BRNSystems/irrlicht
1
0
Fork 0
forked from Mirrorlandia_minetest/irrlicht
Code Pull Requests Activity

CB3DMeshFileLoader: add some bounds checks

Browse Source
This commit is contained in:
sfan5 2023-09-18 19:41:58 +02:00
parent 827710f74a
commit 64688f4490
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
source/Irrlicht/CB3DMeshFileLoader.cpp
View File

@ -274,7 +274,14 @@ bool CB3DMeshFileLoader::readChunkMESH(CSkinnedMesh::SJoint *inJoint)
{ {
scene::SSkinMeshBuffer *meshBuffer = AnimatedMesh->addMeshBuffer(); scene::SSkinMeshBuffer *meshBuffer = AnimatedMesh->addMeshBuffer();
if (brushID!=-1) if (brushID == -1)
{ /* ok */ }
else if (brushID < 0 || (u32)brushID >= Materials.size())
{
os::Printer::log("Illegal brush ID found", B3DFile->getFileName(), ELL_ERROR);
return false;
}
else
{ {
meshBuffer->Material=Materials[brushID].Material; meshBuffer->Material=Materials[brushID].Material;
} }
@ -354,7 +361,8 @@ bool CB3DMeshFileLoader::readChunkVRTS(CSkinnedMesh::SJoint *inJoint)
tex_coord_set_size = os::Byteswap::byteswap(tex_coord_set_size); tex_coord_set_size = os::Byteswap::byteswap(tex_coord_set_size);
#endif #endif
if (tex_coord_sets >= max_tex_coords || tex_coord_set_size >= 4) // Something is wrong if (tex_coord_sets < 0 || tex_coord_set_size < 0 ||
tex_coord_sets >= max_tex_coords || tex_coord_set_size >= 4) // Something is wrong
{ {
os::Printer::log("tex_coord_sets or tex_coord_set_size too big", B3DFile->getFileName(), ELL_ERROR); os::Printer::log("tex_coord_sets or tex_coord_set_size too big", B3DFile->getFileName(), ELL_ERROR);
return false; return false;
@ -458,13 +466,18 @@ bool CB3DMeshFileLoader::readChunkTRIS(scene::SSkinMeshBuffer *meshBuffer, u32 m
SB3dMaterial *B3dMaterial; SB3dMaterial *B3dMaterial;
if (triangle_brush_id != -1) if (triangle_brush_id == -1)
B3dMaterial = 0;
else if (triangle_brush_id < 0 || (u32)triangle_brush_id >= Materials.size())
{
os::Printer::log("Illegal material index found", B3DFile->getFileName(), ELL_ERROR);
return false;
}
else
{ {
B3dMaterial = &Materials[triangle_brush_id]; B3dMaterial = &Materials[triangle_brush_id];
meshBuffer->Material = B3dMaterial->Material; meshBuffer->Material = B3dMaterial->Material;
} }
else
B3dMaterial = 0;
const s32 memoryNeeded = B3dStack.getLast().length / sizeof(s32); const s32 memoryNeeded = B3dStack.getLast().length / sizeof(s32);
meshBuffer->Indices.reallocate(memoryNeeded + meshBuffer->Indices.size() + 1); meshBuffer->Indices.reallocate(memoryNeeded + meshBuffer->Indices.size() + 1);
@ -583,6 +596,12 @@ bool CB3DMeshFileLoader::readChunkBONE(CSkinnedMesh::SJoint *inJoint)
#endif #endif
globalVertexID += VerticesStart; globalVertexID += VerticesStart;
if (globalVertexID >= AnimatedVertices_VertexID.size())
{
os::Printer::log("Illegal vertex index found", B3DFile->getFileName(), ELL_ERROR);
return false;
}
if (AnimatedVertices_VertexID[globalVertexID]==-1) if (AnimatedVertices_VertexID[globalVertexID]==-1)
{ {
os::Printer::log("B3dMeshLoader: Weight has bad vertex id (no link to meshbuffer index found)"); os::Printer::log("B3dMeshLoader: Weight has bad vertex id (no link to meshbuffer index found)");

2
source/Irrlicht/SB3DStructs.h
View File

@ -10,6 +10,7 @@
#pragma once #pragma once
#include "SMaterial.h" #include "SMaterial.h"
#include "irrMath.h"
namespace irr { namespace irr {
namespace scene { namespace scene {
@ -25,6 +26,7 @@ struct SB3dChunk
SB3dChunk(const SB3dChunkHeader& header, long sp) SB3dChunk(const SB3dChunkHeader& header, long sp)
: length(header.size+8), startposition(sp) : length(header.size+8), startposition(sp)
{ {
length = core::max_(length, 8);
name[0]=header.name[0]; name[0]=header.name[0];
name[1]=header.name[1]; name[1]=header.name[1];
name[2]=header.name[2]; name[2]=header.name[2];