v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5120 from sashashura/6520123362508800 

Fix Stack-buffer-overflow READ in aiMaterial::AddBinaryProperty
pull/5119/head^2
Kim Kulling 2023-06-25 21:19:19 +02:00 committed by GitHub
parent ed0dff2a7e 7005a9caa2
commit 96d0c0769e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
code/AssetLib/MDL/MDLMaterialLoader.cpp
View File

@ -493,12 +493,12 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
aiString szFile;
const size_t iLen = strlen((const char *)szCurrent);
size_t iLen2 = iLen + 1;
iLen2 = iLen2 > MAXLEN ? MAXLEN : iLen2;
size_t iLen2 = iLen > (MAXLEN - 1) ? (MAXLEN - 1) : iLen;
memcpy(szFile.data, (const char *)szCurrent, iLen2);
szFile.data[iLen2] = '\0';
szFile.length = static_cast<ai_uint32>(iLen2);
szCurrent += iLen2;
szCurrent += iLen2 + 1;
// place this as diffuse texture
pcMatOut->AddProperty(&szFile, AI_MATKEY_TEXTURE_DIFFUSE(0));

8
code/Material/MaterialSystem.cpp
View File

@ -51,6 +51,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <assimp/material.h>
#include <assimp/types.h>
#include <assimp/DefaultLogger.hpp>
#include <memory>
using namespace Assimp;
@ -473,7 +474,7 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
}
// Allocate a new material property
aiMaterialProperty *pcNew = new aiMaterialProperty();
std::unique_ptr<aiMaterialProperty> pcNew(new aiMaterialProperty());
// .. and fill it
pcNew->mType = pType;
@ -489,7 +490,7 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
strcpy(pcNew->mKey.data, pKey);
if (UINT_MAX != iOutIndex) {
mProperties[iOutIndex] = pcNew;
mProperties[iOutIndex] = pcNew.release();
return AI_SUCCESS;
}
@ -502,7 +503,6 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
try {
ppTemp = new aiMaterialProperty *[mNumAllocated];
} catch (std::bad_alloc &) {
delete pcNew;
return AI_OUTOFMEMORY;
}
@ -513,7 +513,7 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
mProperties = ppTemp;
}
// push back ...
mProperties[mNumProperties++] = pcNew;
mProperties[mNumProperties++] = pcNew.release();
return AI_SUCCESS;
}