From 555f5337779e2e792845284e417d11eb1b778bc4 Mon Sep 17 00:00:00 2001 From: Turo Lamminen Date: Sun, 13 Mar 2016 00:54:23 +0200 Subject: [PATCH] MD3: Check file is big enough to contain all the advertised surfaces --- code/MD3Loader.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/code/MD3Loader.cpp b/code/MD3Loader.cpp index 53e890590..c8b58f593 100644 --- a/code/MD3Loader.cpp +++ b/code/MD3Loader.cpp @@ -407,6 +407,14 @@ void MD3Importer::ValidateHeaderOffsets() throw DeadlyImportError("Invalid MD3 header: some offsets are outside the file"); } + if (pcHeader->NUM_SURFACES > AI_MAX_ALLOC(MD3::Surface)) { + throw DeadlyImportError("Invalid MD3 header: too many surfaces, would overflow"); + } + + if (pcHeader->OFS_SURFACES + pcHeader->NUM_SURFACES * sizeof(MD3::Surface) >= fileSize) { + throw DeadlyImportError("Invalid MD3 header: some surfaces are outside the file"); + } + if (pcHeader->NUM_FRAMES <= configFrameID ) throw DeadlyImportError("The requested frame is not existing the file"); }