10 年之前 · 85e2f47dc8
--- a/code/ACLoader.cpp
+++ b/code/ACLoader.cpp
@@ -284,6 +284,9 @@ void AC3DImporter::LoadObjectSection(std::vector<Object>& objects)
 
				 			SkipSpaces(&buffer);

			
 
				 

			
 
				 			unsigned int t = strtoul10(buffer,&buffer);

			
 
				+			if (t >= std::numeric_limits<int32_t>::max() / sizeof(aiVector3D)) {

			
 
				+				throw DeadlyImportError("AC3D: Too many vertices, would run out of memory");

			
 
				+			}

			
 
				 			obj.vertices.reserve(t);

			
 
				 			for (unsigned int i = 0; i < t;++i)

			
 
				 			{

			
@@ -608,6 +611,9 @@ aiNode* AC3DImporter::ConvertObjectSection(Object& object,
 
				 									face.mIndices[i] = cur++;

			
 
				 

			
 
				 									// copy vertex positions

			
 
				+									if ((vertices - mesh->mVertices) >= mesh->mNumVertices) {

			
 
				+										throw DeadlyImportError("AC3D: Invalid number of vertices");

			
 
				+									}

			
 
				 									*vertices = object.vertices[entry.first] + object.translation;

			
 
				 

			
 
				 

			
@@ -639,6 +645,10 @@ aiNode* AC3DImporter::ConvertObjectSection(Object& object,
 
				 								face.mIndices[1] = cur++;

			
 
				 

			
 
				 								// copy vertex positions

			
 
				+								if (it2 == (*it).entries.end() ) {

			
 
				+									throw DeadlyImportError("AC3D: Bad line");

			
 
				+								}

			
 
				+								ai_assert((*it2).first < object.vertices.size());

			
 
				 								*vertices++ = object.vertices[(*it2).first];

			
 
				 								

			
 
				 								// copy texture coordinates 

			
--- a/code/DefaultLogger.cpp
+++ b/code/DefaultLogger.cpp
@@ -169,7 +169,6 @@ void Logger::debug(const char* message)	{
 
				 	// sometimes importers will include data from the input file

			
 
				 	// (i.e. node names) in their messages.

			
 
				 	if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) {

			
 
				-		ai_assert(false);

			
 
				 		return;

			
 
				 	}

			
 
				 	return OnDebug(message);

			
@@ -180,7 +179,6 @@ void Logger::info(const char* message)	{
 
				 	

			
 
				 	// SECURITY FIX: see above

			
 
				 	if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) {

			
 
				-		ai_assert(false);

			
 
				 		return;

			
 
				 	}

			
 
				 	return OnInfo(message);

			
@@ -191,7 +189,6 @@ void Logger::warn(const char* message)	{
 
				 	

			
 
				 	// SECURITY FIX: see above

			
 
				 	if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) {

			
 
				-		ai_assert(false);

			
 
				 		return;

			
 
				 	}

			
 
				 	return OnWarn(message);

			
@@ -202,7 +199,6 @@ void Logger::error(const char* message)	{
 
				 	

			
 
				 	// SECURITY FIX: see above

			
 
				 	if (strlen(message)>MAX_LOG_MESSAGE_LENGTH) {

			
 
				-		ai_assert(false);

			
 
				 		return;

			
 
				 	}

			
 
				 	return OnError(message);

			
--- a/code/MD3Loader.cpp
+++ b/code/MD3Loader.cpp
@@ -478,6 +478,9 @@ void MD3Importer::ReadSkin(Q3Shader::SkinData& fill) const
 
				 	std::string::size_type s = filename.find_last_of('_');

			
 
				 	if (s == std::string::npos) {

			
 
				 		s = filename.find_last_of('.');

			
 
				+		if (s == std::string::npos) {

			
 
				+			s = filename.size();

			
 
				+		}

			
 
				 	}

			
 
				 	ai_assert(s != std::string::npos);

			
 
				 

			
@@ -539,7 +542,9 @@ bool MD3Importer::ReadMultipartFile()
 
				 {

			
 
				 	// check whether the file name contains a common postfix, e.g lower_2.md3

			
 
				 	std::string::size_type s = filename.find_last_of('_'), t = filename.find_last_of('.');

			
 
				-	ai_assert(t != std::string::npos);

			
 
				+

			
 
				+	if (t == std::string::npos)

			
 
				+		t = filename.size();

			
 
				 	if (s == std::string::npos)

			
 
				 		s = t;

			
 
				 

			
--- a/code/ObjFileImporter.cpp
+++ b/code/ObjFileImporter.cpp
@@ -431,7 +431,9 @@ void ObjFileImporter::createVertexArray(const ObjFile::Model* pModel,
 
				                 pMesh->mTextureCoords[ 0 ][ newIndex ] = aiVector3D( coord3d.x, coord3d.y, coord3d.z );

			
 
				             }

			
 
				 

			
 
				-            ai_assert( pMesh->mNumVertices > newIndex );

			
 
				+            if ( pMesh->mNumVertices <= newIndex ) {

			
 
				+                throw DeadlyImportError("OBJ: bad vertex index");

			
 
				+            }

			
 
				 

			
 
				             // Get destination face

			
 
				             aiFace *pDestFace = &pMesh->mFaces[ outIndex ];

			
--- a/code/ObjFileParser.cpp
+++ b/code/ObjFileParser.cpp
@@ -265,7 +265,7 @@ void ObjFileParser::getVector( std::vector<aiVector3D> &point3d_array ) {
 
				         copyNextWord( m_buffer, BUFFERSIZE );

			
 
				         z = ( float ) fast_atof( m_buffer );

			
 
				     } else {

			
 
				-        ai_assert( !"Invalid number of components" );

			
 
				+        throw DeadlyImportError( "OBJ: Invalid number of components" );

			
 
				     }

			
 
				     point3d_array.push_back( aiVector3D( x, y, z ) );

			
 
				     m_DataIt = skipLine<DataArrayIt>( m_DataIt, m_DataItEnd, m_uiLine );

			
--- a/code/XFileImporter.cpp
+++ b/code/XFileImporter.cpp
@@ -165,6 +165,10 @@ void XFileImporter::CreateDataRepresentationFromImport( aiScene* pScene, XFile::
 
				 		CreateMeshes( pScene, pScene->mRootNode, pData->mGlobalMeshes);

			
 
				 	}

			
 
				 

			
 
				+	if (!pScene->mRootNode) {

			
 
				+		throw DeadlyImportError( "No root node" );

			
 
				+	}

			
 
				+

			
 
				 	// Convert everything to OpenGL space... it's the same operation as the conversion back, so we can reuse the step directly

			
 
				 	MakeLeftHandedProcess convertProcess;

			
 
				 	convertProcess.Execute( pScene);