Fix Heap-buffer-overflow READ in Assimp::MD5::MD5MeshParser::MD5MeshParser

pull/5110/head
Alex 2023-05-31 06:28:03 +00:00
parent d9a8837a5b
commit 5cc4a61d66
1 changed files with 14 additions and 9 deletions

View File

@ -229,14 +229,19 @@ bool MD5Parser::ParseSection(Section &out) {
// parse a string, enclosed in quotation marks // parse a string, enclosed in quotation marks
#define AI_MD5_PARSE_STRING_IN_QUOTATION(out) \ #define AI_MD5_PARSE_STRING_IN_QUOTATION(out) \
while ('\"' != *sz) \ out.length = 0; \
while ('\"' != *sz && '\0' != *sz) \
++sz; \ ++sz; \
if ('\0' != *sz) { \
const char *szStart = ++sz; \ const char *szStart = ++sz; \
while ('\"' != *sz) \ while ('\"' != *sz && '\0' != *sz) \
++sz; \ ++sz; \
if ('\0' != *sz) { \
const char *szEnd = (sz++); \ const char *szEnd = (sz++); \
out.length = (ai_uint32)(szEnd - szStart); \ out.length = (ai_uint32)(szEnd - szStart); \
::memcpy(out.data, szStart, out.length); \ ::memcpy(out.data, szStart, out.length); \
} \
} \
out.data[out.length] = '\0'; out.data[out.length] = '\0';
// ------------------------------------------------------------------------------------------------ // ------------------------------------------------------------------------------------------------
// .MD5MESH parsing function // .MD5MESH parsing function