v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixes Heap-buffer-overflow READ 1 in Assimp::ObjFileParser::getFace 

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49274
pull/4838/head
sashashura 2022-12-11 01:54:57 +01:00
parent 0fdae2879d
commit 917352dd8b
No known key found for this signature in database
GPG Key ID: 493F722E6CDD0700
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
code/AssetLib/Obj/ObjFileParser.cpp
View File

@ -440,7 +440,7 @@ void ObjFileParser::getFace(aiPrimitiveType type) {
const bool vt = (!m_pModel->mTextureCoord.empty()); const bool vt = (!m_pModel->mTextureCoord.empty());
const bool vn = (!m_pModel->mNormals.empty()); const bool vn = (!m_pModel->mNormals.empty());
int iPos = 0; int iPos = 0;
while (m_DataIt != m_DataItEnd) { while (m_DataIt < m_DataItEnd) {
int iStep = 1; int iStep = 1;
if (IsLineEnd(*m_DataIt)) { if (IsLineEnd(*m_DataIt)) {

3
code/AssetLib/Obj/ObjTools.h
View File

@ -111,6 +111,9 @@ inline Char_T getNextToken(Char_T pBuffer, Char_T pEnd) {
*/ */
template <class char_t> template <class char_t>
inline char_t skipLine(char_t it, char_t end, unsigned int &uiLine) { inline char_t skipLine(char_t it, char_t end, unsigned int &uiLine) {
if (it >= end)
return it;
while (!isEndOfBuffer(it, end) && !IsLineEnd(*it)) { while (!isEndOfBuffer(it, end) && !IsLineEnd(*it)) {
++it; ++it;
} }