From f7e7903105f7df053bf259542553cefc6a9a6b27 Mon Sep 17 00:00:00 2001
From: Nicky <nicky.dasmijn@posteo.nl>
Date: Wed, 10 Apr 2024 21:02:40 +0200
Subject: Fix ASAN errors from LLVector4a::memcpyNonAliased16

Found by running with -fsanitze=thread
Suggestion to avoid accessing invalid memory:

In both cases memory will be allocated by can be accessed beyond bounds.

In LLPolyMesh it can be off by at least one (+x%2). Though I am not even sure if even in best case it always will be a multiple of 16.

In LLViewerJointMesh::updateFaceData the code tries to account for padding by, but the allocation in LLPolyMeshSharedData::allocateVertexData is done without any padding. Thus the sizes must not match.

Replacing the calls with memcpy as a quick fix to see if the error goes away fixed address sanitzer complaining.

It is up to debate if memcpy is a good replacement. LLVector4a::memcpyNonAliased16 was invented for performance. But on the other hand one could argue that nowadays every stdlib maintainer will very heavily optmize functions like memcpy themselves and could take advantage of CPU features the old LL implementation does not take into account.

AVX comes to mind. In any case did I not measure any of this.
---
 indra/llappearance/llpolymesh.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'indra/llappearance/llpolymesh.cpp')

diff --git a/indra/llappearance/llpolymesh.cpp b/indra/llappearance/llpolymesh.cpp
index 97f9ca68b6..6bfb7456e8 100644
--- a/indra/llappearance/llpolymesh.cpp
+++ b/indra/llappearance/llpolymesh.cpp
@@ -981,7 +981,7 @@ void LLPolyMesh::initializeForMorph()
     LLVector4a::memcpyNonAliased16((F32*) mScaledNormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
     LLVector4a::memcpyNonAliased16((F32*) mBinormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
     LLVector4a::memcpyNonAliased16((F32*) mScaledBinormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
-    LLVector4a::memcpyNonAliased16((F32*) mTexCoords, (F32*) mSharedData->mTexCoords, sizeof(LLVector2) * (mSharedData->mNumVertices + mSharedData->mNumVertices%2));
+	memcpy((F32*) mTexCoords, (F32*) mSharedData->mTexCoords, sizeof(LLVector2) * (mSharedData->mNumVertices)); // allocated in LLPolyMeshSharedData::allocateVertexData
 
     for (S32 i = 0; i < mSharedData->mNumVertices; ++i)
     {
-- 
cgit v1.3


From f02a400134d83a12f43151c3dba32732bf88fd8c Mon Sep 17 00:00:00 2001
From: Andrey Lihatskiy <alihatskiy@productengine.com>
Date: Tue, 11 Mar 2025 05:38:26 +0200
Subject: Fix indentations to make pre-commit happy

---
 indra/llappearance/llpolymesh.cpp         | 2 +-
 indra/newview/llfloatercreatelandmark.cpp | 2 +-
 indra/newview/llviewerjointmesh.cpp       | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'indra/llappearance/llpolymesh.cpp')

diff --git a/indra/llappearance/llpolymesh.cpp b/indra/llappearance/llpolymesh.cpp
index 6bfb7456e8..719381b4fc 100644
--- a/indra/llappearance/llpolymesh.cpp
+++ b/indra/llappearance/llpolymesh.cpp
@@ -981,7 +981,7 @@ void LLPolyMesh::initializeForMorph()
     LLVector4a::memcpyNonAliased16((F32*) mScaledNormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
     LLVector4a::memcpyNonAliased16((F32*) mBinormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
     LLVector4a::memcpyNonAliased16((F32*) mScaledBinormals, (F32*) mSharedData->mBaseNormals, sizeof(LLVector4a) * mSharedData->mNumVertices);
-	memcpy((F32*) mTexCoords, (F32*) mSharedData->mTexCoords, sizeof(LLVector2) * (mSharedData->mNumVertices)); // allocated in LLPolyMeshSharedData::allocateVertexData
+    memcpy((F32*) mTexCoords, (F32*) mSharedData->mTexCoords, sizeof(LLVector2) * (mSharedData->mNumVertices)); // allocated in LLPolyMeshSharedData::allocateVertexData
 
     for (S32 i = 0; i < mSharedData->mNumVertices; ++i)
     {
diff --git a/indra/newview/llfloatercreatelandmark.cpp b/indra/newview/llfloatercreatelandmark.cpp
index 5d525407fd..de84ce0e00 100644
--- a/indra/newview/llfloatercreatelandmark.cpp
+++ b/indra/newview/llfloatercreatelandmark.cpp
@@ -297,7 +297,7 @@ void LLFloaterCreateLandmark::onCreateFolderClicked()
 
 void LLFloaterCreateLandmark::folderCreatedCallback(LLUUID folder_id)
 {
-	populateFoldersList(folder_id);
+    populateFoldersList(folder_id);
 }
 
 void LLFloaterCreateLandmark::onSaveClicked()
diff --git a/indra/newview/llviewerjointmesh.cpp b/indra/newview/llviewerjointmesh.cpp
index 54b6c29e31..da7ad71336 100644
--- a/indra/newview/llviewerjointmesh.cpp
+++ b/indra/newview/llviewerjointmesh.cpp
@@ -407,10 +407,10 @@ void LLViewerJointMesh::updateFaceData(LLFace *face, F32 pixel_area, bool damp_w
                 F32* vw = (F32*) vertex_weightsp.get();
                 F32* cw = (F32*) clothing_weightsp.get();
 
-				//S32 tc_size = (num_verts*2*sizeof(F32)+0xF) & ~0xF;
-				//LLVector4a::memcpyNonAliased16(tc, (F32*) mMesh->getTexCoords(), tc_size);
-				//S32 vw_size = (num_verts*sizeof(F32)+0xF) & ~0xF;
-				//LLVector4a::memcpyNonAliased16(vw, (F32*) mMesh->getWeights(), vw_size);
+                //S32 tc_size = (num_verts*2*sizeof(F32)+0xF) & ~0xF;
+                //LLVector4a::memcpyNonAliased16(tc, (F32*) mMesh->getTexCoords(), tc_size);
+                //S32 vw_size = (num_verts*sizeof(F32)+0xF) & ~0xF;
+                //LLVector4a::memcpyNonAliased16(vw, (F32*) mMesh->getWeights(), vw_size);
 
                 // Both allocated in LLPolyMeshSharedData::allocateVertexData(unsigned int)
 
-- 
cgit v1.3


From 03690724188cb3fef1c2efed0f5626c93096ec2d Mon Sep 17 00:00:00 2001
From: Andrey Kleshchev <117672381+akleshchev@users.noreply.github.com>
Date: Mon, 20 Oct 2025 19:57:25 +0300
Subject: #4861 Crash at LLVolumeFace::createOctree

Looks like LLRiggedVolume::update goes out of bounds when selecting a face
---
 indra/llappearance/llpolymesh.cpp | 1 +
 indra/newview/llvovolume.cpp      | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'indra/llappearance/llpolymesh.cpp')

diff --git a/indra/llappearance/llpolymesh.cpp b/indra/llappearance/llpolymesh.cpp
index 719381b4fc..d5323e0b84 100644
--- a/indra/llappearance/llpolymesh.cpp
+++ b/indra/llappearance/llpolymesh.cpp
@@ -283,6 +283,7 @@ bool LLPolyMeshSharedData::loadMesh( const std::string& fileName )
         LLFILE* fp = LLFile::fopen(fileName, "rb");                     /*Flawfinder: ignore*/
         if (!fp)
         {
+                LLError::LLUserWarningMsg::showMissingFiles();
                 LL_ERRS() << "can't open: " << fileName << LL_ENDL;
                 return false;
         }
diff --git a/indra/newview/llvovolume.cpp b/indra/newview/llvovolume.cpp
index 2370b948ef..aa230f4636 100644
--- a/indra/newview/llvovolume.cpp
+++ b/indra/newview/llvovolume.cpp
@@ -5025,7 +5025,7 @@ void LLRiggedVolume::update(
     else
     {
         face_begin = face_index;
-        face_end = face_begin + 1;
+        face_end = llmin(face_begin + 1, volume->getNumVolumeFaces());
     }
     for (S32 i = face_begin; i < face_end; ++i)
     {
-- 
cgit v1.3