Fix possible crash on llassert_always(purge_list.size() >= entries_to_purge)

This horrible noobish code checked if num_entries > sCacheMaxEntries and then goes on to assign (num_entries-empty_entries) - sCacheMaxEntries to an U32 entries_to_purge. Obviously this can lead to an abitrary large value of entries_to_purge with as result a crash due to the llassert_always. This bug must have been extremely rare since it only happens when someone decreases their cache size and has more empty entries in their entries file than the total number of entries minus the new cache size.
author: Aleric Inglewood 2010-10-25 16:02:36 +0200
committer: Aleric Inglewood 2010-10-25 16:02:36 +0200
commit: 17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e (patch)
tree: bb00d82b96d5cfc7c272c28deeeb00c0ec996592 /linden
parent: Validate textures starting with 00 too. (diff)
download: meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.zip
meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.tar.gz
meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.tar.bz2
meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.tar.xz
1 files changed, 9 insertions, 13 deletions
diff --git a/linden/indra/newview/lltexturecache.cpp b/linden/indra/newview/lltexturecache.cpp
index b0d8412..ae0a63f 100644
--- a/linden/indra/newview/lltexturecache.cpp
+++ b/linden/indra/newview/lltexturecache.cpp
@@ -1172,7 +1172,7 @@ void LLTextureCache::readHeaderCache()
                        U32 empty_entries = 0;
                        typedef std::pair<U32, LLUUID> lru_data_t;
                        std::set<lru_data_t> lru;
-                        std::vector<LLUUID> purge_list;
+                        std::set<LLUUID> purge_list;
                        for (U32 i=0; i<num_entries; i++)
                        {
                                Entry& entry = entries[i];
@@ -1191,27 +1191,23 @@ void LLTextureCache::readHeaderCache()
                                                {
                                                        // Shouldn't happen, failsafe only
                                                        llwarns << "Bad entry: " << i << ": " << entry.mID << ": BodySize: " << entry.mBodySize << llendl;
-                                                        purge_list.push_back(id);
+                                                        purge_list.insert(id);
                                                }
                                        }
                                }
                        }
-                        if (num_entries > sCacheMaxEntries)
+                        if (num_entries - empty_entries > sCacheMaxEntries)
                        {
                                // Special case: cache size was reduced, need to remove entries
                                // Note: After we prune entries, we will call this again and create the LRU
-                                U32 entries_to_purge = (num_entries-empty_entries) - sCacheMaxEntries;
+                                U32 entries_to_purge = (num_entries - empty_entries) - sCacheMaxEntries;
                                llinfos << "Texture Cache Entries: " << num_entries << " Max: " << sCacheMaxEntries << " Empty: " << empty_entries << " Purging: " << entries_to_purge << llendl;
-                                if (entries_to_purge > 0)
+                                // We can exit the following loop with the given condition, since if we'd reach the end of the lru set we'd have:
+                                // purge_list.size() = lru.size() = num_entries - empty_entries = entries_to_purge + sCacheMaxEntries >= entries_to_purge
+                                for (std::set<lru_data_t>::iterator iter = lru.begin(); purge_list.size() < entries_to_purge; ++iter)
                                {
-                                        for (std::set<lru_data_t>::iterator iter = lru.begin(); iter != lru.end(); ++iter)
+                                        purge_list.insert(iter->second);
-                                        {
-                                                purge_list.push_back(iter->second);
-                                                if (purge_list.size() >= entries_to_purge)
-                                                        break;
-                                        }
                                }
-                                llassert_always(purge_list.size() >= entries_to_purge);
                        }
                        else
                        {
@@ -1227,7 +1223,7 @@ void LLTextureCache::readHeaderCache()
                        
                        if (purge_list.size() > 0)
                        {
-                                for (std::vector<LLUUID>::iterator iter = purge_list.begin(); iter != purge_list.end(); ++iter)
+                                for (std::set<LLUUID>::iterator iter = purge_list.begin(); iter != purge_list.end(); ++iter)
                                {
                                        mHeaderMutex.unlock(); 
                                        removeFromCache(*iter);
author	Aleric Inglewood	2010-10-25 16:02:36 +0200
committer	Aleric Inglewood	2010-10-25 16:02:36 +0200
commit	17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e (patch)
tree	bb00d82b96d5cfc7c272c28deeeb00c0ec996592 /linden
parent	Validate textures starting with 00 too. (diff)
download	meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.zip meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.tar.gz meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.tar.bz2 meta-impy-17e2c3f8999d93bb59deb7ac0c289ed2157a3f5e.tar.xz