Home Explore Help
Sign In
software
/
assimp.assimp
mirror of https://github.com/assimp/assimp.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix potential heapbuffer overflow in md5 parsing (#5652)

Matthias Möller 1 year ago
parent
fe6e25080b
commit
d5cb1fe01f
1 changed files with 6 additions and 0 deletions
Unified View Show Diff Stats
  1. 6 0
      code/AssetLib/MD5/MD5Parser.cpp

+ 6 - 0
code/AssetLib/MD5/MD5Parser.cpp
View File 

@@ -234,8 +234,12 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
 
     AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
 
     AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
 
     if ('(' != **sz) {
 
     if ('(' != **sz) {
 
         MD5Parser::ReportWarning("Unexpected token: ( was expected", linenumber);
 
         MD5Parser::ReportWarning("Unexpected token: ( was expected", linenumber);
 
+        if (*sz == bufferEnd)
 
+            return;
 
         ++*sz;
 
         ++*sz;
 
     }
 
     }
 
+    if (*sz == bufferEnd)
 
+        return;
 
     ++*sz;
 
     ++*sz;
 
     AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
 
     AI_MD5_SKIP_SPACES(sz, bufferEnd, linenumber);
 
     *sz = fast_atoreal_move<float>(*sz, (float &)vec.x);
 
     *sz = fast_atoreal_move<float>(*sz, (float &)vec.x);
 
@@ -247,6 +251,8 @@ inline void AI_MD5_READ_TRIPLE(aiVector3D &vec, const char **sz, const char *buf
 
     if (')' != **sz) {
 
     if (')' != **sz) {
 
         MD5Parser::ReportWarning("Unexpected token: ) was expected", linenumber);
 
         MD5Parser::ReportWarning("Unexpected token: ) was expected", linenumber);
 
     }
 
     }
 
+    if (*sz == bufferEnd)
 
+        return;
 
     ++*sz;
 
     ++*sz;
 
 }
 
 }