Accueil Explorer Aide
Connexion
software
/
assimp.assimp
miroir de https://github.com/assimp/assimp.git
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

Fix use after free in the CallbackToLogRedirector (#5918)

The heap-use-after-free vulnerability occurs in the
CallbackToLogRedirector function. During the process of logging,
a previously freed memory region is accessed, leading to a
use-after-free condition. This vulnerability stems from incorrect
memory management, specifically, freeing a log stream and then
attempting to access it later on.

This patch sets NULL value for The DefaultStream global pointer.

Co-authored-by: Kim Kulling <[email protected]>
tyler92 il y a 9 mois
Parent
28ebc8452b
commit
f12e521986
1 fichiers modifiés avec 4 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 4 0
      code/Common/Assimp.cpp

+ 4 - 0
code/Common/Assimp.cpp
Voir le fichier 

@@ -416,6 +416,10 @@ ASSIMP_API aiReturn aiDetachLogStream(const aiLogStream *stream) {
 
     DefaultLogger::get()->detachStream(it->second);
 
     delete it->second;
 
 
+    if ((Assimp::LogStream *)stream->user == DefaultStream) {
 
+        DefaultStream = nullptr;
 
+    }
 
+
 
     gActiveLogStreams.erase(it);
 
 
     if (gActiveLogStreams.empty()) {