2 years ago · d77903423f
--- a/code/AssetLib/MDL/MDLLoader.cpp
+++ b/code/AssetLib/MDL/MDLLoader.cpp
@@ -271,10 +271,16 @@ void MDLImporter::InternReadFile(const std::string &pFile,
 
				     }
			
 
				 }
			
 
				 
			
 
				+// ------------------------------------------------------------------------------------------------
			
 
				+// Check whether we're still inside the valid file range
			
 
				+bool MDLImporter::IsPosValid(const void *szPos) const {
			
 
				+    return szPos && (const unsigned char *)szPos <= this->mBuffer + this->iFileSize && szPos >= this->mBuffer;
			
 
				+}
			
 
				+
			
 
				 // ------------------------------------------------------------------------------------------------
			
 
				 // Check whether we're still inside the valid file range
			
 
				 void MDLImporter::SizeCheck(const void *szPos) {
			
 
				-    if (!szPos || (const unsigned char *)szPos > this->mBuffer + this->iFileSize || szPos < this->mBuffer) {
			
 
				+    if (!IsPosValid(szPos)) {
			
 
				         throw DeadlyImportError("Invalid MDL file. The file is too small "
			
 
				                                 "or contains invalid data.");
			
 
				     }
			
@@ -284,7 +290,7 @@ void MDLImporter::SizeCheck(const void *szPos) {
 
				 // Just for debugging purposes
			
 
				 void MDLImporter::SizeCheck(const void *szPos, const char *szFile, unsigned int iLine) {
			
 
				     ai_assert(nullptr != szFile);
			
 
				-    if (!szPos || (const unsigned char *)szPos > mBuffer + iFileSize) {
			
 
				+    if (!IsPosValid(szPos)) {
			
 
				         // remove a directory if there is one
			
 
				         const char *szFilePtr = ::strrchr(szFile, '\\');
			
 
				         if (!szFilePtr) {
			
--- a/code/AssetLib/MDL/MDLLoader.h
+++ b/code/AssetLib/MDL/MDLLoader.h
@@ -150,6 +150,7 @@ protected:
 
				     */
			
 
				     void SizeCheck(const void* szPos);
			
 
				     void SizeCheck(const void* szPos, const char* szFile, unsigned int iLine);
			
 
				+    bool IsPosValid(const void* szPos) const;
			
 
				 
			
 
				     // -------------------------------------------------------------------
			
 
				     /** Validate the header data structure of a game studio MDL7 file
			
--- a/code/AssetLib/NDO/NDOLoader.cpp
+++ b/code/AssetLib/NDO/NDOLoader.cpp
@@ -52,6 +52,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
				 #include <assimp/importerdesc.h>
			
 
				 #include <assimp/StreamReader.h>
			
 
				 #include <map>
			
 
				+#include <limits>
			
 
				 
			
 
				 using namespace Assimp;
			
 
				 
			
@@ -160,6 +161,9 @@ void NDOImporter::InternReadFile( const std::string& pFile,
 
				 
			
 
				         temp = file_format >= 12 ? reader.GetU4() : reader.GetU2();
			
 
				         head = (const char*)reader.GetPtr();
			
 
				+        if (std::numeric_limits<unsigned int>::max() - 76 < temp) {
			
 
				+            throw DeadlyImportError("Invalid name length");
			
 
				+        }
			
 
				         reader.IncPtr(temp + 76); /* skip unknown stuff */
			
 
				 
			
 
				         obj.name = std::string(head, temp);
			
--- a/code/Common/BaseImporter.cpp
+++ b/code/Common/BaseImporter.cpp
@@ -312,12 +312,7 @@ std::string BaseImporter::GetExtension(const std::string &pFile) {
 
				     if (!pIOHandler) {
			
 
				         return false;
			
 
				     }
			
 
				-    union {
			
 
				-        const char *magic;
			
 
				-        const uint16_t *magic_u16;
			
 
				-        const uint32_t *magic_u32;
			
 
				-    };
			
 
				-    magic = reinterpret_cast<const char *>(_magic);
			
 
				+    const char *magic = reinterpret_cast<const char *>(_magic);
			
 
				     std::unique_ptr<IOStream> pStream(pIOHandler->Open(pFile));
			
 
				     if (pStream) {
			
 
				 
			
@@ -339,15 +334,15 @@ std::string BaseImporter::GetExtension(const std::string &pFile) {
 
				             // that's just for convenience, the chance that we cause conflicts
			
 
				             // is quite low and it can save some lines and prevent nasty bugs
			
 
				             if (2 == size) {
			
 
				-                uint16_t rev = *magic_u16;
			
 
				-                ByteSwap::Swap(&rev);
			
 
				-                if (data_u16[0] == *magic_u16 || data_u16[0] == rev) {
			
 
				+                uint16_t magic_u16;
			
 
				+                memcpy(&magic_u16, magic, 2);
			
 
				+                if (data_u16[0] == magic_u16 || data_u16[0] == ByteSwap::Swapped(magic_u16)) {
			
 
				                     return true;
			
 
				                 }
			
 
				             } else if (4 == size) {
			
 
				-                uint32_t rev = *magic_u32;
			
 
				-                ByteSwap::Swap(&rev);
			
 
				-                if (data_u32[0] == *magic_u32 || data_u32[0] == rev) {
			
 
				+                uint32_t magic_u32;
			
 
				+                memcpy(&magic_u32, magic, 4);
			
 
				+                if (data_u32[0] == magic_u32 || data_u32[0] == ByteSwap::Swapped(magic_u32)) {
			
 
				                     return true;
			
 
				                 }
			
 
				             } else {
			
--- a/include/assimp/postprocess.h
+++ b/include/assimp/postprocess.h
@@ -94,6 +94,7 @@ enum aiPostProcessSteps
 
				      * indexed geometry, this step is compulsory or you'll just waste rendering
			
 
				      * time. <b>If this flag is not specified</b>, no vertices are referenced by
			
 
				      * more than one face and <b>no index buffer is required</b> for rendering.
			
 
				+     * Unless the importer (like ply) had to split vertices. Then you need one regardless.
			
 
				      */
			
 
				     aiProcess_JoinIdenticalVertices = 0x2,