From af09e68654dc6a32fafe7e3192e5dea297031062 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Mon, 26 Jan 2015 14:23:07 +0200
Subject: [PATCH] Fix memory corruption when LWO file contains bad-sized points
 chunk

---
 code/LWOLoader.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/code/LWOLoader.cpp b/code/LWOLoader.cpp
index 14a9f261f..355e21298 100644
--- a/code/LWOLoader.cpp
+++ b/code/LWOLoader.cpp
@@ -730,6 +730,11 @@ void LWOImporter::LoadLWOPoints(unsigned int length)
 	// --- this function is used for both LWO2 and LWOB but for
 	// LWO2 we need to allocate 25% more storage - it could be we'll 
 	// need to duplicate some points later.
+	const size_t vertexLen = 12;
+	if ((length % vertexLen) != 0)
+	{
+		throw DeadlyImportError( "LWO2: Points chunk length is not multiple of vertexLen (12)");
+	}
 	register unsigned int regularSize = (unsigned int)mCurLayer->mTempPoints.size() + length / 12;
 	if (mIsLWO2)
 	{