packages/assimp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!50 [sync] PR-45: Fix CVE-2024-48425

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
This commit is contained in:
openeuler-ci-bot 2024-11-05 01:21:33 +00:00 committed by Gitee
commit 96d7135eda
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2024-48425.patch Normal file
View File

@ -0,0 +1,29 @@
From ecdf8d24b85367b22ba353b4f82299d4af7f1f97 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Mon, 7 Oct 2024 10:30:45 +0200
Subject: [PATCH] SplitLargeMeshes: Fix crash (#5799)
- Fix nullptr access when rootnode of the scene is a nullptr. This can happen even if the scene stores any kind of meshes. closes https://github.com/assimp/assimp/issues/5791
---
code/PostProcessing/SplitLargeMeshes.cpp | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/code/PostProcessing/SplitLargeMeshes.cpp b/code/PostProcessing/SplitLargeMeshes.cpp
index 3bee28521..cb9727651 100644
--- a/code/PostProcessing/SplitLargeMeshes.cpp
+++ b/code/PostProcessing/SplitLargeMeshes.cpp
@@ -100,6 +100,11 @@ void SplitLargeMeshesProcess_Triangle::SetupProperties( const Importer* pImp) {
// ------------------------------------------------------------------------------------------------
// Update a node after some meshes have been split
void SplitLargeMeshesProcess_Triangle::UpdateNode(aiNode* pcNode, const std::vector<std::pair<aiMesh*, unsigned int> >& avList) {
+ if (pcNode == nullptr) {
+ ASSIMP_LOG_WARN("UpdateNode skipped, nullptr detected.");
+ return;
+ }
+
// for every index in out list build a new entry
std::vector<unsigned int> aiEntries;
aiEntries.reserve(pcNode->mNumMeshes + 1);
--
2.33.0

6
assimp.spec
View File

@ -1,6 +1,6 @@
Name: assimp
Version: 5.3.1
Release: 4
Release: 5
Summary: Library to load and process various 3D model formats into applications.
License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
URL: http://www.assimp.org/
@ -14,6 +14,7 @@ Source0: assimp-%{version}-free.tar.xz
Patch01: CVE-2024-40724-Fix-out-of-bound-access-5651.patch
Patch02: CVE-2024-45679.patch
Patch03: CVE-2024-48425.patch
BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib)
@ -93,6 +94,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
%{python3_sitelib}/pyassimp
%changelog
* Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 5.3.1-5
- Fix CVE-2024-48425
* Thu Sep 19 2024 wangkai <13474090681@163.com> - 5.3.1-4
- fix CVE-2024-45679