| 제목 | Open Asset Import Library Assimp 5.4.3 Heap-based Buffer Overflow |
|---|
| 설명 | The program might experience a heap-buffer-overflow in the read_meshes function in `HL1MDLLoader.cpp`. The issue appears to occur when handling meshes, vertices, normals, and bones, especially when accessing out-of-bounds memory during operations involving these components. Below are the lines that might be contributing to this problem:
```C++
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:611
scene_->mNumMeshes += pmodel->nummesh;
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:769
bind_pose_vertices[k] = temp_bones_[pvertbone[k]].absolute_transform * aiVector3D(vert[0], vert[1], vert[2]);
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:775
const aiMatrix4x4 normal_matrix = aiMatrix4x4(temp_bones_[pnormbone[k]].absolute_transform).Inverse().Transpose();
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:791
float texcoords_s_scale = 1.0f / (float)ptexture[pskinref[pmesh->skinref]].width;
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:816
const int bone = pvertbone[input_trivert->vertindex];
// assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp:934
scene_bone->mName = temp_bones_[bone_index].node->mName;
```
These lines might be accessing memory that has already been freed, leading to undefined behavior such as heap-buffer-overflow. Detailed analysis of the specific memory access patterns within these lines is necessary to identify the root cause. |
|---|
| 원천 | ⚠️ https://github.com/assimp/assimp/issues/6220 |
|---|
| 사용자 | Rulkallos (UID 86201) |
|---|
| 제출 | 2025. 06. 06. AM 08:29 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 06. 15. PM 12:18 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 312589 [Open Asset Import Library Assimp 까지 5.4.3 HL1MDLLoader.cpp read_meshes 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|