From cac4e62852e8f5d93d0d1f940037701919346f2a Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 24 Oct 2022 11:07:51 +0200 Subject: [PATCH] Fix buffer overflow in COBJMeshFileLoader --- source/Irrlicht/COBJMeshFileLoader.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source/Irrlicht/COBJMeshFileLoader.cpp b/source/Irrlicht/COBJMeshFileLoader.cpp index 8746eb6..c4fee23 100644 --- a/source/Irrlicht/COBJMeshFileLoader.cpp +++ b/source/Irrlicht/COBJMeshFileLoader.cpp @@ -526,13 +526,18 @@ const c8* COBJMeshFileLoader::goAndCopyNextWord(c8* outBuf, const c8* inBuf, u32 bool COBJMeshFileLoader::retrieveVertexIndices(c8* vertexData, s32* idx, const c8* bufEnd, u32 vbsize, u32 vtsize, u32 vnsize) { - c8 word[16] = ""; + const u32 BUFFER_LENGTH = 16; + c8 word[BUFFER_LENGTH]; const c8* p = goFirstWord(vertexData, bufEnd); u32 idxType = 0; // 0 = posIdx, 1 = texcoordIdx, 2 = normalIdx u32 i = 0; while ( p != bufEnd ) { + if ( i >= BUFFER_LENGTH ) + { + return false; + } if ( ( core::isdigit(*p)) || (*p == '-') ) { // build up the number