Merge pull request #4211 from ms-maxvollmer/ms-maxvollmer/crashfixes2

Added checks for out of bounds data access/writing
pull/4216/head^2
Kim Kulling 2021-11-30 23:44:00 +01:00 committed by GitHub
commit cc05b4c8f1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 2 deletions

View File

@ -300,7 +300,7 @@ public:
inline unsigned int GetIndex() const { return index; } inline unsigned int GetIndex() const { return index; }
operator bool() const { return vector != 0; } operator bool() const { return vector != nullptr && index < vector->size(); }
T *operator->() { return (*vector)[index]; } T *operator->() { return (*vector)[index]; }

View File

@ -600,6 +600,10 @@ inline void Buffer::Read(Value &obj, Asset &r) {
inline bool Buffer::LoadFromStream(IOStream &stream, size_t length, size_t baseOffset) { inline bool Buffer::LoadFromStream(IOStream &stream, size_t length, size_t baseOffset) {
byteLength = length ? length : stream.FileSize(); byteLength = length ? length : stream.FileSize();
if (byteLength > stream.FileSize()) {
throw DeadlyImportError("GLTF: Invalid byteLength exceeds size of actual data.");
}
if (baseOffset) { if (baseOffset) {
stream.Seek(baseOffset, aiOrigin_SET); stream.Seek(baseOffset, aiOrigin_SET);
} }

View File

@ -135,7 +135,9 @@ public:
/** Extract a particular vertex from a anim mesh and interleave all components */ /** Extract a particular vertex from a anim mesh and interleave all components */
explicit Vertex(const aiAnimMesh* msh, unsigned int idx) { explicit Vertex(const aiAnimMesh* msh, unsigned int idx) {
ai_assert(idx < msh->mNumVertices); ai_assert(idx < msh->mNumVertices);
if (msh->HasPositions()) {
position = msh->mVertices[idx]; position = msh->mVertices[idx];
}
if (msh->HasNormals()) { if (msh->HasNormals()) {
normal = msh->mNormals[idx]; normal = msh->mNormals[idx];