From c81c15b74137e1471c6c1d95c421d3d69fe99fd4 Mon Sep 17 00:00:00 2001
From: Andrey Kleshchev <andreykproductengine@lindenlab.com>
Date: Thu, 23 Nov 2023 21:22:02 +0200
Subject: [PATCH] SL-18875 Crash at LLModel::writeModel

Looks like a crash iterating over
weight_list& weights = model[idx]->getJointInfluences(pos);
---
 indra/llprimitive/llmodel.cpp | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/indra/llprimitive/llmodel.cpp b/indra/llprimitive/llmodel.cpp
index fbd97b3de76..153b9a1d230 100644
--- a/indra/llprimitive/llmodel.cpp
+++ b/indra/llprimitive/llmodel.cpp
@@ -997,7 +997,12 @@ LLModel::weight_list& LLModel::getJointInfluences(const LLVector3& pos)
 	weight_map::iterator iterPos = mSkinWeights.begin();
 	weight_map::iterator iterEnd = mSkinWeights.end();
 
-    llassert(!mSkinWeights.empty());
+    if (mSkinWeights.empty())
+    {
+        // function calls iter->second on all return paths
+        // everything that calls this function should precheck that there is data.
+        LL_ERRS() << "called getJointInfluences with empty weights list" << LL_ENDL;
+    }
 	
 	for ( ; iterPos!=iterEnd; ++iterPos )
 	{
@@ -1024,11 +1029,16 @@ LLModel::weight_list& LLModel::getJointInfluences(const LLVector3& pos)
 		const F32 epsilon = 1e-5f;
 		weight_map::iterator iter_up = mSkinWeights.lower_bound(pos);
 		weight_map::iterator iter_down = iter_up;
-		if (iter_up != mSkinWeights.end())
-		{
-			iter_down = ++iter_up;
-		}
-		weight_map::iterator best = iter_up;
+        weight_map::iterator best = iter_up;
+        if (iter_up != mSkinWeights.end())
+        {
+            iter_down = ++iter_up;
+        }
+        else
+        {
+            // Assumes that there is at least one element
+            --best;
+        }
 
 		F32 min_dist = (iter->first - pos).magVec();
 
-- 
GitLab