From e4e2c63e0c2c449cd69fb9a3269e865eb83c241d Mon Sep 17 00:00:00 2001
From: Alexandre Avenel <alexandre.avenel@ls-vr.com>
Date: Sat, 4 Nov 2023 10:28:19 +0100
Subject: [PATCH] Fix heap-buffer overflow in PLY parser
Origin: https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d

---
 code/AssetLib/Ply/PlyParser.cpp | 3 ++-
 include/assimp/IOStreamBuffer.h | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/code/AssetLib/Ply/PlyParser.cpp b/code/AssetLib/Ply/PlyParser.cpp
index 6edba71fca..662da805ea 100644
--- a/code/AssetLib/Ply/PlyParser.cpp
+++ b/code/AssetLib/Ply/PlyParser.cpp
@@ -425,7 +425,8 @@ bool PLY::DOM::ParseHeader(IOStreamBuffer<char> &streamBuffer, std::vector<char>
             break;
         } else {
             // ignore unknown header elements
-            streamBuffer.getNextLine(buffer);
+            if (!streamBuffer.getNextLine(buffer))
+              return false;
         }
     }
 
diff --git a/include/assimp/IOStreamBuffer.h b/include/assimp/IOStreamBuffer.h
index fae480e715..47db35a957 100644
--- a/include/assimp/IOStreamBuffer.h
+++ b/include/assimp/IOStreamBuffer.h
@@ -287,7 +287,7 @@ static AI_FORCE_INLINE bool isEndOfCache(size_t pos, size_t cacheSize) {
 template <class T>
 AI_FORCE_INLINE bool IOStreamBuffer<T>::getNextLine(std::vector<T> &buffer) {
     buffer.resize(m_cacheSize);
-    if (isEndOfCache(m_cachePos, m_cacheSize) || 0 == m_filePos) {
+    if (m_cachePos >= m_cacheSize || 0 == m_filePos) {
         if (!readNextBlock()) {
             return false;
         }