From 5d5e0bad3c4033124f0f227bf6120c6f9b17ede4 Mon Sep 17 00:00:00 2001
From: Stoyan Gaydarov <sgayda2@gmail.com>
Date: Fri, 19 Jul 2024 12:48:10 -0700
Subject: [PATCH] Fix a fuzz test heap buffer overflow in mdl material loader
 (#5658)

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
---
 code/AssetLib/MDL/MDLMaterialLoader.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/code/AssetLib/MDL/MDLMaterialLoader.cpp b/code/AssetLib/MDL/MDLMaterialLoader.cpp
index 7adb76d94..d0a2d5f79 100644
--- a/code/AssetLib/MDL/MDLMaterialLoader.cpp
+++ b/code/AssetLib/MDL/MDLMaterialLoader.cpp
@@ -730,10 +730,12 @@ void MDLImporter::SkipSkinLump_3DGS_MDL7(
     // if an ASCII effect description (HLSL?) is contained in the file,
     // we can simply ignore it ...
     if (iType & AI_MDL7_SKINTYPE_MATERIAL_ASCDEF) {
+        VALIDATE_FILE_SIZE(szCurrent + sizeof(int32_t));
         int32_t iMe = 0;
         ::memcpy(&iMe, szCurrent, sizeof(int32_t));
         AI_SWAP4(iMe);
         szCurrent += sizeof(char) * iMe + sizeof(int32_t);
+        VALIDATE_FILE_SIZE(szCurrent);
     }
     *szCurrentOut = szCurrent;
 }