Merge pull request #4809 from assimp/kimkulling/fix_possible_overflow_issue-3422

Add overfolow check for invalid data.
pull/4807/head^2
Kim Kulling 2022-11-22 11:04:51 +01:00 committed by GitHub
commit 88041152ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions

View File

@ -404,8 +404,13 @@ void MDLImporter::InternReadFile_Quake1() {
this->CreateTextureARGB8_3DGS_MDL3(szCurrent + iNumImages * sizeof(float));
}
// go to the end of the skin section / the beginning of the next skin
szCurrent += pcHeader->skinheight * pcHeader->skinwidth +
sizeof(float) * iNumImages;
bool overflow = false;
if ((pcHeader->skinheight > INT_MAX / pcHeader->skinwidth) || (pcHeader->skinwidth > INT_MAX / pcHeader->skinheight)){
overflow = true;
}
if (!overflow) {
szCurrent += pcHeader->skinheight * pcHeader->skinwidth +sizeof(float) * iNumImages;
}
}
} else {
szCurrent += sizeof(uint32_t);