packages/assimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!29 fix CVE-2024-40724

Browse Source 
From: @yinyongkang 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
This commit is contained in:
openeuler-ci-bot 2024-07-22 08:00:33 +00:00 committed by Gitee
commit 1ddb23648c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2024-40724-Fix-out-of-bound-access-5651.patch Normal file
View File

@ -0,0 +1,27 @@
From ddb74c2bbdee1565dda667e85f0c82a0588c8053 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Wed, 3 Jul 2024 21:37:24 +0200
Subject: [PATCH] Fix out of bound access (#5651)
---
code/AssetLib/Ply/PlyLoader.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/code/AssetLib/Ply/PlyLoader.cpp b/code/AssetLib/Ply/PlyLoader.cpp
index 783c7f1..e109541 100644
--- a/code/AssetLib/Ply/PlyLoader.cpp
+++ b/code/AssetLib/Ply/PlyLoader.cpp
@@ -567,6 +567,10 @@ void PLYImporter::LoadFace(const PLY::Element *pcElement, const PLY::ElementInst
if (mGeneratedMesh->mFaces == nullptr) {
mGeneratedMesh->mNumFaces = pcElement->NumOccur;
mGeneratedMesh->mFaces = new aiFace[mGeneratedMesh->mNumFaces];
+ } else {
+ if (mGeneratedMesh->mNumFaces < pcElement->NumOccur) {
+ throw DeadlyImportError("Invalid .ply file: Too many faces");
+ }
}
if (!bIsTriStrip) {
--
2.41.0

8
assimp.spec
View File

@ -1,6 +1,6 @@
Name: assimp
Version: 5.3.1
Release: 2
Release: 3
Summary: Library to load and process various 3D model formats into applications.
License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
URL: http://www.assimp.org/
@ -11,6 +11,9 @@ URL: http://www.assimp.org/
#cd ..
#tar czf assimp-%{version}-free.tar.xz assimp-%{version}
Source0: assimp-%{version}-free.tar.xz
Patch01: CVE-2024-40724-Fix-out-of-bound-access-5651.patch
BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib)
BuildRequires: pkgconfig(zlib) pkgconfig(minizip) gmock-devel make
@ -89,6 +92,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
%{python3_sitelib}/pyassimp
%changelog
* Mon Jul 22 2024 yinyongkang <yinyongkang@kylinos.cn> - 5.3.1-3
- fix CVE-2024-40724
* Thu Mar 28 2024 Ge Wang <wang__ge@126.com> - 5.3.1-2
- Add executable binary file assimp