpp
+++ b/indra/llprimitive/llmodel.cpp
@@ -238,6 +238,11 @@ LLModel::EModelStatus load_face_from_dom_triangles(std::vector<LLVolumeFace>& fa
 		{
 			// guard against model data specifiying out of range indices or norms
 			//
+			if (((i + pos_offset) > index_count)
+				|| ((idx[i+pos_offset]*3+2) > vertex_count))
+			{
+				return LLModel::BAD_ELEMENT;
+			}
 			if (((i + norm_offset) > index_count)
 				|| ((idx[i+norm_offset]*3+2) > norm_count))
 			{
-- 
cgit v1.2.3


From 0e3ad3e94b7a265c5ba035660c40557d73303dae Mon Sep 17 00:00:00 2001
From: Graham Linden <graham@lindenlab.com>
Date: Mon, 16 Sep 2013 12:11:58 -0700
Subject: MAINT-3153 fix potential mis-indexing in DAE loading checks

---
 indra/llprimitive/llmodel.cpp | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

(limited to 'indra/llprimitive')

diff --git a/indra/llprimitive/llmodel.cpp b/indra/llprimitive/llmodel.cpp
index 4d93627116..37f0bfcbb8 100755
--- a/indra/llprimitive/llmodel.cpp
+++ b/indra/llprimitive/llmodel.cpp
@@ -218,8 +218,9 @@ LLModel::EModelStatus load_face_from_dom_triangles(std::vector<LLVolumeFace>& fa
 		{
 			// guard against model data specifiying out of range indices or tcs
 			//
+			
 			if (((i + tc_offset) > index_count)
-			 || ((idx[i+pos_offset]*2+1) > tc_count))
+			 || ((idx[i+tc_offset]*2+1) > tc_count))
 			{
 				return LLModel::BAD_ELEMENT;
 			}
@@ -238,11 +239,6 @@ LLModel::EModelStatus load_face_from_dom_triangles(std::vector<LLVolumeFace>& fa
 		{
 			// guard against model data specifiying out of range indices or norms
 			//
-			if (((i + pos_offset) > index_count)
-				|| ((idx[i+pos_offset]*3+2) > vertex_count))
-			{
-				return LLModel::BAD_ELEMENT;
-			}
 			if (((i + norm_offset) > index_count)
 				|| ((idx[i+norm_offset]*3+2) > norm_count))
 			{
@@ -456,7 +452,7 @@ LLModel::EModelStatus load_face_from_dom_polylist(std::vector<LLVolumeFace>& fac
 			{
 				// guard against model data specifiying out of range indices or tcs
 				//
-				if (((i + pos_offset) > index_count)
+				if (((cur_idx + tc_offset) > index_count)
 				 || ((idx[cur_idx+tc_offset]*2+1) > tc_count))
 				{
 					return LLModel::BAD_ELEMENT;
@@ -476,7 +472,7 @@ LLModel::EModelStatus load_face_from_dom_polylist(std::vector<LLVolumeFace>& fac
 			{
 				// guard against model data specifiying out of range indices or norms
 				//
-				if (((i + pos_offset) > index_count)
+				if (((cur_idx + norm_offset) > index_count)
 				 || ((idx[cur_idx+norm_offset]*3+2) > norm_count))
 				{
 					return LLModel::BAD_ELEMENT;
-- 
cgit v1.2.3