Scarfski/assimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed a container-overflow error (#6298)

Browse Source 
* Fixed a container-overflow error in `ODDLParser::OpenDDLParser::parseIntegerLiteral` by swapping the order of conditions in a while loop to ensure the end-of-buffer check happens before dereferencing the pointer. This prevents reading past the end of the buffer when lookForNextToken returns the end pointer.

https://oss-fuzz.com/testcase-detail/4980126616780800
https://issues.oss-fuzz.com/issues/42527625

* Update OpenDDLParser.cpp
This commit is contained in:
Dongge Liu
2025-08-02 12:25:40 -07:00
committed by GitHub
parent 9255412906
commit 13316790aa
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/openddlparser/code/OpenDDLParser.cpp
View File

@@ -655,7 +655,7 @@ char *OpenDDLParser::parseBooleanLiteral(char *in, char *end, Value **boolean) {
char *start(in);
size_t len(0);
while (!isSeparator(*in) && in != end) {
while (in != end && !isSeparator(*in)) {
++in;
++len;
}
@@ -688,7 +688,7 @@ char *OpenDDLParser::parseIntegerLiteral(char *in, char *end, Value **integer, V
in = lookForNextToken(in, end);
char *start(in);
while (!isSeparator(*in) && in != end) {
while (in != end && !isSeparator(*in)) {
++in;
}
@@ -831,7 +831,7 @@ char *OpenDDLParser::parseHexaLiteral(char *in, char *end, Value **data) {
bool ok(true);
char *start(in);
int pos(0);
while (!isSeparator(*in) && in != end) {
while (in != end && !isSeparator(*in)) {
if ((*in < '0' && *in > '9') || (*in < 'a' && *in > 'f') || (*in < 'A' && *in > 'F')) {
ok = false;
break;