Merge pull request #2971 from ms-maxvollmer/FBXParser_check_inputlength_fix

Check input token length before copy
pull/2973/head
Kim Kulling 2020-02-11 21:57:38 +01:00 committed by GitHub
commit aed762acd7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions

View File

@ -367,8 +367,12 @@ float ParseTokenAsFloat(const Token& t, const char*& err_out)
// first - next in the fbx token stream comes ',', // first - next in the fbx token stream comes ',',
// which fast_atof could interpret as decimal point. // which fast_atof could interpret as decimal point.
#define MAX_FLOAT_LENGTH 31 #define MAX_FLOAT_LENGTH 31
char temp[MAX_FLOAT_LENGTH + 1];
const size_t length = static_cast<size_t>(t.end()-t.begin()); const size_t length = static_cast<size_t>(t.end()-t.begin());
if (length > MAX_FLOAT_LENGTH) {
return 0.f;
}
char temp[MAX_FLOAT_LENGTH + 1];
std::copy(t.begin(), t.end(), temp); std::copy(t.begin(), t.end(), temp);
temp[std::min(static_cast<size_t>(MAX_FLOAT_LENGTH),length)] = '\0'; temp[std::min(static_cast<size_t>(MAX_FLOAT_LENGTH),length)] = '\0';