v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #820 from turol/master 

Fix some crashes on malformed input
pull/821/head
Kim Kulling 2016-03-13 19:58:04 +01:00
parent 6ee5fdf567 555f533777
commit 193f6059cf
3 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
code/MD2Loader.cpp
View File

@ -169,10 +169,33 @@ void MD2Importer::ValidateHeader( )
if (m_pcHeader->offsetEnd > (uint32_t)fileSize)
throw DeadlyImportError( "Invalid md2 file: File is too small");
if (m_pcHeader->numSkins > AI_MAX_ALLOC(MD2::Skin)) {
throw DeadlyImportError("Invalid MD2 header: too many skins, would overflow");
}
if (m_pcHeader->numVertices > AI_MAX_ALLOC(MD2::Vertex)) {
throw DeadlyImportError("Invalid MD2 header: too many vertices, would overflow");
}
if (m_pcHeader->numTexCoords > AI_MAX_ALLOC(MD2::TexCoord)) {
throw DeadlyImportError("Invalid MD2 header: too many texcoords, would overflow");
}
if (m_pcHeader->numTriangles > AI_MAX_ALLOC(MD2::Triangle)) {
throw DeadlyImportError("Invalid MD2 header: too many triangles, would overflow");
}
if (m_pcHeader->numFrames > AI_MAX_ALLOC(MD2::Frame)) {
throw DeadlyImportError("Invalid MD2 header: too many frames, would overflow");
}
// -1 because Frame already contains one
unsigned int frameSize = sizeof (MD2::Frame) + (m_pcHeader->numVertices - 1) * sizeof(MD2::Vertex);
if (m_pcHeader->offsetSkins + m_pcHeader->numSkins * sizeof (MD2::Skin) >= fileSize ||
m_pcHeader->offsetTexCoords + m_pcHeader->numTexCoords * sizeof (MD2::TexCoord) >= fileSize ||
m_pcHeader->offsetTriangles + m_pcHeader->numTriangles * sizeof (MD2::Triangle) >= fileSize ||
m_pcHeader->offsetFrames + m_pcHeader->numFrames * sizeof (MD2::Frame) >= fileSize ||
m_pcHeader->offsetFrames + m_pcHeader->numFrames * frameSize >= fileSize ||
m_pcHeader->offsetEnd > fileSize)
{
throw DeadlyImportError("Invalid MD2 header: some offsets are outside the file");

18
code/MD3Loader.cpp
View File

@ -407,6 +407,14 @@ void MD3Importer::ValidateHeaderOffsets()
throw DeadlyImportError("Invalid MD3 header: some offsets are outside the file");
}
if (pcHeader->NUM_SURFACES > AI_MAX_ALLOC(MD3::Surface)) {
throw DeadlyImportError("Invalid MD3 header: too many surfaces, would overflow");
}
if (pcHeader->OFS_SURFACES + pcHeader->NUM_SURFACES * sizeof(MD3::Surface) >= fileSize) {
throw DeadlyImportError("Invalid MD3 header: some surfaces are outside the file");
}
if (pcHeader->NUM_FRAMES <= configFrameID )
throw DeadlyImportError("The requested frame is not existing the file");
}
@ -1000,9 +1008,13 @@ void MD3Importer::InternReadFile( const std::string& pFile,
// Read vertices
aiVector3D& vec = pcMesh->mVertices[iCurrent];
vec.x = pcVertices[ pcTriangles->INDEXES[c]].X*AI_MD3_XYZ_SCALE;
vec.y = pcVertices[ pcTriangles->INDEXES[c]].Y*AI_MD3_XYZ_SCALE;
vec.z = pcVertices[ pcTriangles->INDEXES[c]].Z*AI_MD3_XYZ_SCALE;
uint32_t index = pcTriangles->INDEXES[c];
if (index >= pcSurfaces->NUM_VERTICES) {
throw DeadlyImportError( "MD3: Invalid vertex index");
}
vec.x = pcVertices[index].X*AI_MD3_XYZ_SCALE;
vec.y = pcVertices[index].Y*AI_MD3_XYZ_SCALE;
vec.z = pcVertices[index].Z*AI_MD3_XYZ_SCALE;
// Convert the normal vector to uncompressed float3 format
aiVector3D& nor = pcMesh->mNormals[iCurrent];

4
code/MDLLoader.cpp
View File

@ -576,9 +576,13 @@ void MDLImporter::InternReadFile_3DGS_MDL345( )
// current cursor position in the file
const unsigned char* szCurrent = (const unsigned char*)(pcHeader+1);
const unsigned char* szEnd = mBuffer + iFileSize;
// need to read all textures
for (unsigned int i = 0; i < (unsigned int)pcHeader->num_skins;++i) {
if (szCurrent >= szEnd) {
throw DeadlyImportError( "Texture data past end of file.");
}
BE_NCONST MDL::Skin* pcSkin;
pcSkin = (BE_NCONST MDL::Skin*)szCurrent;
AI_SWAP4( pcSkin->group);