Overview

File CVE-2024-48423.patch of Package assimp.18846

From d34f7b15bbdfeb32a7724d3f8b3dd9a1b753e976 Mon Sep 17 00:00:00 2001
From: tyler92 <tyler92@inbox.ru>
Date: Wed, 11 Dec 2024 12:17:14 +0200
Subject: [PATCH] Fix use after free in the CallbackToLogRedirector (#5918)

The heap-use-after-free vulnerability occurs in the
CallbackToLogRedirector function. During the process of logging,
a previously freed memory region is accessed, leading to a
use-after-free condition. This vulnerability stems from incorrect
memory management, specifically, freeing a log stream and then
attempting to access it later on.

This patch sets NULL value for The DefaultStream global pointer.

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
---
 code/Common/Assimp.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/code/Common/Assimp.cpp b/code/Common/Assimp.cpp
index e3b39c3..30e5b75 100644
--- a/code/Common/Assimp.cpp
+++ b/code/Common/Assimp.cpp
@@ -406,6 +406,10 @@ ASSIMP_API aiReturn aiDetachLogStream(const aiLogStream *stream) {
     DefaultLogger::get()->detachStream(it->second);
     delete it->second;
 
+    if ((Assimp::LogStream *)stream->user == DefaultStream) {
+        DefaultStream = nullptr;
+    }
+
     gActiveLogStreams.erase(it);
 
     if (gActiveLogStreams.empty()) {
-- 
2.49.0
openSUSE Build Service is sponsored by
Places