v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check target sizes to avoid reading beyond allocation

pull/3718/head
Malcolm Tyrrell 2021-03-24 10:55:40 +00:00
parent d1ef28fa52
commit add165c4a1
1 changed files with 32 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
code/AssetLib/glTF2/glTF2Importer.cpp
View File

@ -536,6 +536,9 @@ void glTF2Importer::ImportMeshes(glTF2::Asset &r) {
Mesh::Primitive::Target &target = targets[i]; Mesh::Primitive::Target &target = targets[i];
if (needPositions) { if (needPositions) {
if (target.position[0]->count != aim->mNumVertices) {
DefaultLogger::get()->warn("Positions of target in mesh \"" + mesh.name + "\" does not match the vertex count");
} else {
aiVector3D *positionDiff = nullptr; aiVector3D *positionDiff = nullptr;
target.position[0]->ExtractData(positionDiff); target.position[0]->ExtractData(positionDiff);
for (unsigned int vertexId = 0; vertexId < aim->mNumVertices; vertexId++) { for (unsigned int vertexId = 0; vertexId < aim->mNumVertices; vertexId++) {
@ -543,7 +546,11 @@ void glTF2Importer::ImportMeshes(glTF2::Asset &r) {
} }
delete[] positionDiff; delete[] positionDiff;
} }
}
if (needNormals) { if (needNormals) {
if (target.normal[0]->count != aim->mNumVertices) {
DefaultLogger::get()->warn("Normals of target in mesh \"" + mesh.name + "\" does not match the vertex count");
} else {
aiVector3D *normalDiff = nullptr; aiVector3D *normalDiff = nullptr;
target.normal[0]->ExtractData(normalDiff); target.normal[0]->ExtractData(normalDiff);
for (unsigned int vertexId = 0; vertexId < aim->mNumVertices; vertexId++) { for (unsigned int vertexId = 0; vertexId < aim->mNumVertices; vertexId++) {
@ -551,7 +558,11 @@ void glTF2Importer::ImportMeshes(glTF2::Asset &r) {
} }
delete[] normalDiff; delete[] normalDiff;
} }
}
if (needTangents) { if (needTangents) {
if (target.tangent[0]->count != aim->mNumVertices) {
DefaultLogger::get()->warn("Tangents of target in mesh \"" + mesh.name + "\" does not match the vertex count");
} else {
Tangent *tangent = nullptr; Tangent *tangent = nullptr;
attr.tangent[0]->ExtractData(tangent); attr.tangent[0]->ExtractData(tangent);
@ -566,6 +577,7 @@ void glTF2Importer::ImportMeshes(glTF2::Asset &r) {
delete[] tangent; delete[] tangent;
delete[] tangentDiff; delete[] tangentDiff;
} }
}
if (mesh.weights.size() > i) { if (mesh.weights.size() > i) {
aiAnimMesh.mWeight = mesh.weights[i]; aiAnimMesh.mWeight = mesh.weights[i];
} }