v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix out-of-bounds read in RemoveLineComments 

Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24553
pull/4146/head
Alex Rebert 2021-10-28 23:50:16 -04:00
parent 1909b3e8d2
commit 6f07e89fdf
No known key found for this signature in database
GPG Key ID: E082090D746F1A81
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
code/Common/RemoveComments.cpp
View File

@ -64,20 +64,28 @@ void CommentRemover::RemoveLineComments(const char* szComment,
if (len > lenBuffer) { if (len > lenBuffer) {
len = lenBuffer; len = lenBuffer;
} }
while (*szBuffer) {
char *szCurrent = szBuffer;
while (*szCurrent) {
// skip over quotes // skip over quotes
if (*szBuffer == '\"' || *szBuffer == '\'') if (*szCurrent == '\"' || *szCurrent == '\'')
while (*szBuffer++ && *szBuffer != '\"' && *szBuffer != '\''); while (*szCurrent++ && *szCurrent != '\"' && *szCurrent != '\'');
if (!strncmp(szBuffer,szComment,len)) {
while (!IsLineEnd(*szBuffer))
*szBuffer++ = chReplacement;
if (!*szBuffer) { size_t lenRemaining = lenBuffer - (szCurrent - szBuffer);
if(lenRemaining < len) {
break;
}
if (!strncmp(szCurrent,szComment,len)) {
while (!IsLineEnd(*szCurrent))
*szCurrent++ = chReplacement;
if (!*szCurrent) {
break; break;
} }
} }
++szBuffer; ++szCurrent;
} }
} }