Home Explore Help
Sign In
software
/
assimp.assimp
mirror of https://github.com/assimp/assimp.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #5120 from sashashura/6520123362508800

Fix Stack-buffer-overflow READ in aiMaterial::AddBinaryProperty
Kim Kulling 2 years ago
parent
ed0dff2a7e 7005a9caa2
commit
96d0c0769e
2 changed files with 7 additions and 7 deletions
Split View Show Diff Stats
  1. 3 3
      code/AssetLib/MDL/MDLMaterialLoader.cpp
  2. 4 4
      code/Material/MaterialSystem.cpp

+ 3 - 3
code/AssetLib/MDL/MDLMaterialLoader.cpp
View File 

@@ -493,12 +493,12 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
 
 
         aiString szFile;
 
         const size_t iLen = strlen((const char *)szCurrent);
 
-        size_t iLen2 = iLen + 1;
 
-        iLen2 = iLen2 > MAXLEN ? MAXLEN : iLen2;
 
+        size_t iLen2 = iLen > (MAXLEN - 1) ? (MAXLEN - 1) : iLen;
 
         memcpy(szFile.data, (const char *)szCurrent, iLen2);
 
+        szFile.data[iLen2] = '\0';
 
         szFile.length = static_cast<ai_uint32>(iLen2);
 
 
-        szCurrent += iLen2;
 
+        szCurrent += iLen2 + 1;
 
 
         // place this as diffuse texture
 
         pcMatOut->AddProperty(&szFile, AI_MATKEY_TEXTURE_DIFFUSE(0));

+ 4 - 4
code/Material/MaterialSystem.cpp
View File 

@@ -51,6 +51,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include <assimp/material.h>
 
 #include <assimp/types.h>
 
 #include <assimp/DefaultLogger.hpp>
 
+#include <memory>
 
 
 using namespace Assimp;
 
 
@@ -473,7 +474,7 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
 
     }
 
 
     // Allocate a new material property
 
-    aiMaterialProperty *pcNew = new aiMaterialProperty();
 
+    std::unique_ptr<aiMaterialProperty> pcNew(new aiMaterialProperty());
 
 
     // .. and fill it
 
     pcNew->mType = pType;
 
@@ -489,7 +490,7 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
 
     strcpy(pcNew->mKey.data, pKey);
 
 
     if (UINT_MAX != iOutIndex) {
 
-        mProperties[iOutIndex] = pcNew;
 
+        mProperties[iOutIndex] = pcNew.release();
 
         return AI_SUCCESS;
 
     }
 
 
@@ -502,7 +503,6 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
 
         try {
 
             ppTemp = new aiMaterialProperty *[mNumAllocated];
 
         } catch (std::bad_alloc &) {
 
-            delete pcNew;
 
             return AI_OUTOFMEMORY;
 
         }
 
 
@@ -513,7 +513,7 @@ aiReturn aiMaterial::AddBinaryProperty(const void *pInput,
 
         mProperties = ppTemp;
 
     }
 
     // push back ...
 
-    mProperties[mNumProperties++] = pcNew;
 
+    mProperties[mNumProperties++] = pcNew.release();
 
 
     return AI_SUCCESS;
 
 }