From dadbf64a8c307b817077ccfcd979f4e59dfc1add Mon Sep 17 00:00:00 2001 From: cutealien Date: Sun, 2 Jan 2022 20:15:24 +0000 Subject: [PATCH] Merging r6274 through r6276 from branch releases/1.8 to trunk - Security fix for md2 loader git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6277 dfc29bdd-3216-0410-991c-e03cc46cb475 --- source/Irrlicht/CMD2MeshFileLoader.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/Irrlicht/CMD2MeshFileLoader.cpp b/source/Irrlicht/CMD2MeshFileLoader.cpp index bb342fd5..5aa16c88 100644 --- a/source/Irrlicht/CMD2MeshFileLoader.cpp +++ b/source/Irrlicht/CMD2MeshFileLoader.cpp @@ -152,9 +152,9 @@ bool CMD2MeshFileLoader::loadFile(io::IReadFile* file, CAnimatedMeshMD2* mesh) } const int MAX_FRAME_SIZE = MD2_MAX_VERTS*4+128; - if ( header.frameSize > MAX_FRAME_SIZE ) + if ( header.frameSize > MAX_FRAME_SIZE || header.frameSize < 0) { - os::Printer::log("MD2 Loader: Invalid large frame size in header", file->getFileName(), ELL_WARNING); + os::Printer::log("MD2 Loader: Invalid frame size in header", file->getFileName(), ELL_WARNING); return false; }