Prevent out-of-range memory writes by sparse accessors

This turned up during fuzz testing. Corrupted data would make assimp write to random memory locations, leading to subsequent crashes.
2021-11-25 11:20:26 +01:00 · 2021-11-25 11:20:26 +01:00 · 1a5d66714f
parent 889e559696
commit 1a5d66714f
1 changed files with 5 additions and 0 deletions
--- a/code/AssetLib/glTF2/glTF2Asset.inl
+++ b/code/AssetLib/glTF2/glTF2Asset.inl
@ -809,6 +809,11 @@ inline void Accessor::Sparse::PatchData(unsigned int elementSize) {
        }

        offset *= elementSize;
+
+        if (offset + elementSize > data.size()) {
+            throw DeadlyImportError("Invalid sparse accessor. Byte offset for patching points outside allocated memory.");
+        }
+
        std::memcpy(data.data() + offset, pValues, elementSize);

        pValues += elementSize;