TheCloud/panda3d
1
0
Fork 0
mirror of https://github.com/panda3d/panda3d.git synced 2025-10-01 17:35:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

bam: Add sanity-check against object IDs appearing twice

Browse Source 
Found this by fuzzing; not concerned about updating the writer as
the writer itself should never do this. This is just to protect
against segfaults in the face of corrupt or malicious bams.
This commit is contained in:
Sam Edwards 2018-02-22 03:13:06 -07:00
parent 47a9aa4a80
commit 293465a516
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
panda/src/putil/bamReader.cxx
View File

@ -1159,6 +1159,16 @@ p_read_object() {
// This object had already existed; thus, we are just receiving an // This object had already existed; thus, we are just receiving an
// update for it. // update for it.
if (_object_pointers.find(object_id) != _object_pointers.end()) {
// Aieee! This object isn't even complete from the last time we
// encountered it in the stream! This should never happen. Something's
// corrupt or the stream was maliciously crafted.
bam_cat.error()
<< "Found object " << object_id << " in bam stream again while "
<< "trying to resolve its own pointers.\n";
return 0;
}
// Update _now_creating during this call so if this function calls // Update _now_creating during this call so if this function calls
// read_pointer() or register_change_this() we'll match it up properly. // read_pointer() or register_change_this() we'll match it up properly.
// This might recursively call back into this p_read_object(), so be // This might recursively call back into this p_read_object(), so be