Fix potential heapbuffer overflow in md5 parsing (#5652)

2024-07-06 08:27:05 +02:00 · 2024-07-06 08:27:05 +02:00 · d5cb1fe01f
parent fe6e25080b
commit d5cb1fe01f
1 changed files with 6 additions and 0 deletions
--- a/code/AssetLib/MD5/MD5Parser.cpp
+++ b/code/AssetLib/MD5/MD5Parser.cpp
@ -234,8 +234,12 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
    AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
    if ('(' != **sz) {
        MD5Parser::ReportWarning("Unexpected token: ( was expected", linenumber);
        if (*sz == bufferEnd)
            return;
        ++*sz;
    }
    if (*sz == bufferEnd)
        return;
    ++*sz;
    AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
    *sz = fast_atoreal_move<float>(*sz, (float &)vec.x);
@ -247,6 +251,8 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
    if (')' != **sz) {
        MD5Parser::ReportWarning("Unexpected token: ) was expected", linenumber);
    }
    if (*sz == bufferEnd)
        return;
    ++*sz;
 }