From a4274930e496f8cc905329b49dfe29ff424cb175 Mon Sep 17 00:00:00 2001
From: sashashura <93376818+sashashura@users.noreply.github.com>
Date: Sat, 16 Jul 2022 13:46:50 +0100
Subject: [PATCH] Fixes Heap-use-after-free in
 Assimp::DXFImporter::ExpandBlockReferences

---
 code/AssetLib/DXF/DXFLoader.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/code/AssetLib/DXF/DXFLoader.cpp b/code/AssetLib/DXF/DXFLoader.cpp
index 6b2dbbe82..2f1ec35b4 100644
--- a/code/AssetLib/DXF/DXFLoader.cpp
+++ b/code/AssetLib/DXF/DXFLoader.cpp
@@ -368,7 +368,9 @@ void DXFImporter::ExpandBlockReferences(DXF::Block& bl,const DXF::BlockMap& bloc
         // XXX this would be the place to implement recursive expansion if needed.
         const DXF::Block& bl_src = *(*it).second;
 
-        for (std::shared_ptr<const DXF::PolyLine> pl_in : bl_src.lines) {
+        const size_t size = bl_src.lines.size(); // the size may increase in the loop
+        for (size_t i = 0; i < size; ++i) {
+            std::shared_ptr<const DXF::PolyLine> pl_in = bl_src.lines[i];
             if (!pl_in) {
                 ASSIMP_LOG_ERROR("DXF: PolyLine instance is nullptr, skipping.");
                 continue;