| Título | Open Asset Import Library Assimp 5.4.3 Heap-based Buffer Overflow |
|---|
| Descripción | The program might experience a heap-buffer-overflow in the read_meshes function in `HL1MDLLoader.cpp`. The issue appears to occur when handling meshes, vertices, normals, and bones, especially when accessing out-of-bounds memory during operations involving these components. Below are the lines that might be contributing to this problem:
```C++
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:611
scene_->mNumMeshes += pmodel->nummesh;
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:769
bind_pose_vertices[k] = temp_bones_[pvertbone[k]].absolute_transform * aiVector3D(vert[0], vert[1], vert[2]);
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:775
const aiMatrix4x4 normal_matrix = aiMatrix4x4(temp_bones_[pnormbone[k]].absolute_transform).Inverse().Transpose();
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:791
float texcoords_s_scale = 1.0f / (float)ptexture[pskinref[pmesh->skinref]].width;
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:816
const int bone = pvertbone[input_trivert->vertindex];
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:934
scene_bone->mName = temp_bones_[bone_index].node->mName;
```
These lines might be accessing memory that has already been freed, leading to undefined behavior such as heap-buffer-overflow. Detailed analysis of the specific memory access patterns within these lines is necessary to identify the root cause. |
|---|
| Fuente | ⚠️ https://github.com/assimp/assimp/issues/6220 |
|---|
| Usuario | Rulkallos (UID 86201) |
|---|
| Sumisión | 2025-06-06 08:29 (hace 1 Año) |
|---|
| Moderación | 2025-06-15 12:18 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 312589 [Open Asset Import Library Assimp hasta 5.4.3 HL1MDLLoader.cpp read_meshes desbordamiento de búfer] |
|---|
| Puntos | 20 |
|---|