diff --git a/CVE-2024-48425.patch b/CVE-2024-48425.patch new file mode 100644 index 0000000000000000000000000000000000000000..9417b5c5f266ac1fc12143042be82c67beacabb8 --- /dev/null +++ b/CVE-2024-48425.patch @@ -0,0 +1,29 @@ +From ecdf8d24b85367b22ba353b4f82299d4af7f1f97 Mon Sep 17 00:00:00 2001 +From: Kim Kulling +Date: Mon, 7 Oct 2024 10:30:45 +0200 +Subject: [PATCH] SplitLargeMeshes: Fix crash (#5799) + +- Fix nullptr access when rootnode of the scene is a nullptr. This can happen even if the scene stores any kind of meshes. closes https://github.com/assimp/assimp/issues/5791 +--- + code/PostProcessing/SplitLargeMeshes.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/code/PostProcessing/SplitLargeMeshes.cpp b/code/PostProcessing/SplitLargeMeshes.cpp +index 508a826..6c9713a 100644 +--- a/code/PostProcessing/SplitLargeMeshes.cpp ++++ b/code/PostProcessing/SplitLargeMeshes.cpp +@@ -109,6 +109,11 @@ void SplitLargeMeshesProcess_Triangle::SetupProperties( const Importer* pImp) { + // Update a node after some meshes have been split + void SplitLargeMeshesProcess_Triangle::UpdateNode(aiNode* pcNode, + const std::vector >& avList) { ++ if (pcNode == nullptr) { ++ ASSIMP_LOG_WARN("UpdateNode skipped, nullptr detected."); ++ return; ++ } ++ + // for every index in out list build a new entry + std::vector aiEntries; + aiEntries.reserve(pcNode->mNumMeshes + 1); +-- +2.33.0 + diff --git a/assimp.spec b/assimp.spec index 698fae51d5368ffde11a06ab07d712f7f71c13fc..80eadcb244def65b0e51ec59aa9131cf314d04ea 100644 --- a/assimp.spec +++ b/assimp.spec @@ -1,6 +1,6 @@ Name: assimp Version: 5.2.4 -Release: 3 +Release: 4 Summary: Library to load and process various 3D model formats into applications. License: BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0 URL: http://www.assimp.org/ @@ -8,6 +8,7 @@ Source0: https://github.com/assimp/assimp/archive/v%{version}.tar.gz Patch0001: 0001-Fix-build-with-zlib.patch Patch0002: CVE-2024-40724-Fix-out-of-bound-access-5651.patch Patch0003: CVE-2024-45679.patch +Patch0004: CVE-2024-48425.patch BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zzip-zlib-config) @@ -86,6 +87,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass %{python3_sitelib}/pyassimp %changelog +* Sat Oct 26 2024 liningjie - 5.2.4-4 +- Fix CVE-2024-48425 + * Thu Sep 19 2024 wangkai <13474090681@163.com> - 5.2.4-3 - fix CVE-2024-45679