SLFO-pool/assimp
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main assimp revision e3c75e4ebdda5b5ce2c35be95c28c75b

Browse Source
This commit is contained in:
Adrian Schröter 2024-08-27 10:42:50 +02:00
parent 2b003f4548
commit 96adc87c7f
4 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
0001-Fix-out-of-bound-access.patch Normal file
View File

@ -0,0 +1,24 @@
From 614911bb3b1bfc3a1799ae2b3cca306270f3fb97 Mon Sep 17 00:00:00 2001
From: Kim Kulling <kim.kulling@googlemail.com>
Date: Wed, 3 Jul 2024 21:05:53 +0200
Subject: [PATCH] Fix out of bound access
---
code/AssetLib/Ply/PlyLoader.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/code/AssetLib/Ply/PlyLoader.cpp b/code/AssetLib/Ply/PlyLoader.cpp
index 3e92339fb4..0c2463f240 100644
--- a/code/AssetLib/Ply/PlyLoader.cpp
+++ b/code/AssetLib/Ply/PlyLoader.cpp
@@ -564,6 +564,10 @@ void PLYImporter::LoadFace(const PLY::Element *pcElement, const PLY::ElementInst
if (mGeneratedMesh->mFaces == nullptr) {
mGeneratedMesh->mNumFaces = pcElement->NumOccur;
mGeneratedMesh->mFaces = new aiFace[mGeneratedMesh->mNumFaces];
+ } else {
+ if (mGeneratedMesh->mNumFaces < pcElement->NumOccur) {
+ throw DeadlyImportError("Invalid .ply file: Too many faces");
+ }
}
if (!bIsTriStrip) {

2
_constraints
View File

@ -3,6 +3,7 @@
<overwrite> <overwrite>
<conditions> <conditions>
<arch>ppc64</arch> <arch>ppc64</arch>
<arch>s390x</arch>
</conditions> </conditions>
<hardware> <hardware>
<memory> <memory>
@ -13,6 +14,7 @@
<overwrite> <overwrite>
<conditions> <conditions>
<arch>ppc64</arch> <arch>ppc64</arch>
<arch>s390x</arch>
</conditions> </conditions>
<hardware> <hardware>
<memory> <memory>

9
assimp.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Fri Aug 23 11:52:21 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
- Add patch from upstream to fix a heap-based buffer overflow in
the PLY importer class (bsc#1228142, CVE-2024-40724):
* 0001-Fix-out-of-bound-access.patch
- Set memory and disk constraints for s390x to fix tests failing
to build due to out-of-memory errors.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Oct 4 14:14:08 UTC 2023 - Christophe Marin <christophe@krop.fr> Wed Oct 4 14:14:08 UTC 2023 - Christophe Marin <christophe@krop.fr>

2
assimp.spec
View File

@ -27,6 +27,8 @@ URL: https://www.assimp.org/
Source0: %{name}-%{version}.tar.xz Source0: %{name}-%{version}.tar.xz
# PATCH-FIX-OPENSUSE # PATCH-FIX-OPENSUSE
Patch0: 0001-Don-t-build-the-collada-importer-exporter-tests.patch Patch0: 0001-Don-t-build-the-collada-importer-exporter-tests.patch
# PATCH-FIX-UPSTREAM 0001-Fix-out-of-bound-access.patch bsc#1228142 CVE-2024-40724 -- Fix heap-based buffer overflow in the PLY importer class
Patch1: 0001-Fix-out-of-bound-access.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: dos2unix BuildRequires: dos2unix
BuildRequires: gcc-c++ BuildRequires: gcc-c++