forked from pool/assimp
This commit is contained in:
Christophe Marin
Git OBS Bridge
parent
55d3a585ef
commit
a5249113e8
@ -1,36 +1,55 @@
|
|||||||
From 2d717b71d75f6b2d027638d686e3a95350d52206 Mon Sep 17 00:00:00 2001
|
From 4b9f46dbda5128d6d538d185eb69ad6a7b4b99ff Mon Sep 17 00:00:00 2001
|
||||||
From: Adam Mizerski <adam@mizerski.pl>
|
From: Adam Mizerski <adam@mizerski.pl>
|
||||||
Date: Mon, 12 Feb 2024 08:57:22 +0100
|
Date: Thu, 15 Feb 2024 13:07:00 +0100
|
||||||
Subject: [PATCH] ColladaParser: check values length
|
Subject: [PATCH] ColladaParser: check values length (#5462)
|
||||||
|
|
||||||
|
* ColladaParser: check values length
|
||||||
|
|
||||||
fixes: #4286
|
fixes: #4286
|
||||||
|
|
||||||
|
* Refactor calculation of size for data
|
||||||
|
|
||||||
|
---------
|
||||||
|
|
||||||
|
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
|
||||||
---
|
---
|
||||||
code/AssetLib/Collada/ColladaParser.cpp | 6 +
|
code/AssetLib/Collada/ColladaParser.cpp | 10 +-
|
||||||
.../invalid/box_nested_animation_4286.dae | 196 ++++++++++++++++++
|
.../invalid/box_nested_animation_4286.dae | 196 ++++++++++++++++++
|
||||||
test/models/invalid/readme.txt | 3 +
|
test/models/invalid/readme.txt | 3 +
|
||||||
test/unit/utColladaImportExport.cpp | 8 +
|
test/unit/utColladaImportExport.cpp | 8 +
|
||||||
4 files changed, 213 insertions(+)
|
4 files changed, 216 insertions(+), 1 deletion(-)
|
||||||
create mode 100644 test/models/invalid/box_nested_animation_4286.dae
|
create mode 100644 test/models/invalid/box_nested_animation_4286.dae
|
||||||
|
|
||||||
diff --git a/code/AssetLib/Collada/ColladaParser.cpp b/code/AssetLib/Collada/ColladaParser.cpp
|
diff --git a/code/AssetLib/Collada/ColladaParser.cpp b/code/AssetLib/Collada/ColladaParser.cpp
|
||||||
index ee7a395d95..145323a221 100644
|
index ee7a395d9..c5163fe39 100644
|
||||||
--- a/code/AssetLib/Collada/ColladaParser.cpp
|
--- a/code/AssetLib/Collada/ColladaParser.cpp
|
||||||
+++ b/code/AssetLib/Collada/ColladaParser.cpp
|
+++ b/code/AssetLib/Collada/ColladaParser.cpp
|
||||||
@@ -1786,6 +1786,9 @@ size_t ColladaParser::ReadPrimitives(XmlNode &node, Mesh &pMesh, std::vector<Inp
|
@@ -3,7 +3,7 @@
|
||||||
|
Open Asset Import Library (assimp)
|
||||||
|
---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
-Copyright (c) 2006-2022, assimp team
|
||||||
|
+Copyright (c) 2006-2024, assimp team
|
||||||
|
|
||||||
|
All rights reserved.
|
||||||
|
|
||||||
|
@@ -1786,6 +1786,10 @@ size_t ColladaParser::ReadPrimitives(XmlNode &node, Mesh &pMesh, std::vector<Inp
|
||||||
const Accessor *acc = input.mResolved;
|
const Accessor *acc = input.mResolved;
|
||||||
if (!acc->mData) {
|
if (!acc->mData) {
|
||||||
acc->mData = &ResolveLibraryReference(mDataLibrary, acc->mSource);
|
acc->mData = &ResolveLibraryReference(mDataLibrary, acc->mSource);
|
||||||
+ if (acc->mOffset + acc->mCount * acc->mStride > acc->mData->mValues.size()) {
|
+ const size_t dataSize = acc->mOffset + acc->mCount * acc->mStride;
|
||||||
|
+ if (dataSize > acc->mData->mValues.size()) {
|
||||||
+ throw DeadlyImportError("Not enough data for accessor");
|
+ throw DeadlyImportError("Not enough data for accessor");
|
||||||
+ }
|
+ }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// and the same for the per-index channels
|
// and the same for the per-index channels
|
||||||
@@ -1810,6 +1813,9 @@ size_t ColladaParser::ReadPrimitives(XmlNode &node, Mesh &pMesh, std::vector<Inp
|
@@ -1810,6 +1814,10 @@ size_t ColladaParser::ReadPrimitives(XmlNode &node, Mesh &pMesh, std::vector<Inp
|
||||||
const Accessor *acc = input.mResolved;
|
const Accessor *acc = input.mResolved;
|
||||||
if (!acc->mData) {
|
if (!acc->mData) {
|
||||||
acc->mData = &ResolveLibraryReference(mDataLibrary, acc->mSource);
|
acc->mData = &ResolveLibraryReference(mDataLibrary, acc->mSource);
|
||||||
+ if (acc->mOffset + acc->mCount * acc->mStride > acc->mData->mValues.size()) {
|
+ const size_t dataSize = acc->mOffset + acc->mCount * acc->mStride;
|
||||||
|
+ if (dataSize > acc->mData->mValues.size()) {
|
||||||
+ throw DeadlyImportError("Not enough data for accessor");
|
+ throw DeadlyImportError("Not enough data for accessor");
|
||||||
+ }
|
+ }
|
||||||
}
|
}
|
||||||
@ -38,7 +57,7 @@ index ee7a395d95..145323a221 100644
|
|||||||
|
|
||||||
diff --git a/test/models/invalid/box_nested_animation_4286.dae b/test/models/invalid/box_nested_animation_4286.dae
|
diff --git a/test/models/invalid/box_nested_animation_4286.dae b/test/models/invalid/box_nested_animation_4286.dae
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000000..2def61d20d
|
index 000000000..2def61d20
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/test/models/invalid/box_nested_animation_4286.dae
|
+++ b/test/models/invalid/box_nested_animation_4286.dae
|
||||||
@@ -0,0 +1,196 @@
|
@@ -0,0 +1,196 @@
|
||||||
@ -239,7 +258,7 @@ index 0000000000..2def61d20d
|
|||||||
+ </scene>
|
+ </scene>
|
||||||
+</COLLADA>
|
+</COLLADA>
|
||||||
diff --git a/test/models/invalid/readme.txt b/test/models/invalid/readme.txt
|
diff --git a/test/models/invalid/readme.txt b/test/models/invalid/readme.txt
|
||||||
index 6ad8b4380d..ad144ca363 100644
|
index 6ad8b4380..ad144ca36 100644
|
||||||
--- a/test/models/invalid/readme.txt
|
--- a/test/models/invalid/readme.txt
|
||||||
+++ b/test/models/invalid/readme.txt
|
+++ b/test/models/invalid/readme.txt
|
||||||
@@ -18,6 +18,9 @@ crash.
|
@@ -18,6 +18,9 @@ crash.
|
||||||
@ -253,7 +272,7 @@ index 6ad8b4380d..ad144ca363 100644
|
|||||||
enough memory so std::vector::reserve() will most likely fail.
|
enough memory so std::vector::reserve() will most likely fail.
|
||||||
The exception should be caught in Importer.cpp.
|
The exception should be caught in Importer.cpp.
|
||||||
diff --git a/test/unit/utColladaImportExport.cpp b/test/unit/utColladaImportExport.cpp
|
diff --git a/test/unit/utColladaImportExport.cpp b/test/unit/utColladaImportExport.cpp
|
||||||
index e2842732ea..52a927b128 100644
|
index e2842732e..52a927b12 100644
|
||||||
--- a/test/unit/utColladaImportExport.cpp
|
--- a/test/unit/utColladaImportExport.cpp
|
||||||
+++ b/test/unit/utColladaImportExport.cpp
|
+++ b/test/unit/utColladaImportExport.cpp
|
||||||
@@ -357,6 +357,14 @@ TEST_F(utColladaImportExport, exporterUniqueIdsTest) {
|
@@ -357,6 +357,14 @@ TEST_F(utColladaImportExport, exporterUniqueIdsTest) {
|
||||||
@ -271,3 +290,6 @@ index e2842732ea..52a927b128 100644
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
class utColladaZaeImportExport : public AbstractImportExportBase {
|
class utColladaZaeImportExport : public AbstractImportExportBase {
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
||||||
@ -3,7 +3,8 @@ Mon Feb 12 23:13:07 UTC 2024 - Adam Mizerski <adam@mizerski.pl>
|
|||||||
|
|
||||||
- Reenable the Collada parser.
|
- Reenable the Collada parser.
|
||||||
- Removed patch 0001-Don-t-build-the-collada-importer-exporter-tests.patch
|
- Removed patch 0001-Don-t-build-the-collada-importer-exporter-tests.patch
|
||||||
- Added patch 5462.patch
|
- Add patch (boo#1207377, CVE-2022-45748)
|
||||||
|
* 0001-ColladaParser-check-values-length-5462.patch
|
||||||
- Improved tests filtering
|
- Improved tests filtering
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
|
|||||||
@ -25,8 +25,8 @@ License: BSD-3-Clause AND MIT
|
|||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
URL: https://www.assimp.org/
|
URL: https://www.assimp.org/
|
||||||
Source0: %{name}-%{version}.tar.xz
|
Source0: %{name}-%{version}.tar.xz
|
||||||
# From https://github.com/assimp/assimp/pull/5462
|
# PATCH-FIX-UPSTREAM
|
||||||
Patch0: 5462.patch
|
Patch0: 0001-ColladaParser-check-values-length-5462.patch
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: dos2unix
|
BuildRequires: dos2unix
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user