Home Explore Help
Sign In
software
/
assimp.assimp
mirror of https://github.com/assimp/assimp.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fixes CVE-2025-2751: Out-of-bounds Read in Assimp::CSMImporter::InternReadFile (closes #6012) (#6224)

description:
issue:
- https://github.com/assimp/assimp/blob/4ad1d2aa3086517816716a50aa122342806736f9/code/AssetLib/CSM/CSMLoader.cpp#L274C1-L275C1
- sometimes the code tried to construct a new 4x4 matrix from a nullptr, thus reading out of bounds

fix:
- added nullptr check
- added array count check
- added default fallback init to identity matrix

Co-authored-by: Vinz Spring <[email protected]>
Co-authored-by: Kim Kulling <[email protected]>
Vinz Spring 3 months ago
parent
c1d6226c06
commit
177797c77b
1 changed files with 7 additions and 1 deletions
Unified View Show Diff Stats
  1. 7 1
      code/AssetLib/CSM/CSMLoader.cpp

+ 7 - 1
code/AssetLib/CSM/CSMLoader.cpp
View File 

@@ -271,7 +271,13 @@ void CSMImporter::InternReadFile( const std::string& pFile,
 
         nd->mName   = anim->mChannels[i]->mNodeName;
 
         nd->mName   = anim->mChannels[i]->mNodeName;
 
         nd->mParent = pScene->mRootNode;
 
         nd->mParent = pScene->mRootNode;
 
 
 
-        aiMatrix4x4::Translation(na->mPositionKeys[0].mValue, nd->mTransformation);
 
+        if (na->mPositionKeys != nullptr && na->mNumPositionKeys > 0) {
 
+            aiMatrix4x4::Translation(na->mPositionKeys[0].mValue, nd->mTransformation);
 
+        } else {
 
+            // Use identity matrix if no valid position data is available
 
+            nd->mTransformation = aiMatrix4x4();
 
+            DefaultLogger::get()->warn("CSM: No position keys available for node - using identity transformation");
 
+        }
 
     }
 
     }
 
 
 
     // Store the one and only animation in the scene
 
     // Store the one and only animation in the scene