-
-
Notifications
You must be signed in to change notification settings - Fork 21.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[fbx] fix crash in FBX parser caused by mesh geometry #44371
[fbx] fix crash in FBX parser caused by mesh geometry #44371
Conversation
14fe46e
to
53460a9
Compare
53460a9
to
cad3fb8
Compare
I still have buffer overflow in this PR
|
is this happening on the 3.2 branch too? |
Yes, buffer overflow happens both in this PR and 3.2 Godot branch |
OK, what I propose we do instead is merge this fix for now, and make it a separate issue. One is with the loading of the FBX and the other is in another area, is that OK? also, I forget what options do you use again use_asan=yes, use_lsan=yes, am i missing any flags? |
I thought that since this buffer overflow occurs at the same scene that causes Godot crash(from linked issue), these bugs can be related. Yup, |
yeah I think this is a bug with all ASCII files for the FBXTokenizer for (const char *cur = input; *cur; column += (*cur == '\t' ? ASSIMP_FBX_TAB_WIDTH : 1), ++cur) {
This code to me is quite bad so I'll try and constrain it correctly. To make this safer I've done this: for( size_t x = 0; x < strlen(input); x++)
{
const char c = input[x];
const char *cur = &input[x];
column += (c == '\t' ? ASSIMP_FBX_TAB_WIDTH : 1);
} |
0ef6c8d
to
4838f3a
Compare
OK now it is :) I force pushed 👯♂️ 👯♀️ |
…verflow Fixes: - Element collection will only contain valid elements. - Fixes buffer overflow in the FBX document
4838f3a
to
18d1898
Compare
Thanks! |
Fixed file crash in #44371 caused by invalid index, will now only run when the index is valid.
Fixed buffer overflow in #44376 these assets
Bugsquad edit: Fixes #43949, fixes #44376.