From 654ae3af4e7bc28f306416a7a36fe9bf3068ded8 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turol@iki.fi>
Date: Wed, 24 Aug 2022 10:42:01 +0300
Subject: [PATCH 1/3] Fix out of bounds access in X3D loader

---
 code/AssetLib/X3D/X3DImporter_Geometry2D.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp b/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
index 8d0f5bad9..d8551de35 100644
--- a/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
+++ b/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
@@ -274,10 +274,10 @@ void X3DImporter::readDisk2D(XmlNode &node) {
             }
 
             // add last quad
-            vlist.push_back(*tlist_i.end()); // 1st point
-            vlist.push_back(*tlist_o.end()); // 2nd point
-            vlist.push_back(*tlist_o.begin()); // 3rd point
-            vlist.push_back(*tlist_o.begin()); // 4th point
+            vlist.push_back(tlist_i.back()); // 1st point
+            vlist.push_back(tlist_o.back()); // 2nd point
+            vlist.push_back(tlist_o.front()); // 3rd point
+            vlist.push_back(tlist_o.front()); // 4th point
 
             ((X3DNodeElementGeometry2D *)ne)->NumIndices = 4;
         }

From 0d8723a3eba772a8f5b3f673b9a4d3f298c6a806 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turol@iki.fi>
Date: Wed, 24 Aug 2022 10:43:40 +0300
Subject: [PATCH 2/3] Add FIXME comment

---
 code/AssetLib/X3D/X3DImporter_Geometry2D.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp b/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
index d8551de35..eda0f4f78 100644
--- a/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
+++ b/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
@@ -276,6 +276,7 @@ void X3DImporter::readDisk2D(XmlNode &node) {
             // add last quad
             vlist.push_back(tlist_i.back()); // 1st point
             vlist.push_back(tlist_o.back()); // 2nd point
+            // FIXME: one of these should probably be tlist_i.front()
             vlist.push_back(tlist_o.front()); // 3rd point
             vlist.push_back(tlist_o.front()); // 4th point
 

From 659195d852938a21b469e6ef2fed3f65c6cd02b1 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Wed, 24 Aug 2022 11:17:10 +0200
Subject: [PATCH 3/3] Fix the fixme

- Based on the implementation in top of the last one I guess I know how to fix that.
- Replacing push_back by emplace_back
---
 code/AssetLib/X3D/X3DImporter_Geometry2D.cpp | 25 ++++++++++----------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp b/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
index eda0f4f78..661202a8c 100644
--- a/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
+++ b/code/AssetLib/X3D/X3DImporter_Geometry2D.cpp
@@ -2,8 +2,7 @@
 Open Asset Import Library (assimp)
 ----------------------------------------------------------------------
 
-Copyright (c) 2006-2019, assimp team
-
+Copyright (c) 2006-2022, assimp team
 
 All rights reserved.
 
@@ -262,23 +261,25 @@ void X3DImporter::readDisk2D(XmlNode &node) {
             //
             // create quad list from two point lists
             //
-            if (tlist_i.size() < 2) throw DeadlyImportError("Disk2D. Not enough points for creating quad list."); // tlist_i and tlist_o has equal size.
+            if (tlist_i.size() < 2) {
+                // tlist_i and tlist_o has equal size.
+                throw DeadlyImportError("Disk2D. Not enough points for creating quad list."); 
+            }
 
             // add all quads except last
             for (std::list<aiVector3D>::iterator it_i = tlist_i.begin(), it_o = tlist_o.begin(); it_i != tlist_i.end();) {
                 // do not forget - CCW direction
-                vlist.push_back(*it_i++); // 1st point
-                vlist.push_back(*it_o++); // 2nd point
-                vlist.push_back(*it_o); // 3rd point
-                vlist.push_back(*it_i); // 4th point
+                vlist.emplace_back(*it_i++); // 1st point
+                vlist.emplace_back(*it_o++); // 2nd point
+                vlist.emplace_back(*it_o); // 3rd point
+                vlist.emplace_back(*it_i); // 4th point
             }
 
             // add last quad
-            vlist.push_back(tlist_i.back()); // 1st point
-            vlist.push_back(tlist_o.back()); // 2nd point
-            // FIXME: one of these should probably be tlist_i.front()
-            vlist.push_back(tlist_o.front()); // 3rd point
-            vlist.push_back(tlist_o.front()); // 4th point
+            vlist.emplace_back(tlist_i.back()); // 1st point
+            vlist.emplace_back(tlist_o.back()); // 2nd point
+            vlist.emplace_back(tlist_o.front()); // 3rd point
+            vlist.emplace_back(tlist_i.front()); // 4th point
 
             ((X3DNodeElementGeometry2D *)ne)->NumIndices = 4;
         }