Fix potential heapbuffer overflow in md5 parsing (#5652)

pull/5656/head^2
Matthias Möller 2024-07-06 08:27:05 +02:00 committed by GitHub
parent fe6e25080b
commit d5cb1fe01f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions

View File

@ -234,8 +234,12 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber); AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
if ('(' != **sz) { if ('(' != **sz) {
MD5Parser::ReportWarning("Unexpected token: ( was expected", linenumber); MD5Parser::ReportWarning("Unexpected token: ( was expected", linenumber);
if (*sz == bufferEnd)
return;
++*sz; ++*sz;
} }
if (*sz == bufferEnd)
return;
++*sz; ++*sz;
AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber); AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
*sz = fast_atoreal_move<float>(*sz, (float &)vec.x); *sz = fast_atoreal_move<float>(*sz, (float &)vec.x);
@ -247,6 +251,8 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
if (')' != **sz) { if (')' != **sz) {
MD5Parser::ReportWarning("Unexpected token: ) was expected", linenumber); MD5Parser::ReportWarning("Unexpected token: ) was expected", linenumber);
} }
if (*sz == bufferEnd)
return;
++*sz; ++*sz;
} }