v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #4837 from sashashura/patch-9 

Fixes Heap-buffer-overflow READ 1 in Assimp::MD5::MD5Parser::ParseHeader
pull/4838/head
Kim Kulling 2022-12-15 15:08:16 +01:00 committed by GitHub
parent ee02c389ca db8ff41679
commit 7c6e33fef1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
code/AssetLib/MD5/MD5Parser.cpp
View File

@ -5,8 +5,6 @@ Open Asset Import Library (assimp)
Copyright (c) 2006-2022, assimp team Copyright (c) 2006-2022, assimp team
All rights reserved. All rights reserved.
Redistribution and use of this software in source and binary forms, Redistribution and use of this software in source and binary forms,
@ -117,6 +115,9 @@ void MD5Parser::ParseHeader() {
ReportError("MD5 version tag is unknown (10 is expected)"); ReportError("MD5 version tag is unknown (10 is expected)");
} }
SkipLine(); SkipLine();
if (buffer == bufferEnd) {
return;
}
// print the command line options to the console // print the command line options to the console
// FIX: can break the log length limit, so we need to be careful // FIX: can break the log length limit, so we need to be careful
@ -135,8 +136,9 @@ bool MD5Parser::ParseSection(Section &out) {
// first parse the name of the section // first parse the name of the section
char *sz = buffer; char *sz = buffer;
while (!IsSpaceOrNewLine(*buffer)) while (!IsSpaceOrNewLine(*buffer)) {
buffer++; ++buffer;
}
out.mName = std::string(sz, (uintptr_t)(buffer - sz)); out.mName = std::string(sz, (uintptr_t)(buffer - sz));
SkipSpaces(); SkipSpaces();
@ -144,14 +146,14 @@ bool MD5Parser::ParseSection(Section &out) {
while (running) { while (running) {
if ('{' == *buffer) { if ('{' == *buffer) {
// it is a normal section so read all lines // it is a normal section so read all lines
buffer++; ++buffer;
bool run = true; bool run = true;
while (run) { while (run) {
if (!SkipSpacesAndLineEnd()) { if (!SkipSpacesAndLineEnd()) {
return false; // seems this was the last section return false; // seems this was the last section
} }
if ('}' == *buffer) { if ('}' == *buffer) {
buffer++; ++buffer;
break; break;
} }
@ -163,7 +165,7 @@ bool MD5Parser::ParseSection(Section &out) {
// terminate the line with zero // terminate the line with zero
while (!IsLineEnd(*buffer)) while (!IsLineEnd(*buffer))
buffer++; ++buffer;
if (*buffer) { if (*buffer) {
++lineNumber; ++lineNumber;
*buffer++ = '\0'; *buffer++ = '\0';