From e9288e8112d663cb3bea644071adf3b2471ef5f4 Mon Sep 17 00:00:00 2001 From: Andrey Kleshchev Date: Sat, 16 Jul 2022 02:21:13 +0300 Subject: SL-17473 Viewer not clearing all Vertex Buffers #2 --- indra/newview/llworld.cpp | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'indra/newview/llworld.cpp') diff --git a/indra/newview/llworld.cpp b/indra/newview/llworld.cpp index 8abb49fba8..5d6e8611a7 100644 --- a/indra/newview/llworld.cpp +++ b/indra/newview/llworld.cpp @@ -93,7 +93,7 @@ LLWorld::LLWorld() : mLastPacketsLost(0), mSpaceTimeUSec(0) { - for (S32 i = 0; i < 8; i++) + for (S32 i = 0; i < EDGE_WATER_OBJECTS_COUNT; i++) { mEdgeWaterObjects[i] = NULL; } @@ -126,7 +126,7 @@ void LLWorld::resetClass() LLViewerPartSim::getInstance()->destroyClass(); mDefaultWaterTexturep = NULL ; - for (S32 i = 0; i < 8; i++) + for (S32 i = 0; i < EDGE_WATER_OBJECTS_COUNT; i++) { mEdgeWaterObjects[i] = NULL; } @@ -753,6 +753,8 @@ void LLWorld::clearAllVisibleObjects() //clear all cached visible objects. (*iter)->clearCachedVisibleObjects(); } + clearHoleWaterObjects(); + clearEdgeWaterObjects(); } void LLWorld::updateParticles() @@ -923,7 +925,7 @@ void LLWorld::precullWaterObjects(LLCamera& camera, LLCullResult* cull, bool inc } S32 dir; - for (dir = 0; dir < 8; dir++) + for (dir = 0; dir < EDGE_WATER_OBJECTS_COUNT; dir++) { LLVOWater* waterp = mEdgeWaterObjects[dir]; if (waterp && waterp->mDrawable) @@ -934,6 +936,26 @@ void LLWorld::precullWaterObjects(LLCamera& camera, LLCullResult* cull, bool inc } } +void LLWorld::clearHoleWaterObjects() +{ + for (std::list >::iterator iter = mHoleWaterObjects.begin(); + iter != mHoleWaterObjects.end(); ++iter) + { + LLVOWater* waterp = (*iter).get(); + gObjectList.killObject(waterp); + } + mHoleWaterObjects.clear(); +} + +void LLWorld::clearEdgeWaterObjects() +{ + for (S32 i = 0; i < EDGE_WATER_OBJECTS_COUNT; i++) + { + gObjectList.killObject(mEdgeWaterObjects[i]); + mEdgeWaterObjects[i] = NULL; + } +} + void LLWorld::updateWaterObjects() { if (!gAgent.getRegion()) @@ -977,13 +999,7 @@ void LLWorld::updateWaterObjects() } } - for (std::list >::iterator iter = mHoleWaterObjects.begin(); - iter != mHoleWaterObjects.end(); ++ iter) - { - LLVOWater* waterp = (*iter).get(); - gObjectList.killObject(waterp); - } - mHoleWaterObjects.clear(); + clearHoleWaterObjects(); // Use the water height of the region we're on for areas where there is no region F32 water_height = gAgent.getRegion()->getWaterHeight(); @@ -1024,7 +1040,7 @@ void LLWorld::updateWaterObjects() (S32)(512 - (region_y - min_y)) }; S32 dir; - for (dir = 0; dir < 8; dir++) + for (dir = 0; dir < EDGE_WATER_OBJECTS_COUNT; dir++) { S32 dim[2] = { 0 }; switch (gDirAxes[dir][0]) -- cgit v1.2.3 From a15410468b49125af36672fa20845da65f216dcc Mon Sep 17 00:00:00 2001 From: Rye Mutt Date: Wed, 19 Oct 2022 19:42:14 -0400 Subject: Fix use after free in LLWorld::removeRegion --- indra/newview/llworld.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'indra/newview/llworld.cpp') diff --git a/indra/newview/llworld.cpp b/indra/newview/llworld.cpp index 8abb49fba8..95cb98cad2 100644 --- a/indra/newview/llworld.cpp +++ b/indra/newview/llworld.cpp @@ -293,13 +293,13 @@ void LLWorld::removeRegion(const LLHost &host) mRegionRemovedSignal(regionp); - delete regionp; - updateWaterObjects(); //double check all objects of this region are removed. gObjectList.clearAllMapObjectsInRegion(regionp) ; //llassert_always(!gObjectList.hasMapObjectInRegion(regionp)) ; + + delete regionp; // Delete last to prevent use after free } -- cgit v1.2.3