From 38382715f78d6b91c7e8db88cb002f80d92a56a8 Mon Sep 17 00:00:00 2001 From: "Max Vollmer (Microsoft Havok)" <60260460+ms-maxvollmer@users.noreply.github.com> Date: Fri, 26 Nov 2021 13:01:00 +0000 Subject: [PATCH 1/3] Ensure we don't access the vector with an out of bounds index --- code/AssetLib/glTF/glTFCommon.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/AssetLib/glTF/glTFCommon.h b/code/AssetLib/glTF/glTFCommon.h index 78d40ce2c..14b82aa29 100644 --- a/code/AssetLib/glTF/glTFCommon.h +++ b/code/AssetLib/glTF/glTFCommon.h @@ -300,7 +300,7 @@ public: inline unsigned int GetIndex() const { return index; } - operator bool() const { return vector != 0; } + operator bool() const { return vector != nullptr && index < vector->size(); } T *operator->() { return (*vector)[index]; } From 0015823bef046673a3d03b6cb7164d0a17368307 Mon Sep 17 00:00:00 2001 From: "Max Vollmer (Microsoft Havok)" <60260460+ms-maxvollmer@users.noreply.github.com> Date: Fri, 26 Nov 2021 13:01:15 +0000 Subject: [PATCH 2/3] Reject files with an invalid byteLength value --- code/AssetLib/glTF2/glTF2Asset.inl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/code/AssetLib/glTF2/glTF2Asset.inl b/code/AssetLib/glTF2/glTF2Asset.inl index ffe528757..f35a47efa 100644 --- a/code/AssetLib/glTF2/glTF2Asset.inl +++ b/code/AssetLib/glTF2/glTF2Asset.inl @@ -600,6 +600,10 @@ inline void Buffer::Read(Value &obj, Asset &r) { inline bool Buffer::LoadFromStream(IOStream &stream, size_t length, size_t baseOffset) { byteLength = length ? length : stream.FileSize(); + if (byteLength > stream.FileSize()) { + throw DeadlyImportError("GLTF: Invalid byteLength exceeds size of actual data."); + } + if (baseOffset) { stream.Seek(baseOffset, aiOrigin_SET); } From 5e1188c44e1142cd5064de8459b8933cca5ad22a Mon Sep 17 00:00:00 2001 From: "Max Vollmer (Microsoft Havok)" <60260460+ms-maxvollmer@users.noreply.github.com> Date: Fri, 26 Nov 2021 13:01:38 +0000 Subject: [PATCH 3/3] Check that positions exist before accessing them --- include/assimp/Vertex.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/assimp/Vertex.h b/include/assimp/Vertex.h index ad5ff476c..f2e5572d3 100644 --- a/include/assimp/Vertex.h +++ b/include/assimp/Vertex.h @@ -135,7 +135,9 @@ public: /** Extract a particular vertex from a anim mesh and interleave all components */ explicit Vertex(const aiAnimMesh* msh, unsigned int idx) { ai_assert(idx < msh->mNumVertices); - position = msh->mVertices[idx]; + if (msh->HasPositions()) { + position = msh->mVertices[idx]; + } if (msh->HasNormals()) { normal = msh->mNormals[idx];