From e0ce1bcddf1d05c3b2b0efbdd7f923b431a64dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20M=C3=B6bius?= Date: Thu, 26 Oct 2023 11:27:28 +0200 Subject: [PATCH] =?UTF-8?q?Fixed=20possible=20buffer=20overflow=20(Thanks?= =?UTF-8?q?=20to=20Ond=C5=99ej=20Ne=C4=8Das=20for=20the=20Bugreport)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Doc/changelog.docu | 1 + src/OpenMesh/Core/IO/reader/PLYReader.hh | 12 +++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Doc/changelog.docu b/Doc/changelog.docu index cc179a95..cb70e049 100644 --- a/Doc/changelog.docu +++ b/Doc/changelog.docu @@ -33,6 +33,7 @@
  • OBJ writer: Added param 'texture_file' to the Options class, it specifies the path to the texture file (Thanks to Philipp Auersperg-Castell for the patch)
  • OBJ writer: added param 'material_file_extension' to the Options class, it specifies the material file suffix, default is ".mat" as it was before. (Thanks to Philipp Auersperg-Castell for the patch)
  • PLY reader/writer: Support for meshlab texture coordinates and ids in PLY IO (Thanks to Gregoire Grzeczkowicz for the patch)
    • +
  • PLY reader/writer: Fixed possible buffer overflow(Thanks to Ondřej Nečas for the bugreport)
    • Build System diff --git a/src/OpenMesh/Core/IO/reader/PLYReader.hh b/src/OpenMesh/Core/IO/reader/PLYReader.hh index 5828a756..4fdc5803 100644 --- a/src/OpenMesh/Core/IO/reader/PLYReader.hh +++ b/src/OpenMesh/Core/IO/reader/PLYReader.hh @@ -145,7 +145,17 @@ private: /// Read unsupported properties in PLY file void consume_input(std::istream& _in, int _count) const { - _in.read(reinterpret_cast(&buff[0]), _count); + + // Make sure, we do not run over our buffer size + int loops = _count / 8 ; + + // Read only our buffer size batches + for ( auto i = 0 ; i < loops; ++i) { + _in.read(reinterpret_cast(&buff[0]), 8); + } + + // Read reminder which is smaller than our buffer size + _in.read(reinterpret_cast(&buff[0]), _count - 8 * loops ); } mutable unsigned char buff[8];