Merge pull request #14848 from AndrewMeadows/trust-the-packet-0.79

Case 20958: fix crash for incorrect parsing of AvatarEntity data, for 0.79.0
2025-04-19 03:57:04 +02:00 · 2019-02-05 09:18:29 -08:00 · 2019-02-05 09:18:29 -08:00 · f82fed98e5
commit f82fed98e5
parent d2707ee03d 5f3e3309b8
1 changed files with 0 additions and 27 deletions
--- a/libraries/octree/src/OctreePacketData.cpp
+++ b/libraries/octree/src/OctreePacketData.cpp
@ -729,12 +729,6 @@ int OctreePacketData::unpackDataFromBytes(const unsigned char *dataBytes, QVecto
    uint16_t length;
    memcpy(&length, dataBytes, sizeof(uint16_t));
    dataBytes += sizeof(length);
-
-    // FIXME - this size check is wrong if we allow larger packets
-    if (length * sizeof(glm::vec3) > MAX_OCTREE_UNCOMRESSED_PACKET_SIZE) {
-        result.resize(0);
-        return sizeof(uint16_t);
-    }
    result.resize(length);
    memcpy(result.data(), dataBytes, length * sizeof(glm::vec3));
    return sizeof(uint16_t) + length * sizeof(glm::vec3);
@ -744,14 +738,7 @@ int OctreePacketData::unpackDataFromBytes(const unsigned char *dataBytes, QVecto
    uint16_t length;
    memcpy(&length, dataBytes, sizeof(uint16_t));
    dataBytes += sizeof(length);
-
-    // FIXME - this size check is wrong if we allow larger packets
-    if (length * sizeof(glm::quat) > MAX_OCTREE_UNCOMRESSED_PACKET_SIZE) {
-        result.resize(0);
-        return sizeof(uint16_t);
-    }
    result.resize(length);
-
    const unsigned char *start = dataBytes;
    for (int i = 0; i < length; i++) {
        dataBytes += unpackOrientationQuatFromBytes(dataBytes, result[i]);
@ -764,12 +751,6 @@ int OctreePacketData::unpackDataFromBytes(const unsigned char* dataBytes, QVecto
    uint16_t length;
    memcpy(&length, dataBytes, sizeof(uint16_t));
    dataBytes += sizeof(length);
-
-    // FIXME - this size check is wrong if we allow larger packets
-    if (length * sizeof(float) > MAX_OCTREE_UNCOMRESSED_PACKET_SIZE) {
-        result.resize(0);
-        return sizeof(uint16_t);
-    }
    result.resize(length);
    memcpy(result.data(), dataBytes, length * sizeof(float));
    return sizeof(uint16_t) + length * sizeof(float);
@ -779,14 +760,7 @@ int OctreePacketData::unpackDataFromBytes(const unsigned char* dataBytes, QVecto
    uint16_t length;
    memcpy(&length, dataBytes, sizeof(uint16_t));
    dataBytes += sizeof(length);
-
-    // FIXME - this size check is wrong if we allow larger packets
-    if (length / 8 > MAX_OCTREE_UNCOMRESSED_PACKET_SIZE) {
-        result.resize(0);
-        return sizeof(uint16_t);
-    }
    result.resize(length);
-
    int bit = 0;
    unsigned char current = 0;
    const unsigned char *start = dataBytes;
@ -797,7 +771,6 @@ int OctreePacketData::unpackDataFromBytes(const unsigned char* dataBytes, QVecto
        result[i] = (bool)(current & (1 << bit));
        bit = (bit + 1) % BITS_IN_BYTE;
    }
-
    return (dataBytes - start) + (int)sizeof(uint16_t);
 }