From 26976b715d86977693cae790374a7184fb63245b Mon Sep 17 00:00:00 2001
From: Shyotl <Shyotl@gmail.com>
Date: Sun, 15 Mar 2020 00:46:57 -0500
Subject: [PATCH] Fixup minor use after free issues, and improper mutex usage
 in meshrepo. Also fixed some compiler warnings.

---
 indra/llcommon/llsd.cpp                 |  2 +-
 indra/llmessage/llavatarnamecache.cpp   |  2 +-
 indra/newview/llfloatermodelpreview.cpp | 37 +++++++++++++------------
 indra/newview/llmaterialmgr.cpp         | 12 ++++----
 indra/newview/llmeshrepository.cpp      |  9 ++++--
 indra/newview/llsurface.cpp             |  2 +-
 6 files changed, 35 insertions(+), 29 deletions(-)

diff --git a/indra/llcommon/llsd.cpp b/indra/llcommon/llsd.cpp
index 111973756..3883b7e8e 100644
--- a/indra/llcommon/llsd.cpp
+++ b/indra/llcommon/llsd.cpp
@@ -936,7 +936,7 @@ static const char *llsd_dump(const LLSD &llsd, bool useXMLFormat)
 			out << LLSDNotationStreamer(llsd);
 		out_string = out.str();
 	}
-	int len = out_string.length();
+	size_t len = out_string.length();
 	sStorage = new char[len + 1];
 	memcpy(sStorage, out_string.c_str(), len);
 	sStorage[len] = '\0';
diff --git a/indra/llmessage/llavatarnamecache.cpp b/indra/llmessage/llavatarnamecache.cpp
index be364a3bd..9fb2c978b 100644
--- a/indra/llmessage/llavatarnamecache.cpp
+++ b/indra/llmessage/llavatarnamecache.cpp
@@ -335,7 +335,7 @@ void LLAvatarNameCache::requestNamesViaCapability()
 	while(!sAskQueue.empty())
 	{
 		it = sAskQueue.begin();
-		const LLUUID& agent_id = *it;
+		const LLUUID agent_id = *it;
 		sAskQueue.erase(it);
 
 		if (url.empty())
diff --git a/indra/newview/llfloatermodelpreview.cpp b/indra/newview/llfloatermodelpreview.cpp
index 095d01e40..dc73d0860 100644
--- a/indra/newview/llfloatermodelpreview.cpp
+++ b/indra/newview/llfloatermodelpreview.cpp
@@ -4405,24 +4405,27 @@ bool LLModelPreview::lodQueryCallback()
     // not the best solution, but model preview belongs to floater
     // so it is an easy way to check that preview still exists.
     LLFloaterModelPreview* fmp = LLFloaterModelPreview::sInstance;
-    if (fmp && fmp->mModelPreview)
-    {
-        LLModelPreview* preview = fmp->mModelPreview;
-        if (preview->mLodsQuery.size() > 0)
-        {
-            S32 lod = preview->mLodsQuery.back();
-            preview->mLodsQuery.pop_back();
-            preview->genLODs(lod);
-
-            // return false to continue cycle
-            return false;
-        }
-    }
-
-	for (U32 lod = 0; lod < NUM_LOD; ++lod)
+	if (fmp)
 	{
-		LLIconCtrl* icon = fmp->getChild<LLIconCtrl>(lod_icon_name[lod]);
-		icon->setVisible(true);
+		if (fmp->mModelPreview)
+		{
+			LLModelPreview* preview = fmp->mModelPreview;
+			if (preview->mLodsQuery.size() > 0)
+			{
+				S32 lod = preview->mLodsQuery.back();
+				preview->mLodsQuery.pop_back();
+				preview->genLODs(lod);
+
+				// return false to continue cycle
+				return false;
+			}
+		}
+
+		for (U32 lod = 0; lod < NUM_LOD; ++lod)
+		{
+			LLIconCtrl* icon = fmp->getChild<LLIconCtrl>(lod_icon_name[lod]);
+			icon->setVisible(true);
+		}
 	}
 	
     // nothing to process
diff --git a/indra/newview/llmaterialmgr.cpp b/indra/newview/llmaterialmgr.cpp
index f6655c8fe..7ccded788 100644
--- a/indra/newview/llmaterialmgr.cpp
+++ b/indra/newview/llmaterialmgr.cpp
@@ -134,7 +134,7 @@ LLMaterialMgr::~LLMaterialMgr()
 bool LLMaterialMgr::isGetPending(const LLUUID& region_id, const LLMaterialID& material_id) const
 {
 	get_pending_map_t::const_iterator itPending = mGetPending.find(pending_material_t(region_id, material_id));
-	return (mGetPending.end() != itPending) && (LLFrameTimer::getTotalSeconds() < itPending->second + MATERIALS_POST_TIMEOUT);
+	return (mGetPending.end() != itPending) && (LLFrameTimer::getTotalSeconds() < itPending->second + F64(MATERIALS_POST_TIMEOUT));
 }
 
 void LLMaterialMgr::markGetPending(const LLUUID& region_id, const LLMaterialID& material_id)
@@ -270,7 +270,7 @@ boost::signals2::connection LLMaterialMgr::getTE(const LLUUID& region_id, const
 bool LLMaterialMgr::isGetAllPending(const LLUUID& region_id) const
 {
 	getall_pending_map_t::const_iterator itPending = mGetAllPending.find(region_id);
-	return (mGetAllPending.end() != itPending) && (LLFrameTimer::getTotalSeconds() < itPending->second + MATERIALS_GET_TIMEOUT);
+	return (mGetAllPending.end() != itPending) && (LLFrameTimer::getTotalSeconds() < itPending->second + F64(MATERIALS_GET_TIMEOUT));
 }
 
 void LLMaterialMgr::getAll(const LLUUID& region_id)
@@ -583,7 +583,7 @@ void LLMaterialMgr::processGetQueue()
 	{
 		get_queue_t::iterator itRegionQueue = loopRegionQueue++;
 
-		const LLUUID& region_id = itRegionQueue->first;
+		const LLUUID region_id = itRegionQueue->first;
 		if (isGetAllPending(region_id))
 		{
 			continue;
@@ -621,12 +621,12 @@ void LLMaterialMgr::processGetQueue()
 		material_queue_t& materials = itRegionQueue->second;
 		U32 max_entries = regionp->getMaxMaterialsPerTransaction();
 		material_queue_t::iterator loopMaterial = materials.begin();
-		while ( (materials.end() != loopMaterial) && (materialsData.size() < (int)max_entries) )
+		while ( (materials.end() != loopMaterial) && ((U32)materialsData.size() < max_entries) )
 		{
 			material_queue_t::iterator itMaterial = loopMaterial++;
 			materialsData.append((*itMaterial).asLLSD());
-			materials.erase(itMaterial);
 			markGetPending(region_id, *itMaterial);
+			materials.erase(itMaterial);
 		}
 		if (materials.empty())
 		{
@@ -727,7 +727,7 @@ void LLMaterialMgr::processPutQueue()
 		facematerial_map_t& face_map = itQueue->second;
 				U32 max_entries = regionp->getMaxMaterialsPerTransaction();
 		facematerial_map_t::iterator itFace = face_map.begin();
-				while ( (face_map.end() != itFace) && (facesData.size() < (int)max_entries) )
+				while ( (face_map.end() != itFace) && ((U32)facesData.size() < max_entries) )
 		{
 			LLSD faceData = LLSD::emptyMap();
 			faceData[MATERIALS_CAP_FACE_FIELD] = static_cast<LLSD::Integer>(itFace->first);
diff --git a/indra/newview/llmeshrepository.cpp b/indra/newview/llmeshrepository.cpp
index a21a500aa..55901ea85 100644
--- a/indra/newview/llmeshrepository.cpp
+++ b/indra/newview/llmeshrepository.cpp
@@ -742,10 +742,13 @@ void LLMeshRepoThread::lockAndLoadMeshLOD(const LLVolumeParams& mesh_params, S32
 
 void LLMeshRepoThread::loadMeshLOD(const LLVolumeParams& mesh_params, S32 lod)
 { //could be called from any thread
+	std::unique_lock<LLMutex> header_lock(*mHeaderMutex);
+	bool exists = mMeshHeader.find(mesh_params.getSculptID()) != mMeshHeader.end();
+	header_lock.unlock();
 	LLMutexLock lock(mMutex);
-	mesh_header_map::iterator iter = mMeshHeader.find(mesh_params.getSculptID());
-	if (iter != mMeshHeader.end())
-	{ //if we have the header, request LOD byte range
+	if (exists)
+	{
+		//if we have the header, request LOD byte range
 		gMeshRepo.mThread->pushLODRequest(mesh_params, lod, 0.f);
 		LLMeshRepository::sLODProcessing++;
 	}
diff --git a/indra/newview/llsurface.cpp b/indra/newview/llsurface.cpp
index 9e8d69f08..3447b81e2 100644
--- a/indra/newview/llsurface.cpp
+++ b/indra/newview/llsurface.cpp
@@ -596,7 +596,7 @@ BOOL LLSurface::idleUpdate(F32 max_update_time)
 
 	// Always call updateNormals() / updateVerticalStats()
 	//  every frame to avoid artifacts
-	for (auto& it = mDirtyPatchList.cbegin(); it != mDirtyPatchList.cend();)
+	for (auto it = mDirtyPatchList.cbegin(); it != mDirtyPatchList.cend();)
 	{
 		if (it->second.expired())
 		{