livie
/
phoenix-firestorm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix buffer overflow from using memcpyNonAliased16 on incorrectly sized data; by Cinder Roxley

Ansariel 2014-08-26 21:54:56 +02:00
parent 7d92321c3c
commit b29018fbaf
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
indra/llappearance/llpolymesh.cpp
View File

@ -980,7 +980,10 @@ void LLPolyMesh::initializeForMorph()
LLVector4a::memcpyNonAliased16((F32*) mScaledNormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
LLVector4a::memcpyNonAliased16((F32*) mBinormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
LLVector4a::memcpyNonAliased16((F32*) mScaledBinormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
LLVector4a::memcpyNonAliased16((F32*) mTexCoords, (F32*) mSharedData->mTexCoords, sizeof(LLVector2) * (mSharedData->mNumVertices + mSharedData->mNumVertices%2));
// <FS> Fix buffer overflow from using memcpyNonAliased16 on incorrectly sized data; by Cinder Roxley
//LLVector4a::memcpyNonAliased16((F32*) mTexCoords, (F32*) mSharedData->mTexCoords, sizeof(LLVector2) * (mSharedData->mNumVertices + mSharedData->mNumVertices%2));
memcpy(mTexCoords, mSharedData->mTexCoords, sizeof(LLVector2) * mSharedData->mNumVertices);
// </FS>
for (U32 i = 0; i < mSharedData->mNumVertices; ++i)
{

8
indra/newview/llviewerjointmesh.cpp
View File

@ -442,8 +442,12 @@ void LLViewerJointMesh::updateFaceData(LLFace *face, F32 pixel_area, BOOL damp_w
S32 tc_size = (num_verts*2*sizeof(F32)+0xF) & ~0xF;
LLVector4a::memcpyNonAliased16(tc, (F32*) mMesh->getTexCoords(), tc_size);
S32 vw_size = (num_verts*sizeof(F32)+0xF) & ~0xF;
LLVector4a::memcpyNonAliased16(vw, (F32*) mMesh->getWeights(), vw_size);
// <FS> Fix buffer overflow from using memcpyNonAliased16 on incorrectly sized data; by Cinder Roxley
//S32 vw_size = (num_verts*sizeof(F32)+0xF) & ~0xF;
//LLVector4a::memcpyNonAliased16(vw, (F32*) mMesh->getWeights(), vw_size);
S32 vw_size = (num_verts*sizeof(F32));
memcpy(vw, (F32*) mMesh->getWeights(), vw_size);
// </FS>
LLVector4a::memcpyNonAliased16(cw, (F32*) mMesh->getClothingWeights(), num_verts*4*sizeof(F32));
}