Ply-Importer: Fix vulnerability (#5739)

code/AssetLib/Ply/PlyLoader.cpp

@@ -448,6 +448,9 @@ void PLYImporter::LoadVertex(const PLY::Element *pcElement, const PLY::ElementIn
             mGeneratedMesh->mNumVertices = pcElement->NumOccur;
             mGeneratedMesh->mVertices = new aiVector3D[mGeneratedMesh->mNumVertices];
         }
+        if (pos >= mGeneratedMesh->mNumVertices) {
+            throw DeadlyImportError("Invalid .ply file: Too many vertices");
+        }
 
         mGeneratedMesh->mVertices[pos] = vOut;
 

test/unit/utPLYImportExport.cpp

@@ -203,3 +203,9 @@ TEST_F(utPLYImportExport, parseInvalid) {
     const aiScene *scene = importer.ReadFile(ASSIMP_TEST_MODELS_DIR "/invalid/crash-30d6d0f7c529b3b66b4131700b7a4580cd7082df.ply", 0);
     EXPECT_EQ(nullptr, scene);
 }
+
+TEST_F(utPLYImportExport, payload_JVN42386607) {
+    Assimp::Importer importer;
+    const aiScene *scene = importer.ReadFile(ASSIMP_TEST_MODELS_DIR "/PLY/payload_JVN42386607", 0);
+   EXPECT_EQ(nullptr, scene);
+}