The root cause was an unchecked access to the `newMats` vector using `matIdx`.
When a material name (`meshMaterial`) is not found in `mMaterialIndexByName`,
`matIdx` defaults to 0. If `newMats` is empty (which happens if the material
library is empty or failed to load), accessing `newMats[0]` results in a
container-overflow.
The fix involves adding a bounds check `matIdx < newMats.size()` to the
condition guarding the access to `newMats`. Additionally, based on maintainer
feedback, I added a warning log `ASSIMP_LOG_WARN` when the index is out of
bounds, to inform the user about the missing material definition or broken
reference.
I verified the fix using the provided reproduction command. The
container-overflow is no longer triggered. I also built and ran the unit tests.
Since `bin/unit` was missing, I manually built the unit tests using
`cmake.real` and `ninja` in `/src/assimp/build_tests` with
`ASSIMP_BUILD_TESTS=ON`, `ASSIMP_BUILD_ZLIB=ON`, and
`ASSIMP_WARNINGS_AS_ERRORS=OFF` (to bypass a gtest compilation warning), and
updated `run_tests.sh` to point to the built binary. All 584 tests passed.
Fixes: https://issues.oss-fuzz.com/issues/483102958
Signed-off-by: Bill Wendling <morbo@google.com>
Co-authored-by: CodeMender <codemender-patching@google.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
158da57515