Bug: heap-buffer-overflow of ReadFileFromMemory
YancyLii opened this issue · comments
Describe the bug
There is a potential vulnerability in ReadFileFromMemory in Assimp. When calling ReadFileFromMemory, heap-buffer-overflow will appear.
To Reproduce
Steps to reproduce the behavior:
- Testint Code
if (size <= 0)
return 0;
const void* pBuffer = reinterpret_cast<const void*>(data);
Assimp::Importer importer;
const aiScene* scene = importer.ReadFileFromMemory(pBuffer, size, 0, "sample_hint");
if (!scene) {
const char* errorString = aiGetErrorString();
}
return 0;
- I will submit the input file to you
- You just need to execute the above code and read the input data into the data
- See error
Platform (please complete the following information):
- OS: Ubuntu
- Version 20.04
** Input file **
https://drive.google.com/file/d/17g_RsQY5AmwHH1t8ld3-LCy3QIP0_emN/view?usp=drive_link
I am glad to see that you can quickly identify and solve the problem. But when I re cloned and tested the latest code, I still encountered a heap buffer overflow issue.
Firstly, the above issue was triggered by ReadFileFromMemory, and it seems that you only modified the aiImportFileFromMemoryWithProperties function that calls this API. You changed ai.assert to if judgment, it seems that the logic is consistent.
Secondly, to ensure the correctness of the testing program, I used the assimp/fuzz/assimp_fuzzer.cc file and made changes before testing, but the program also crashed.
Importer importer;
const aiScene *sc = importer.ReadFileFromMemory(data, dataSize,
0, nullptr);
Finally, please double check if there are any issues with the implementation of ReadFileFromMemory and handle possible memory management and address access issues correctly.I hope my findings can be helpful to you