assimp icon indicating copy to clipboard operation
assimp copied to clipboard
verified publisher icon assimp

A fuzzed stride could cause the max count to become negative and henc…

Open FlorianBorn71 opened this issue 1 year ago • 1 comments

A fuzzed stride could cause the max count to become negative and hence wrap around uint

We have fuzzing tests that artificially break files. We want assimp to crash in a controlled way. One case we now came across is that the fuzzer changed the stride of one buffer view: "byteStride": 32769, This caused the division maxSize / stride to become 0 and with the -1 wrap around to 0xffffffff for the uint.

FlorianBorn71 avatar Jan 09 '24 12:01 FlorianBorn71

Not a big deal in reality, but it's always good to harden the code

FlorianBorn71 avatar Jan 09 '24 12:01 FlorianBorn71

Merged, thanks a lot for you contribution.

kimkulling avatar Jul 23 '24 14:07 kimkulling