diff --git a/changes.txt b/changes.txt index 1c8bc039..24a01f33 100644 --- a/changes.txt +++ b/changes.txt @@ -1,5 +1,6 @@ -------------------------- Changes in 1.9 (not yet released) +- Avoid allocating more than 16k on stack in OCT loader. Also avoid potential heap overwrites in there. - obj file loader now allows using mtl files with spaces in the filename. Note that this means it no longer handles obj files which have multiple mtl files behind the mtllib command. But Irrlicht ignored all but the first name anyway and this way of handling mtllib commands seems to be more common. diff --git a/source/Irrlicht/COCTLoader.cpp b/source/Irrlicht/COCTLoader.cpp index fb7025f7..c09120e4 100644 --- a/source/Irrlicht/COCTLoader.cpp +++ b/source/Irrlicht/COCTLoader.cpp @@ -102,18 +102,29 @@ IAnimatedMesh* COCTLoader::createMesh(io::IReadFile* file) file->read(verts, sizeof(octVert) * header.numVerts); file->read(faces, sizeof(octFace) * header.numFaces); - //TODO: Make sure id is in the legal range for Textures and Lightmaps u32 i; - for (i = 0; i < header.numTextures; i++) { - octTexture t; - file->read(&t, sizeof(octTexture)); - textures[t.id] = t; + for (i = 0; i < header.numTextures; i++) + { + u32 id; + file->read(&id, sizeof(id)); + if ( id >= header.numTextures ) + { + os::Printer::log("COCTLoader: Invalid texture id", irr::ELL_WARNING); + id = i; + } + file->read(&textures[id], sizeof(octTexture)); } - for (i = 0; i < header.numLightmaps; i++) { - octLightmap t; - file->read(&t, sizeof(octLightmap)); - lightmaps[t.id] = t; + for (i = 0; i < header.numLightmaps; i++) + { + u32 id; + file->read(&id, sizeof(id)); + if ( id >= header.numLightmaps ) + { + os::Printer::log("COCTLoader: Invalid lightmap id", irr::ELL_WARNING); + id = i; + } + file->read(&lightmaps[id], sizeof(octLightmap)); } file->read(lights, sizeof(octLight) * header.numLights); diff --git a/source/Irrlicht/COCTLoader.h b/source/Irrlicht/COCTLoader.h index 75c6ff1d..98acdcbf 100644 --- a/source/Irrlicht/COCTLoader.h +++ b/source/Irrlicht/COCTLoader.h @@ -115,12 +115,10 @@ namespace scene }; struct octTexture { - u32 id; char fileName[64]; }; struct octLightmap { - u32 id; u8 data[128][128][3]; };