diff options
| author | maficccc@gmail.com <maficccc@gmail.com> | 2018-03-16 16:26:02 +0100 |
|---|---|---|
| committer | Martinfx <maficccc@gmail.com> | 2018-04-02 13:30:20 +0200 |
| commit | 201007e426816eea145c6ed516165d8a10fc4301 (patch) | |
| tree | c1faed2886ed2d2f60421ec62fcc9171dc864cea /src | |
| parent | db98dba10f0dc9b9fcacd2cac8aaee623604712a (diff) | |
| download | raylib-201007e426816eea145c6ed516165d8a10fc4301.tar.gz raylib-201007e426816eea145c6ed516165d8a10fc4301.zip | |
Fix sscanf() without field limits can crash with huge input data
Diffstat (limited to 'src')
| -rw-r--r-- | src/models.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/models.c b/src/models.c index 8e9a6586..aae3bd86 100644 --- a/src/models.c +++ b/src/models.c @@ -2353,7 +2353,7 @@ static Mesh LoadOBJ(const char *fileName) // NOTE: Texture map parameters are not supported static Material LoadMTL(const char *fileName) { - #define MAX_BUFFER_SIZE 128 + #define MAX_BUFFER_SIZE 128 Material material = { 0 }; @@ -2381,7 +2381,7 @@ static Material LoadMTL(const char *fileName) case 'n': // newmtl string Material name. Begins a new material description. { // TODO: Support multiple materials in a single .mtl - sscanf(buffer, "newmtl %s", mapFileName); + sscanf(buffer, "newmtl %127s", mapFileName); TraceLog(LOG_INFO, "[%s] Loading material...", mapFileName); } @@ -2446,12 +2446,12 @@ static Material LoadMTL(const char *fileName) { if (buffer[5] == 'd') // map_Kd string Diffuse color texture map. { - result = sscanf(buffer, "map_Kd %s", mapFileName); + result = sscanf(buffer, "map_Kd %127s", mapFileName); if (result != EOF) material.maps[MAP_DIFFUSE].texture = LoadTexture(mapFileName); } else if (buffer[5] == 's') // map_Ks string Specular color texture map. { - result = sscanf(buffer, "map_Ks %s", mapFileName); + result = sscanf(buffer, "map_Ks %127s", mapFileName); if (result != EOF) material.maps[MAP_SPECULAR].texture = LoadTexture(mapFileName); } else if (buffer[5] == 'a') // map_Ka string Ambient color texture map. @@ -2461,12 +2461,12 @@ static Material LoadMTL(const char *fileName) } break; case 'B': // map_Bump string Bump texture map. { - result = sscanf(buffer, "map_Bump %s", mapFileName); + result = sscanf(buffer, "map_Bump %127s", mapFileName); if (result != EOF) material.maps[MAP_NORMAL].texture = LoadTexture(mapFileName); } break; case 'b': // map_bump string Bump texture map. { - result = sscanf(buffer, "map_bump %s", mapFileName); + result = sscanf(buffer, "map_bump %127s", mapFileName); if (result != EOF) material.maps[MAP_NORMAL].texture = LoadTexture(mapFileName); } break; case 'd': // map_d string Opacity texture map. @@ -2491,7 +2491,7 @@ static Material LoadMTL(const char *fileName) } break; case 'b': // bump string Bump texture map { - result = sscanf(buffer, "bump %s", mapFileName); + result = sscanf(buffer, "bump %127s", mapFileName); if (result != EOF) material.maps[MAP_NORMAL].texture = LoadTexture(mapFileName); } break; case 'T': // Tr float Transparency Tr (alpha). Tr is inverse of d |