Fix Heap-buffer-overflow READ in Assimp::MD5::MD5MeshParser::MD5MeshParser
parent
d9a8837a5b
commit
5cc4a61d66
|
@ -228,15 +228,20 @@ bool MD5Parser::ParseSection(Section &out) {
|
||||||
out.data[out.length] = '\0';
|
out.data[out.length] = '\0';
|
||||||
|
|
||||||
// parse a string, enclosed in quotation marks
|
// parse a string, enclosed in quotation marks
|
||||||
#define AI_MD5_PARSE_STRING_IN_QUOTATION(out) \
|
#define AI_MD5_PARSE_STRING_IN_QUOTATION(out) \
|
||||||
while ('\"' != *sz) \
|
out.length = 0; \
|
||||||
++sz; \
|
while ('\"' != *sz && '\0' != *sz) \
|
||||||
const char *szStart = ++sz; \
|
++sz; \
|
||||||
while ('\"' != *sz) \
|
if ('\0' != *sz) { \
|
||||||
++sz; \
|
const char *szStart = ++sz; \
|
||||||
const char *szEnd = (sz++); \
|
while ('\"' != *sz && '\0' != *sz) \
|
||||||
out.length = (ai_uint32)(szEnd - szStart); \
|
++sz; \
|
||||||
::memcpy(out.data, szStart, out.length); \
|
if ('\0' != *sz) { \
|
||||||
|
const char *szEnd = (sz++); \
|
||||||
|
out.length = (ai_uint32)(szEnd - szStart); \
|
||||||
|
::memcpy(out.data, szStart, out.length); \
|
||||||
|
} \
|
||||||
|
} \
|
||||||
out.data[out.length] = '\0';
|
out.data[out.length] = '\0';
|
||||||
// ------------------------------------------------------------------------------------------------
|
// ------------------------------------------------------------------------------------------------
|
||||||
// .MD5MESH parsing function
|
// .MD5MESH parsing function
|
||||||
|
|
Loading…
Reference in New Issue