v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ply-Importer: Fix vulnerability (#5739)

pull/5741/head
Kim Kulling 2024-08-30 19:43:39 +02:00 committed by GitHub
parent edaf87f186
commit 1e09642382
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/AssetLib/Ply/PlyLoader.cpp
View File

@ -448,6 +448,9 @@ void PLYImporter::LoadVertex(const PLY::Element *pcElement, const PLY::ElementIn
mGeneratedMesh->mNumVertices = pcElement->NumOccur; mGeneratedMesh->mNumVertices = pcElement->NumOccur;
mGeneratedMesh->mVertices = new aiVector3D[mGeneratedMesh->mNumVertices]; mGeneratedMesh->mVertices = new aiVector3D[mGeneratedMesh->mNumVertices];
} }
if (pos >= mGeneratedMesh->mNumVertices) {
throw DeadlyImportError("Invalid .ply file: Too many vertices");
}
mGeneratedMesh->mVertices[pos] = vOut; mGeneratedMesh->mVertices[pos] = vOut;

31
test/models/PLY/payload_JVN42386607 100644
View File

File diff suppressed because one or more lines are too long

6
test/unit/utPLYImportExport.cpp
View File

@ -203,3 +203,9 @@ TEST_F(utPLYImportExport, parseInvalid) {
const aiScene *scene = importer.ReadFile(ASSIMP_TEST_MODELS_DIR "/invalid/crash-30d6d0f7c529b3b66b4131700b7a4580cd7082df.ply", 0); const aiScene *scene = importer.ReadFile(ASSIMP_TEST_MODELS_DIR "/invalid/crash-30d6d0f7c529b3b66b4131700b7a4580cd7082df.ply", 0);
EXPECT_EQ(nullptr, scene); EXPECT_EQ(nullptr, scene);
} }
TEST_F(utPLYImportExport, payload_JVN42386607) {
Assimp::Importer importer;
const aiScene *scene = importer.ReadFile(ASSIMP_TEST_MODELS_DIR "/PLY/payload_JVN42386607", 0);
EXPECT_EQ(nullptr, scene);
}