From c42589460d94d0e6334fbb6791309bd1218f5913 Mon Sep 17 00:00:00 2001 From: Kim Kulling Date: Fri, 29 Sep 2017 21:58:58 +0200 Subject: [PATCH] closes https://github.com/assimp/assimp/issues/1459: fix out-of-boundary access error --- code/SIBImporter.cpp | 53 +++++++++++++++++++++++----------------------------- code/StreamReader.h | 8 ++------ 2 files changed, 25 insertions(+), 36 deletions(-) diff --git a/code/SIBImporter.cpp b/code/SIBImporter.cpp index 4ae2ab7..bdda3c6 100644 --- a/code/SIBImporter.cpp +++ b/code/SIBImporter.cpp @@ -176,36 +176,29 @@ static void UnknownChunk(StreamReaderLE* stream, const SIBChunk& chunk) } // Reads a UTF-16LE string and returns it at UTF-8. -static aiString ReadString(StreamReaderLE* stream, uint32_t numWChars) -{ - if ( 0 == numWChars ) { +static aiString ReadString(StreamReaderLE *stream, uint32_t numWChars) { + if ( nullptr == stream || 0 == numWChars ) { static const aiString empty; return empty; } + // Allocate buffers (max expansion is 1 byte -> 4 bytes for UTF-8) - //UTF16* temp = new UTF16[numWChars]; std::vector str; - str.reserve(numWChars * 4 + 1); - //unsigned char* str = new unsigned char[numWChars * 4 + 1]; - uint16_t *temp = new uint16_t[numWChars]; - for (uint32_t n=0;nGetU2(); + str.reserve( numWChars * 4 + 1 ); + uint16_t *temp = new uint16_t[ numWChars ]; + for ( uint32_t n = 0; n < numWChars; ++n ) { + temp[ n ] = stream->GetU2(); + } // Convert it and NUL-terminate. - //const UTF16 *start = temp, *end = temp + numWChars; + const uint16_t *start( temp ), *end( temp + numWChars ); + utf8::utf16to8( start, end, back_inserter( str ) ); + str[ str.size() - 1 ] = '\0'; - const uint16_t *start = temp, *end = temp + numWChars; - utf8::utf16to8(start, end, back_inserter(str)); - - //UTF8 *dest = str, *limit = str + numWChars*4; - //ConvertUTF16toUTF8(&start, end, &dest, limit, lenientConversion); - //*dest = '\0'; - - str[str.size()] = '\0'; // Return the final string. aiString result = aiString((const char *)&str[0]); - //delete[] str; delete[] temp; + return result; } @@ -223,26 +216,26 @@ SIBImporter::~SIBImporter() { // ------------------------------------------------------------------------------------------------ // Returns whether the class can handle the format of the given file. -bool SIBImporter::CanRead( const std::string& pFile, IOSystem* /*pIOHandler*/, bool /*checkSig*/) const -{ +bool SIBImporter::CanRead( const std::string& pFile, IOSystem* /*pIOHandler*/, bool /*checkSig*/) const { return SimpleExtensionCheck(pFile, "sib"); } // ------------------------------------------------------------------------------------------------ -const aiImporterDesc* SIBImporter::GetInfo () const -{ +const aiImporterDesc* SIBImporter::GetInfo () const { return &desc; } // ------------------------------------------------------------------------------------------------ -static void ReadVerts(SIBMesh* mesh, StreamReaderLE* stream, uint32_t count) -{ - mesh->pos.resize(count); +static void ReadVerts(SIBMesh* mesh, StreamReaderLE* stream, uint32_t count) { + if ( nullptr == mesh || nullptr == stream ) { + return; + } - for (uint32_t n=0;npos[n].x = stream->GetF4(); - mesh->pos[n].y = stream->GetF4(); - mesh->pos[n].z = stream->GetF4(); + mesh->pos.resize(count); + for ( uint32_t n=0; npos[ n ].x = stream->GetF4(); + mesh->pos[ n ].y = stream->GetF4(); + mesh->pos[ n ].z = stream->GetF4(); } } diff --git a/code/StreamReader.h b/code/StreamReader.h index 494aed1..6220de9 100644 --- a/code/StreamReader.h +++ b/code/StreamReader.h @@ -291,15 +291,11 @@ private: throw DeadlyImportError("End of file or stream limit was reached"); } -///*#ifdef __arm__ T f; ::memcpy (&f, current, sizeof(T)); -//#else*/ -// T f = *((const T*)current); -//#endif - Intern :: Getter() (&f,le); - + Intern::Getter() (&f,le); current += sizeof(T); + return f; } -- 2.7.4