Fix a fuzz test heap buffer overflow in mdl material loader (#5658)

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
pull/5680/head^2
Stoyan Gaydarov 2024-07-19 12:48:10 -07:00 committed by GitHub
parent 9cf03b4ddc
commit 5d5e0bad3c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions

View File

@ -730,10 +730,12 @@ void MDLImporter::SkipSkinLump_3DGS_MDL7(
// if an ASCII effect description (HLSL?) is contained in the file, // if an ASCII effect description (HLSL?) is contained in the file,
// we can simply ignore it ... // we can simply ignore it ...
if (iType & AI_MDL7_SKINTYPE_MATERIAL_ASCDEF) { if (iType & AI_MDL7_SKINTYPE_MATERIAL_ASCDEF) {
VALIDATE_FILE_SIZE(szCurrent + sizeof(int32_t));
int32_t iMe = 0; int32_t iMe = 0;
::memcpy(&iMe, szCurrent, sizeof(int32_t)); ::memcpy(&iMe, szCurrent, sizeof(int32_t));
AI_SWAP4(iMe); AI_SWAP4(iMe);
szCurrent += sizeof(char) * iMe + sizeof(int32_t); szCurrent += sizeof(char) * iMe + sizeof(int32_t);
VALIDATE_FILE_SIZE(szCurrent);
} }
*szCurrentOut = szCurrent; *szCurrentOut = szCurrent;
} }