From 857c75f37d366cfe51246f672779329f5aec2cb2 Mon Sep 17 00:00:00 2001 From: cutealien Date: Tue, 3 Oct 2023 15:21:39 +0000 Subject: [PATCH] Merging r6555 from branch releases/1.8 to trunk - Fixing buffer ovverread in CXMeshFileLoader (sfan5 patch) git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6556 dfc29bdd-3216-0410-991c-e03cc46cb475 --- changes.txt | 2 ++ source/Irrlicht/CXMeshFileLoader.cpp | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/changes.txt b/changes.txt index 59d63c56..61b5db03 100644 --- a/changes.txt +++ b/changes.txt @@ -400,6 +400,8 @@ Changes in 1.9 (not yet released) -------------------------- Changes in 1.8.6 +- CXMeshFileLoader: fix buffer overreads with text format. Thanks @sfan5 for report and patch. + Patch (commit 6f4f7c4 to Minetest): https://github.com/minetest/irrlicht/commit/6f4f7c4d75c9d563e98d3936ed8bc6e248dc14a8 - Fix CB3DMeshFileLoader::readString. Prevent adding a character beyond file-end. Thanks @sfan5 for report and patch. Original patch (commit 103ab16 to Minetest): https://github.com/minetest/irrlicht/commit/103ab16679a42cb1bfa4cc4e6316195ec2d139b6 - CB3DMeshFileLoader: add some bounds checks. Thanks @sfan5 for report and patch. diff --git a/source/Irrlicht/CXMeshFileLoader.cpp b/source/Irrlicht/CXMeshFileLoader.cpp index db72b218..840773ef 100644 --- a/source/Irrlicht/CXMeshFileLoader.cpp +++ b/source/Irrlicht/CXMeshFileLoader.cpp @@ -408,7 +408,8 @@ bool CXMeshFileLoader::readFileIntoMemory(io::IReadFile* file) return false; } - Buffer = new c8[size]; + Buffer = new c8[size+1]; + Buffer[size] = 0x0; // null-terminate (thx @ sfan5) //! read all into memory if (file->read(Buffer, size) != static_cast(size))