v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix ASE loader crash when *MATERIAL_COUNT or *NUMSUBMTLS is not specified or is 0 (#5559) 

code was doing vector[0u - 1] dereference in this case

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
kimkulling/bug_fix_heap_buffer_overflow_in_readfilefrommemory_issue-5566
Garux 2024-05-08 13:43:43 +05:00 committed by GitHub
parent c953739487
commit 47dbabadcd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
code/AssetLib/ASE/ASEParser.cpp
View File

@ -500,6 +500,13 @@ void Parser::ParseLV1MaterialListBlock() {
continue;
}
if (TokenMatch(filePtr, "MATERIAL", 8)) {
// ensure we have at least one material allocated
if (iMaterialCount == 0) {
LogWarning("*MATERIAL_COUNT unspecified or 0");
iMaterialCount = 1;
m_vMaterials.resize(iOldMaterialCount + iMaterialCount, Material("INVALID"));
}
unsigned int iIndex = 0;
ParseLV4MeshLong(iIndex);
@ -653,6 +660,12 @@ void Parser::ParseLV2MaterialBlock(ASE::Material &mat) {
}
// submaterial chunks
if (TokenMatch(filePtr, "SUBMATERIAL", 11)) {
// ensure we have at least one material allocated
if (iNumSubMaterials == 0) {
LogWarning("*NUMSUBMTLS unspecified or 0");
iNumSubMaterials = 1;
mat.avSubMaterials.resize(iNumSubMaterials, Material("INVALID SUBMATERIAL"));
}
unsigned int iIndex = 0;
ParseLV4MeshLong(iIndex);