Skip to content

Fix invalid access#5765

Merged
kimkulling merged 3 commits intoassimp:masterfrom
cla7aye15I4nd:fix-5677
Sep 10, 2024
Merged

Fix invalid access#5765
kimkulling merged 3 commits intoassimp:masterfrom
cla7aye15I4nd:fix-5677

Conversation

@cla7aye15I4nd
Copy link
Contributor

@cla7aye15I4nd cla7aye15I4nd commented Sep 8, 2024

Fix stack overflow

Fixed Vulnerability

#5677

Description

This patch should ensure that the pointers pFirstFaceare valid and before dereferencing

Sanitizer Report

=================================================================
==924513==ERROR: AddressSanitizer: SEGV on unknown address 0x1000fea90623 (pc 0x555556b374c7 bp 0x7fffffffca70 sp 0x7fffffffbba0 T0)
==924513==The signal is caused by a READ memory access.
    #0 0x555556b374c7 in Assimp::SortByPTypeProcess::Execute(aiScene*) /root/code/PostProcessing/SortByPTypeProcess.cpp:175:17
    #1 0x555556a9afdf in Assimp::BaseProcess::ExecuteOnScene(Assimp::Importer*) /root/code/Common/BaseProcess.cpp:82:9
    #2 0x5555558d79b2 in Assimp::Importer::ApplyPostProcessing(unsigned int) /root/code/Common/Importer.cpp:841:22
    #3 0x5555558d5321 in Assimp::Importer::ReadFile(char const*, unsigned int) /root/code/Common/Importer.cpp:751:13
    #4 0x5555558d1fd9 in Assimp::Importer::ReadFileFromMemory(void const*, unsigned long, unsigned int, char const*) /root/code/Common/Importer.cpp:507:9
    #5 0x555555861fa9 in LLVMFuzzerTestOneInput /root/fuzz/assimp_fuzzer.cc:54:34
    #6 0x555555847714 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/root/assimp_fuzzer+0x2f3714) (BuildId: b530028a139e0edb5c3ad73425d63d1af6f65477)
    #7 0x555555830846 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/root/assimp_fuzzer+0x2dc846) (BuildId: b530028a139e0edb5c3ad73425d63d1af6f65477)
    #8 0x5555558362fa in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/root/assimp_fuzzer+0x2e22fa) (BuildId: b530028a139e0edb5c3ad73425d63d1af6f65477)
    #9 0x555555860ab6 in main (/root/assimp_fuzzer+0x30cab6) (BuildId: b530028a139e0edb5c3ad73425d63d1af6f65477)
    #10 0x7ffff6f1b1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #11 0x7ffff6f1b28a in __libc_start_main csu/../csu/libc-start.c:360:3
    #12 0x55555582b414 in _start (/root/assimp_fuzzer+0x2d7414) (BuildId: b530028a139e0edb5c3ad73425d63d1af6f65477)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/code/PostProcessing/SortByPTypeProcess.cpp:175:17 in Assimp::SortByPTypeProcess::Execute(aiScene*)
==924513==ABORTING

@kimkulling kimkulling added Bug Global flag to mark a deviation from expected behaviour Fuzzer Bugs found by a fuzzer labels Sep 10, 2024
@kimkulling
Update SortByPTypeProcess.cpp
7eec2cd 
Some smaller refactorings.
@kimkulling
Update SortByPTypeProcess.cpp
55d22c2 
Small refactorings.
@kimkulling kimkulling merged commit d468e63 into assimp:master Sep 10, 2024
@kimkulling
Copy link
Member

kimkulling commented Sep 10, 2024

Merged, thanks a lot for your contribution.

@kimkulling kimkulling mentioned this pull request Sep 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Bug Global flag to mark a deviation from expected behaviour Fuzzer Bugs found by a fuzzer

Projects

The Asset-Importer-Lib DevOps Board
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cla7aye15I4nd @kimkulling