From 889a3e44a69b5916e7a065c4ef597b02ff9fa027 Mon Sep 17 00:00:00 2001 From: surkeh Date: Thu, 19 Apr 2018 05:58:35 -0700 Subject: [PATCH 1/2] Offset sanity checks --- demo/common.h | 2 ++ demo/extractmesh.c | 6 +++--- include/devil1geo.h | 2 +- src/devil1geo.c | 6 +++++- src/devil1pld.c | 4 +++- src/devil1tex.c | 2 +- 6 files changed, 15 insertions(+), 7 deletions(-) diff --git a/demo/common.h b/demo/common.h index 0a2f2d8..30a302c 100644 --- a/demo/common.h +++ b/demo/common.h @@ -45,6 +45,7 @@ void write(const char *filename, fclose(out); if (written == 0) { perror("write error"); + exit(4); } } } @@ -61,6 +62,7 @@ void append(const char *filename, const char *t, unsigned size) { fclose(out); if (written == 0) { perror("write error"); + exit(4); } } } diff --git a/demo/extractmesh.c b/demo/extractmesh.c index 62b89de..4ee0243 100644 --- a/demo/extractmesh.c +++ b/demo/extractmesh.c @@ -57,8 +57,8 @@ void writemesh(const struct MeshHeader *mh, } void extractmeshes(const char *filedata, - unsigned int filesize, - const char *filename) { + const char *filename, + unsigned int filesize) { if (filedata == NULL || filesize <= 0) { return; } @@ -83,7 +83,7 @@ int main(int argc, char ** argv) { char *f = argv[1]; unsigned int bufsize = 0; char *buffer = loadfile(f, &bufsize); - extractmeshes(buffer, bufsize, f); + extractmeshes(buffer, f, bufsize); free(buffer); return 0; } diff --git a/include/devil1geo.h b/include/devil1geo.h index 00375ad..9931c9d 100644 --- a/include/devil1geo.h +++ b/include/devil1geo.h @@ -105,7 +105,7 @@ static bool getmeshheader(struct MeshHeader**, unsigned int i, const char * cons static bool getmeshbatch(struct Batch*, unsigned int offset, const char * const); -static bool getmesh(struct Mesh*, unsigned int i, const char* filename); +static bool getmesh(struct Mesh*, unsigned int i, const char* filename, unsigned int filesize); #endif diff --git a/src/devil1geo.c b/src/devil1geo.c index 7bd72c7..f2178e0 100644 --- a/src/devil1geo.c +++ b/src/devil1geo.c @@ -100,7 +100,8 @@ static bool getmeshbatch(struct Batch *b, // assume client has allocated memory for mesh static bool getmesh(struct Mesh *m, unsigned int i, - const char * const filedata) { + const char * const filedata, + unsigned int filesize) { bool done = false; if (m == NULL || filedata == NULL || m -> b == NULL) { return done; @@ -112,6 +113,9 @@ static bool getmesh(struct Mesh *m, struct Batch b; for (j = 0; j < mh -> numBatch; j++) { unsigned int offset = mh->offsetBatches + j * sizeof(struct BatchData); + if (offset > filesize) { + return done; + } getmeshbatch(&b, offset, filedata); // printmeshbatch(&b); m -> b[j] = b; diff --git a/src/devil1pld.c b/src/devil1pld.c index 3e3d96f..e474ba6 100644 --- a/src/devil1pld.c +++ b/src/devil1pld.c @@ -8,7 +8,9 @@ static bool getpldh(struct PldHeader *ph, const char *filedata) { if (ph != NULL && filedata != NULL) { ph -> numOffset = (int32_t)filedata[0]; ph -> offsets = (uint32_t*)(filedata + sizeof(int32_t)); - good = true; + if ( ph->numOffset > 0 ) { + good = true; + } } return good; } diff --git a/src/devil1tex.c b/src/devil1tex.c index ed1417d..c80cfe2 100644 --- a/src/devil1tex.c +++ b/src/devil1tex.c @@ -37,7 +37,7 @@ static bool gettexdescriptor(struct TextureBatchDescriptor **descriptor, bool done = false; unsigned int offset = sizeof(struct TexturePack); offset += sizeof(struct TextureBatchDescriptor) * i; - if (filedata != NULL) { + if (filedata != NULL && offset <= filesize) { *descriptor = (struct TextureBatchDescriptor*)(filedata + offset); done = true; } From 9b70b1056526d41c0aa7042523d39895f72be1c6 Mon Sep 17 00:00:00 2001 From: surkeh Date: Thu, 19 Apr 2018 14:48:32 -0700 Subject: [PATCH 2/2] writemesh() variable previousBatch renamed to endOfPrevious --- demo/extractmesh.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/demo/extractmesh.c b/demo/extractmesh.c index 4ee0243..7126d2d 100644 --- a/demo/extractmesh.c +++ b/demo/extractmesh.c @@ -25,22 +25,22 @@ void writemesh(const struct MeshHeader *mh, // batch data the same treatment. struct BatchData * newBatches = malloc(newmh.numBatch * sizeof(struct BatchData)); - uint64_t previousBatch = 0; + uint64_t endOfPrevious = 0; for (int i = 0; i < newmh.numBatch; i++) { newBatches[i] = (m -> b) -> bd[i]; unsigned int nVertices = m -> b -> bd[i].numVertex; - if (previousBatch == 0) { + if (endOfPrevious == 0) { newBatches[i].offsetPositions = newmh.offsetBatches + ( newmh.numBatch * sizeof(struct BatchData)); } else { - newBatches[i].offsetPositions = previousBatch; + newBatches[i].offsetPositions = endOfPrevious; } newBatches[i].offsetNormals = newBatches[i].offsetPositions + (sizeof(struct Coordinate) * nVertices); newBatches[i].offsetUVs = newBatches[i].offsetNormals + (sizeof(struct Coordinate) * nVertices); newBatches[i].offsetBoneIndexes = newBatches[i].offsetUVs + (sizeof(struct UVs) * nVertices); newBatches[i].offsetBoneWeights = newBatches[i].offsetBoneIndexes + (sizeof(struct BoneIndexes) * nVertices); append(fn, (char*)(&newBatches[i]), sizeof(struct BatchData)); - previousBatch = newBatches[i].offsetBoneWeights + (sizeof(struct BoneWeights) * nVertices);; + endOfPrevious = newBatches[i].offsetBoneWeights + (sizeof(struct BoneWeights) * nVertices);; } for (int i = 0; i < newmh.numBatch; i++) {