From c80d9ac88b6f67b5b89c4b183424bca7d7d803cd Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Mon, 30 Sep 2024 06:15:14 +0800
Subject: [PATCH] Fix CVE-2024-48425

(cherry picked from commit 067f8987540bdd02af424a78db92bcd849b0bb70)
---
 CVE-2024-48425.patch | 29 +++++++++++++++++++++++++++++
 assimp.spec          |  6 +++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-48425.patch

diff --git a/CVE-2024-48425.patch b/CVE-2024-48425.patch
new file mode 100644
index 0000000..9417b5c
--- /dev/null
+++ b/CVE-2024-48425.patch
@@ -0,0 +1,29 @@
+From ecdf8d24b85367b22ba353b4f82299d4af7f1f97 Mon Sep 17 00:00:00 2001
+From: Kim Kulling <kimkulling@users.noreply.github.com>
+Date: Mon, 7 Oct 2024 10:30:45 +0200
+Subject: [PATCH] SplitLargeMeshes: Fix crash (#5799)
+
+- Fix nullptr access when rootnode of the scene is a nullptr. This can happen even if the scene stores any kind of meshes. closes https://github.com/assimp/assimp/issues/5791
+---
+ code/PostProcessing/SplitLargeMeshes.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/code/PostProcessing/SplitLargeMeshes.cpp b/code/PostProcessing/SplitLargeMeshes.cpp
+index 508a826..6c9713a 100644
+--- a/code/PostProcessing/SplitLargeMeshes.cpp
++++ b/code/PostProcessing/SplitLargeMeshes.cpp
+@@ -109,6 +109,11 @@ void SplitLargeMeshesProcess_Triangle::SetupProperties( const Importer* pImp) {
+ // Update a node after some meshes have been split
+ void SplitLargeMeshesProcess_Triangle::UpdateNode(aiNode* pcNode,
+         const std::vector<std::pair<aiMesh*, unsigned int> >& avList) {
++    if (pcNode == nullptr) {
++        ASSIMP_LOG_WARN("UpdateNode skipped, nullptr detected.");
++        return;
++    }
++
+     // for every index in out list build a new entry
+     std::vector<unsigned int> aiEntries;
+     aiEntries.reserve(pcNode->mNumMeshes + 1);
+-- 
+2.33.0
+
diff --git a/assimp.spec b/assimp.spec
index 698fae5..80eadcb 100644
--- a/assimp.spec
+++ b/assimp.spec
@@ -1,6 +1,6 @@
 Name:          assimp
 Version:       5.2.4
-Release:       3
+Release:       4
 Summary:       Library to load and process various 3D model formats into applications.
 License:       BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
 URL:           http://www.assimp.org/
@@ -8,6 +8,7 @@ Source0:       https://github.com/assimp/assimp/archive/v%{version}.tar.gz
 Patch0001:     0001-Fix-build-with-zlib.patch
 Patch0002:     CVE-2024-40724-Fix-out-of-bound-access-5651.patch
 Patch0003:     CVE-2024-45679.patch
+Patch0004:     CVE-2024-48425.patch
 
 BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
 BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zzip-zlib-config)
@@ -86,6 +87,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
 %{python3_sitelib}/pyassimp
 
 %changelog
+* Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 5.2.4-4
+- Fix CVE-2024-48425
+
 * Thu Sep 19 2024 wangkai <13474090681@163.com> - 5.2.4-3
 - fix CVE-2024-45679
 
-- 
Gitee