From 8fcc572845ae8dcb2f79968579ed0d6dd203f900 Mon Sep 17 00:00:00 2001 From: cutealien Date: Thu, 21 Apr 2022 20:50:15 +0000 Subject: [PATCH] CB3DMeshFileLoader: abort if offsets point outside of file Thanks @sfan5 for patch in Mintest: https://github.com/minetest/irrlicht/commit/195759100fc723f466b46938128eeaed3edc3a24 Forum: https://irrlicht.sourceforge.io/forum/viewtopic.php?f=2&t=52819&p=306518 git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6353 dfc29bdd-3216-0410-991c-e03cc46cb475 --- source/Irrlicht/CB3DMeshFileLoader.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/source/Irrlicht/CB3DMeshFileLoader.cpp b/source/Irrlicht/CB3DMeshFileLoader.cpp index 2f18257d..05f8bf5d 100644 --- a/source/Irrlicht/CB3DMeshFileLoader.cpp +++ b/source/Irrlicht/CB3DMeshFileLoader.cpp @@ -136,7 +136,8 @@ bool CB3DMeshFileLoader::load() else { os::Printer::log("Unknown chunk found in mesh base - skipping"); - B3DFile->seek(B3dStack.getLast().startposition + B3dStack.getLast().length); + if (!B3DFile->seek(B3dStack.getLast().startposition + B3dStack.getLast().length)) + return false; B3dStack.erase(B3dStack.size()-1); } } @@ -232,7 +233,8 @@ bool CB3DMeshFileLoader::readChunkNODE(CSkinnedMesh::SJoint *inJoint) else { os::Printer::log("Unknown chunk found in node chunk - skipping"); - B3DFile->seek(B3dStack.getLast().startposition + B3dStack.getLast().length); + if (!B3DFile->seek(B3dStack.getLast().startposition + B3dStack.getLast().length)) + return false; B3dStack.erase(B3dStack.size()-1); } } @@ -315,7 +317,8 @@ bool CB3DMeshFileLoader::readChunkMESH(CSkinnedMesh::SJoint *inJoint) else { os::Printer::log("Unknown chunk found in mesh - skipping"); - B3DFile->seek(B3dStack.getLast().startposition + B3dStack.getLast().length); + if (!B3DFile->seek(B3dStack.getLast().startposition + B3dStack.getLast().length)) + return false; B3dStack.erase(B3dStack.size()-1); } }