v4games
/
assimp
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MDL: Fix read past end of buffer on malformed input

pull/820/head
Turo Lamminen 2016-03-12 21:23:22 +02:00
parent 6ee5fdf567
commit e2361bf209
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
code/MDLLoader.cpp
View File

@ -576,9 +576,13 @@ void MDLImporter::InternReadFile_3DGS_MDL345( )
// current cursor position in the file // current cursor position in the file
const unsigned char* szCurrent = (const unsigned char*)(pcHeader+1); const unsigned char* szCurrent = (const unsigned char*)(pcHeader+1);
const unsigned char* szEnd = mBuffer + iFileSize;
// need to read all textures // need to read all textures
for (unsigned int i = 0; i < (unsigned int)pcHeader->num_skins;++i) { for (unsigned int i = 0; i < (unsigned int)pcHeader->num_skins;++i) {
if (szCurrent >= szEnd) {
throw DeadlyImportError( "Texture data past end of file.");
}
BE_NCONST MDL::Skin* pcSkin; BE_NCONST MDL::Skin* pcSkin;
pcSkin = (BE_NCONST MDL::Skin*)szCurrent; pcSkin = (BE_NCONST MDL::Skin*)szCurrent;
AI_SWAP4( pcSkin->group); AI_SWAP4( pcSkin->group);