Merge pull request #3589 from assimp/kimkulling-off_fuzz28288

Fix overflow in aiString
2021-01-18 20:19:01 +01:00 · 2021-01-18 20:19:01 +01:00 · 0eb9005bc1
parent 3c1d8850a4 11ee9d3673
commit 0eb9005bc1
1 changed files with 6 additions and 3 deletions
--- a/include/assimp/types.h
+++ b/include/assimp/types.h
@ -305,9 +305,9 @@ struct aiString {
    /** Copy a const char* to the aiString */
    void Set(const char *sz) {
-        const ai_int32 len = (ai_uint32)::strlen(sz);
+        ai_int32 len = (ai_uint32)::strlen(sz);
        if (len > (ai_int32)MAXLEN - 1) {
-            return;
+            len = (ai_int32) MAXLEN - 1;
        }
        length = len;
        memcpy(data, sz, len);
@ -321,7 +321,10 @@ struct aiString {
        }
        length = rOther.length;
-        ;
+        if (length >(MAXLEN - 1)) {
            length = (ai_int32) MAXLEN - 1;
        }
        memcpy(data, rOther.data, length);
        data[length] = '\0';
        return *this;