39 lines
1.5 KiB
Diff
39 lines
1.5 KiB
Diff
From e4e2c63e0c2c449cd69fb9a3269e865eb83c241d Mon Sep 17 00:00:00 2001
|
|
From: Alexandre Avenel <alexandre.avenel@ls-vr.com>
|
|
Date: Sat, 4 Nov 2023 10:28:19 +0100
|
|
Subject: [PATCH] Fix heap-buffer overflow in PLY parser
|
|
Origin: https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d
|
|
|
|
---
|
|
code/AssetLib/Ply/PlyParser.cpp | 3 ++-
|
|
include/assimp/IOStreamBuffer.h | 2 +-
|
|
2 files changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/code/AssetLib/Ply/PlyParser.cpp b/code/AssetLib/Ply/PlyParser.cpp
|
|
index 6edba71fca..662da805ea 100644
|
|
--- a/code/AssetLib/Ply/PlyParser.cpp
|
|
+++ b/code/AssetLib/Ply/PlyParser.cpp
|
|
@@ -425,7 +425,8 @@ bool PLY::DOM::ParseHeader(IOStreamBuffer<char> &streamBuffer, std::vector<char>
|
|
break;
|
|
} else {
|
|
// ignore unknown header elements
|
|
- streamBuffer.getNextLine(buffer);
|
|
+ if (!streamBuffer.getNextLine(buffer))
|
|
+ return false;
|
|
}
|
|
}
|
|
|
|
diff --git a/include/assimp/IOStreamBuffer.h b/include/assimp/IOStreamBuffer.h
|
|
index fae480e715..47db35a957 100644
|
|
--- a/include/assimp/IOStreamBuffer.h
|
|
+++ b/include/assimp/IOStreamBuffer.h
|
|
@@ -287,7 +287,7 @@ static AI_FORCE_INLINE bool isEndOfCache(size_t pos, size_t cacheSize) {
|
|
template <class T>
|
|
AI_FORCE_INLINE bool IOStreamBuffer<T>::getNextLine(std::vector<T> &buffer) {
|
|
buffer.resize(m_cacheSize);
|
|
- if (isEndOfCache(m_cachePos, m_cacheSize) || 0 == m_filePos) {
|
|
+ if (m_cachePos >= m_cacheSize || 0 == m_filePos) {
|
|
if (!readNextBlock()) {
|
|
return false;
|
|
}
|