Fix overflow in IOStreamBuffer

`getNextLine` & `getNextDataLine` now double the buffer size each time it is needed to avoid writing out of bounds. Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24465
2021-10-28 23:33:07 -04:00 · 2021-10-28 23:33:07 -04:00 · 1909b3e8d2
parent 6a3ac623b9
commit 1909b3e8d2
1 changed files with 10 additions and 0 deletions
--- a/include/assimp/IOStreamBuffer.h
+++ b/include/assimp/IOStreamBuffer.h
@ -261,6 +261,11 @@ AI_FORCE_INLINE bool IOStreamBuffer<T>::getNextDataLine(std::vector<T> &buffer,
        buffer[i] = m_cache[m_cachePos];
        ++m_cachePos;
        ++i;
+
+        if(i == buffer.size()) {
+            buffer.resize(buffer.size() * 2);
+        }
+
        if (m_cachePos >= size()) {
            break;
        }
@ -308,6 +313,11 @@ AI_FORCE_INLINE bool IOStreamBuffer<T>::getNextLine(std::vector<T> &buffer) {
        buffer[i] = m_cache[m_cachePos];
        ++m_cachePos;
        ++i;
+
+        if(i == buffer.size()) {
+            buffer.resize(buffer.size() * 2);
+        }
+
        if (m_cachePos >= m_cacheSize) {
            if (!readNextBlock()) {
                return false;