From 012c44d556fb4765b3fa6294a765523c122d3d51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20M=C3=B6ller?= <m_moeller@live.de>
Date: Wed, 3 Jul 2024 22:44:03 +0200
Subject: [PATCH] Fix potential heapbuffer overflow in md5 parsing

---
 code/AssetLib/MD5/MD5Parser.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/code/AssetLib/MD5/MD5Parser.cpp b/code/AssetLib/MD5/MD5Parser.cpp
index 24882af7e..2de8d5033 100644
--- a/code/AssetLib/MD5/MD5Parser.cpp
+++ b/code/AssetLib/MD5/MD5Parser.cpp
@@ -234,8 +234,12 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
     AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
     if ('(' != **sz) {
         MD5Parser::ReportWarning("Unexpected token: ( was expected", linenumber);
+        if (*sz == bufferEnd)
+            return;
         ++*sz;
     }
+    if (*sz == bufferEnd)
+        return;
     ++*sz;
     AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
     *sz = fast_atoreal_move<float>(*sz, (float &)vec.x);
@@ -247,6 +251,8 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
     if (')' != **sz) {
         MD5Parser::ReportWarning("Unexpected token: ) was expected", linenumber);
     }
+    if (*sz == bufferEnd)
+        return;
     ++*sz;
 }