diff --git a/code/ACLoader.cpp b/code/ACLoader.cpp index 58d31bf5d..835709749 100644 --- a/code/ACLoader.cpp +++ b/code/ACLoader.cpp @@ -284,6 +284,9 @@ void AC3DImporter::LoadObjectSection(std::vector& objects) SkipSpaces(&buffer); unsigned int t = strtoul10(buffer,&buffer); + if (t >= std::numeric_limits::max() / sizeof(aiVector3D)) { + throw DeadlyImportError("AC3D: Too many vertices, would run out of memory"); + } obj.vertices.reserve(t); for (unsigned int i = 0; i < t;++i) { @@ -608,6 +611,9 @@ aiNode* AC3DImporter::ConvertObjectSection(Object& object, face.mIndices[i] = cur++; // copy vertex positions + if ((vertices - mesh->mVertices) >= mesh->mNumVertices) { + throw DeadlyImportError("AC3D: Invalid number of vertices"); + } *vertices = object.vertices[entry.first] + object.translation; @@ -639,6 +645,10 @@ aiNode* AC3DImporter::ConvertObjectSection(Object& object, face.mIndices[1] = cur++; // copy vertex positions + if (it2 == (*it).entries.end() ) { + throw DeadlyImportError("AC3D: Bad line"); + } + ai_assert((*it2).first < object.vertices.size()); *vertices++ = object.vertices[(*it2).first]; // copy texture coordinates diff --git a/code/DefaultLogger.cpp b/code/DefaultLogger.cpp index f1bbd0c9f..3488f57a3 100644 --- a/code/DefaultLogger.cpp +++ b/code/DefaultLogger.cpp @@ -169,7 +169,6 @@ void Logger::debug(const char* message) { // sometimes importers will include data from the input file // (i.e. node names) in their messages. if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) { - ai_assert(false); return; } return OnDebug(message); @@ -180,7 +179,6 @@ void Logger::info(const char* message) { // SECURITY FIX: see above if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) { - ai_assert(false); return; } return OnInfo(message); @@ -191,7 +189,6 @@ void Logger::warn(const char* message) { // SECURITY FIX: see above if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) { - ai_assert(false); return; } return OnWarn(message); @@ -202,7 +199,6 @@ void Logger::error(const char* message) { // SECURITY FIX: see above if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) { - ai_assert(false); return; } return OnError(message); diff --git a/code/MD3Loader.cpp b/code/MD3Loader.cpp index cf07f295f..443a5c5a8 100644 --- a/code/MD3Loader.cpp +++ b/code/MD3Loader.cpp @@ -478,6 +478,9 @@ void MD3Importer::ReadSkin(Q3Shader::SkinData& fill) const std::string::size_type s = filename.find_last_of('_'); if (s == std::string::npos) { s = filename.find_last_of('.'); + if (s == std::string::npos) { + s = filename.size(); + } } ai_assert(s != std::string::npos); @@ -539,7 +542,9 @@ bool MD3Importer::ReadMultipartFile() { // check whether the file name contains a common postfix, e.g lower_2.md3 std::string::size_type s = filename.find_last_of('_'), t = filename.find_last_of('.'); - ai_assert(t != std::string::npos); + + if (t == std::string::npos) + t = filename.size(); if (s == std::string::npos) s = t; diff --git a/code/ObjFileImporter.cpp b/code/ObjFileImporter.cpp index cae1022b1..c86e78889 100644 --- a/code/ObjFileImporter.cpp +++ b/code/ObjFileImporter.cpp @@ -431,7 +431,9 @@ void ObjFileImporter::createVertexArray(const ObjFile::Model* pModel, pMesh->mTextureCoords[ 0 ][ newIndex ] = aiVector3D( coord3d.x, coord3d.y, coord3d.z ); } - ai_assert( pMesh->mNumVertices > newIndex ); + if ( pMesh->mNumVertices <= newIndex ) { + throw DeadlyImportError("OBJ: bad vertex index"); + } // Get destination face aiFace *pDestFace = &pMesh->mFaces[ outIndex ]; diff --git a/code/ObjFileParser.cpp b/code/ObjFileParser.cpp index a185ff249..be769c421 100644 --- a/code/ObjFileParser.cpp +++ b/code/ObjFileParser.cpp @@ -265,7 +265,7 @@ void ObjFileParser::getVector( std::vector &point3d_array ) { copyNextWord( m_buffer, BUFFERSIZE ); z = ( float ) fast_atof( m_buffer ); } else { - ai_assert( !"Invalid number of components" ); + throw DeadlyImportError( "OBJ: Invalid number of components" ); } point3d_array.push_back( aiVector3D( x, y, z ) ); m_DataIt = skipLine( m_DataIt, m_DataItEnd, m_uiLine ); diff --git a/code/XFileImporter.cpp b/code/XFileImporter.cpp index 800f9a335..d1136c317 100644 --- a/code/XFileImporter.cpp +++ b/code/XFileImporter.cpp @@ -165,6 +165,10 @@ void XFileImporter::CreateDataRepresentationFromImport( aiScene* pScene, XFile:: CreateMeshes( pScene, pScene->mRootNode, pData->mGlobalMeshes); } + if (!pScene->mRootNode) { + throw DeadlyImportError( "No root node" ); + } + // Convert everything to OpenGL space... it's the same operation as the conversion back, so we can reuse the step directly MakeLeftHandedProcess convertProcess; convertProcess.Execute( pScene);