v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix overflowing allocations in MDLMaterialLoader 

Some allocations might underallocate due to integer overflows. This
commit ensures that we are throwing an exception if the allocation size
does not fit in an unsigned int.

Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25341
pull/4146/head
Alex Rebert 2021-10-28 22:27:19 -04:00
parent 30f17aa206
commit 932dfe0562
No known key found for this signature in database
GPG Key ID: E082090D746F1A81
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
code/AssetLib/MDL/MDLMaterialLoader.cpp
View File

@ -132,6 +132,9 @@ void MDLImporter::CreateTextureARGB8_3DGS_MDL3(const unsigned char *szData) {
pcNew->mWidth = pcHeader->skinwidth;
pcNew->mHeight = pcHeader->skinheight;
if(pcNew->mWidth != 0 && pcNew->mHeight > UINT_MAX/pcNew->mWidth) {
throw DeadlyImportError("Invalid MDL file. A texture is too big.");
}
pcNew->pcData = new aiTexel[pcNew->mWidth * pcNew->mHeight];
const unsigned char *szColorMap;
@ -217,6 +220,9 @@ void MDLImporter::ParseTextureColorData(const unsigned char *szData,
// allocate storage for the texture image
if (do_read) {
if(pcNew->mWidth != 0 && pcNew->mHeight > UINT_MAX/pcNew->mWidth) {
throw DeadlyImportError("Invalid MDL file. A texture is too big.");
}
pcNew->pcData = new aiTexel[pcNew->mWidth * pcNew->mHeight];
}