Mirrors/overte-JulianGro
3
0
Fork 0
mirror of https://github.com/JulianGro/overte.git synced 2025-04-09 16:52:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #15497 from sabrina-shanman/crash_fbx_read-binary-array

Browse source 
(case 22429) Do sanity checks on FBX data array lengths
This commit is contained in:
Shannon Romano 2019-05-06 08:07:35 -07:00 committed by GitHub
commit 3515c13e32
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libraries/fbx/src/FBXSerializer_Node.cpp
View file

@ -41,8 +41,14 @@ QVariant readBinaryArray(QDataStream& in, int& position) {
quint32 compressedLength;
in >> arrayLength;
if (arrayLength > std::numeric_limits<int>::max() / sizeof(T)) { // Upcoming byte containers are limited to max signed int
throw QString("FBX file most likely corrupt: binary data exceeds data limits");
}
in >> encoding;
in >> compressedLength;
if (compressedLength > std::numeric_limits<int>::max() / sizeof(T)) { // Upcoming byte containers are limited to max signed int
throw QString("FBX file most likely corrupt: compressed binary data exceeds data limits");
}
position += sizeof(quint32) * 3;
QVector<T> values;