#4802 Handle KDU crashes

akleshchev · akleshchev · commit e6f0fc9a4113 · 2026-05-07T01:08:47.000+03:00
diff --git a/indra/llkdu/llimagej2ckdu.cpp b/indra/llkdu/llimagej2ckdu.cpp
@@ -174,6 +174,11 @@ class LLKDUDecodeState
     kdu_tile mTile;
     kdu_byte *mBuf;
     S32 mRowGap;
+
+    // wrappers
+    bool kduPullSafe(kdu_pull_ifc& engine, kdu_line_buf& line);
+    bool kduConvertYccSafe(kdu_line_buf& line0, kdu_line_buf& line1, kdu_line_buf& line2);
+
 };
 
 // Stuff for new kdu error handling
@@ -282,10 +287,16 @@ void LLImageJ2CKDU::setupCodeStream(LLImageJ2C &base, bool keep_codestream, ECod
 
     try
     {
-
         S32 data_size = base.getDataSize();
         S32 max_bytes = (base.getMaxBytes() ? base.getMaxBytes() : data_size);
 
+        // Data sanity checks
+        // 0 data size appears to be valid.
+        if (data_size < 0 || data_size > 128 * 1024 * 1024) // 128MB
+        {
+            LLTHROW(KDUError(STRINGIZE("Invalid data size: " << data_size)));
+        }
+
         //
         //  Initialization
         //
@@ -385,7 +396,8 @@ void LLImageJ2CKDU::setupCodeStream(LLImageJ2C &base, bool keep_codestream, ECod
     catch (std::bad_alloc&)
     {
         // we are in a thread, can't show an 'out of memory' here,
-        // main thread will keep going
+        // as main thread will keep going
+        // Todo: should cause main thread to stop and show an error.
         throw;
     }
     catch (...)
@@ -1302,6 +1314,11 @@ all necessary level shifting, type conversion, rounding and truncation. */
 LLKDUDecodeState::LLKDUDecodeState(kdu_tile tile, kdu_byte *buf, S32 row_gap,
                                    kdu_codestream* codestreamp)
 {
+    if (!buf)
+    {
+        LLTHROW(KDUError("Null buffer passed to LLKDUDecodeState"));
+    }
+
     S32 c;
 
     mTile = tile;
@@ -1311,6 +1328,11 @@ LLKDUDecodeState::LLKDUDecodeState(kdu_tile tile, kdu_byte *buf, S32 row_gap,
     mNumComponents = tile.get_num_components();
 
     llassert(mNumComponents <= 4);
+    if (mNumComponents <= 0 || mNumComponents > 4)
+    {
+        LL_WARNS() << "Invalid component count: " << mNumComponents << ", clamping to valid range" << LL_ENDL;
+        mNumComponents = llclamp(mNumComponents, 1, 4);
+    }
     mUseYCC = tile.get_ycc();
 
     for (c = 0; c < 4; ++c)
@@ -1383,14 +1405,27 @@ separation between consecutive rows in the real buffer. */
             LL_PROFILE_ZONE_NAMED_CATEGORY_TEXTURE("kduptc - pull");
             for (c = 0; c < mNumComponents; c++)
             {
-                mEngines[c].pull(mLines[c]);
+                if (!kduPullSafe(mEngines[c], mLines[c]))
+                {
+                    std::string error_message = "kdu's pull failed for component " +
+                        std::to_string(c) + " at position " +
+                        std::to_string(mTile.get_tile_idx().x) + "," + std::to_string(mTile.get_tile_idx().y);
+                    LLTHROW(KDUError(error_message));
+                    return false;
+                }
             }
         }
 
         if ((mNumComponents >= 3) && mUseYCC)
         {
             LL_PROFILE_ZONE_NAMED_CATEGORY_TEXTURE("kduptc - convert");
-            kdu_convert_ycc_to_rgb(mLines[0],mLines[1],mLines[2]);
+            if (!kduConvertYccSafe(mLines[0], mLines[1], mLines[2]))
+            {
+                std::string error_message = "kdu_convert_ycc_to_rgb() failed for tile at position " +
+                                            std::to_string(mTile.get_tile_idx().x) + "," + std::to_string(mTile.get_tile_idx().y);
+                LLTHROW(KDUError(error_message));
+                return false;
+            }
         }
 
         {
@@ -1412,6 +1447,42 @@ separation between consecutive rows in the real buffer. */
     return true;
 }
 
+bool LLKDUDecodeState::kduPullSafe(kdu_pull_ifc& engine, kdu_line_buf& line)
+{
+#ifdef LL_WINDOWS
+    __try
+    {
+        engine.pull(line);
+        return true;
+    }
+    __except (msc_exception_filter(GetExceptionCode(), GetExceptionInformation()))
+    {
+        return false;
+    }
+#else
+    engine.pull(line);
+    return true;
+#endif
+}
+
+bool LLKDUDecodeState::kduConvertYccSafe(kdu_line_buf& line0, kdu_line_buf& line1, kdu_line_buf& line2)
+{
+#ifdef LL_WINDOWS
+    __try
+    {
+        kdu_convert_ycc_to_rgb(line0, line1, line2);
+        return true;
+    }
+    __except (msc_exception_filter(GetExceptionCode(), GetExceptionInformation()))
+    {
+        return false;
+    }
+#else
+    kdu_convert_ycc_to_rgb(line0, line1, line2);
+    return true;
+#endif
+}
+
 // kdc_flow_control
 
 kdc_flow_control::kdc_flow_control (kdu_supp::kdu_image_in_base *img_in, kdu_codestream codestream)
