diff --git a/code/AssetLib/FBX/FBXParser.cpp b/code/AssetLib/FBX/FBXParser.cpp index f93f69d4d..8d4bbd866 100644 --- a/code/AssetLib/FBX/FBXParser.cpp +++ b/code/AssetLib/FBX/FBXParser.cpp @@ -641,7 +641,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * (type == 'd' ? 8 : 4)); + uint64_t dataToRead = static_cast(count) * (type == 'd' ? 8 : 4); + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } const uint32_t count3 = count / 3; out.reserve(count3); @@ -728,7 +732,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * (type == 'd' ? 8 : 4)); + uint64_t dataToRead = static_cast(count) * (type == 'd' ? 8 : 4); + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } const uint32_t count4 = count / 4; out.reserve(count4); @@ -807,7 +815,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * (type == 'd' ? 8 : 4)); + uint64_t dataToRead = static_cast(count) * (type == 'd' ? 8 : 4); + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } const uint32_t count2 = count / 2; out.reserve(count2); @@ -879,7 +891,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * 4); + uint64_t dataToRead = static_cast(count) * 4; + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } out.reserve(count); @@ -937,7 +953,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * (type == 'd' ? 8 : 4)); + uint64_t dataToRead = static_cast(count) * (type == 'd' ? 8 : 4); + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } if (type == 'd') { const double* d = reinterpret_cast(&buff[0]); @@ -998,7 +1018,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * 4); + uint64_t dataToRead = static_cast(count) * 4; + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } out.reserve(count); @@ -1063,7 +1087,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * 8); + uint64_t dataToRead = static_cast(count) * 8; + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } out.reserve(count); @@ -1121,7 +1149,11 @@ void ParseVectorDataArray(std::vector& out, const Element& el) ReadBinaryDataArray(type, count, data, end, buff, el); ai_assert(data == end); - ai_assert(buff.size() == count * 8); + uint64_t dataToRead = static_cast(count) * 8; + ai_assert(buff.size() == dataToRead); + if (dataToRead > buff.size()) { + ParseError("Invalid read size (binary)",&el); + } out.reserve(count);