Overview

File 0001-CMS-Fix-possible-overflow-access.patch of Package assimp.18846

From 9bfecff42bc7e83ade7ece503833648f38d982e7 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Thu, 13 Mar 2025 21:10:49 +0100
Subject: [PATCH] CMS: Fix possible overflow access (#6052)

- closes https://github.com/assimp/assimp/issues/6010
---
 code/AssetLib/CSM/CSMLoader.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/code/AssetLib/CSM/CSMLoader.cpp b/code/AssetLib/CSM/CSMLoader.cpp
index db152f4..c130b3e 100644
--- a/code/AssetLib/CSM/CSMLoader.cpp
+++ b/code/AssetLib/CSM/CSMLoader.cpp
@@ -126,6 +126,8 @@ void CSMImporter::InternReadFile( const std::string& pFile,
     TextFileToBuffer(file.get(),mBuffer2);
     const char* buffer = &mBuffer2[0];
 
+    const char *end = &mBuffer2[mBuffer2.size() - 1] + 1;
+
     std::unique_ptr<aiAnimation> anim(new aiAnimation());
     int first = 0, last = 0x00ffffff;
 
@@ -164,8 +166,9 @@ void CSMImporter::InternReadFile( const std::string& pFile,
                     aiNodeAnim* nda = anims_temp.back();
 
                     char* ot = nda->mNodeName.data;
-                    while (!IsSpaceOrNewLine(*buffer))
+                    while (!IsSpaceOrNewLine(*buffer) && buffer != end) {
                         *ot++ = *buffer++;
+                    }
 
                     *ot = '\0';
                     nda->mNodeName.length = static_cast<ai_uint32>(ot-nda->mNodeName.data);
-- 
2.49.0
openSUSE Build Service is sponsored by
Places