v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3542 from ms-maxvollmer/fbx_tokenizer_fix 

FBXBinaryTokenizer: Check length of property
pull/3562/head^2
Kim Kulling 2020-12-28 20:19:35 +01:00 committed by GitHub
parent 404bedd8be 77f9c2854a
commit 3ccfc03c48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
code/AssetLib/FBX/FBXBinaryTokenizer.cpp
View File

@ -375,6 +375,11 @@ bool ReadScope(TokenList& output_tokens, const char* input, const char*& cursor,
// now come the individual properties // now come the individual properties
const char* begin_cursor = cursor; const char* begin_cursor = cursor;
if ((begin_cursor + prop_length) > end) {
TokenizeError("property length out of bounds reading length ", input, cursor);
}
for (unsigned int i = 0; i < prop_count; ++i) { for (unsigned int i = 0; i < prop_count; ++i) {
ReadData(sbeg, send, input, cursor, begin_cursor + prop_length); ReadData(sbeg, send, input, cursor, begin_cursor + prop_length);