From 917352dd8b44292c5c3490de8365932edb24c9a1 Mon Sep 17 00:00:00 2001
From: sashashura <aleksandrosansan@gmail.com>
Date: Sun, 11 Dec 2022 01:54:57 +0100
Subject: [PATCH] Fixes Heap-buffer-overflow READ 1 in
 Assimp::ObjFileParser::getFace
 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49274

---
 code/AssetLib/Obj/ObjFileParser.cpp | 2 +-
 code/AssetLib/Obj/ObjTools.h        | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/code/AssetLib/Obj/ObjFileParser.cpp b/code/AssetLib/Obj/ObjFileParser.cpp
index 42bd23689..360c1d0e9 100644
--- a/code/AssetLib/Obj/ObjFileParser.cpp
+++ b/code/AssetLib/Obj/ObjFileParser.cpp
@@ -440,7 +440,7 @@ void ObjFileParser::getFace(aiPrimitiveType type) {
     const bool vt = (!m_pModel->mTextureCoord.empty());
     const bool vn = (!m_pModel->mNormals.empty());
     int iPos = 0;
-    while (m_DataIt != m_DataItEnd) {
+    while (m_DataIt < m_DataItEnd) {
         int iStep = 1;
 
         if (IsLineEnd(*m_DataIt)) {
diff --git a/code/AssetLib/Obj/ObjTools.h b/code/AssetLib/Obj/ObjTools.h
index a24bfd5a2..99d2bc5e3 100644
--- a/code/AssetLib/Obj/ObjTools.h
+++ b/code/AssetLib/Obj/ObjTools.h
@@ -111,6 +111,9 @@ inline Char_T getNextToken(Char_T pBuffer, Char_T pEnd) {
  */
 template <class char_t>
 inline char_t skipLine(char_t it, char_t end, unsigned int &uiLine) {
+    if (it >= end)
+        return it;
+
     while (!isEndOfBuffer(it, end) && !IsLineEnd(*it)) {
         ++it;
     }