Fix error in aiString documentation. MAXLEN includes the terminal NULL. This is unusual, but true.

Fix overflow vulnerability in SceneCombiner. Thanks to Krishty to point it out. git-svn-id: https://assimp.svn.sourceforge.net/svnroot/assimp/trunk@683 67173fc5-114c-0410-ac8e-9d2fd5bffc1f
2010-04-14 21:45:00 +00:00 · 2010-04-14 21:45:00 +00:00 · 685d2b83c5
parent 6a2a542986
commit 685d2b83c5
2 changed files with 8 additions and 1 deletions
--- a/code/SceneCombiner.cpp
+++ b/code/SceneCombiner.cpp
@ -62,6 +62,12 @@ inline void PrefixString(aiString& string,const char* prefix, unsigned int len)
 	if (string.length >= 1 && string.data[0] == '$')
 		return;

+	if (len+string.length>=MAXLEN-1) {
+		DefaultLogger::get()->debug("Can't add an unique prefix because the string is too long");
+		ai_assert(false);
+		return;
+	}
+
 	// Add the prefix
 	::memmove(string.data+len,string.data,string.length+1);
 	::memcpy (string.data, prefix, len);
--- a/include/aiTypes.h
+++ b/include/aiTypes.h
@ -230,7 +230,8 @@ struct aiColor3D
 *  UTF-8 strings to their working character set (i.e. MBCS, WideChar).
 *
 *  We use this representation instead of std::string to be C-compatible. The 
- *  (binary) length of such a string is limited to MAXLEN characters (excluding the 0).
+ *  (binary) length of such a string is limited to MAXLEN characters (including the
+ *  the terminating zero).
 */
 struct aiString
 {