mirror of
https://github.com/TorqueGameEngines/Torque3D.git
synced 2026-07-04 03:04:32 +00:00
Torque3D - Game Engine
Engine/lib/assimp/code/AssetLib/Q3D/Q3DLoader.cpp: Q3DImporter::InternReadFile reads attacker-controlled 32-bit texture mWidth and mHeight, then computes `unsigned int mul = mWidth * mHeight` and allocates `new aiTexel[mul]`. The pre-existing check only rejects zero dimensions, so a crafted .q3o/.q3s file can make the product overflow 32 bits and wrap to a small value, yielding an undersized allocation. The subsequent fill loop bounded by `end = &begin[mul - 1] + 1` then writes far past the buffer (mul-1 underflows when mul wraps to 0), an out-of-bounds heap write. Add the integer-overflow guard from upstream assimp (the fix that closed assimp/assimp#6358 / CVE-2025-11277) verbatim: after the zero check, reject dimensions whose product would overflow before the multiplication, throwing DeadlyImportError instead. Refs #1765 |
||
|---|---|---|
| .github | ||
| Engine | ||
| My Projects | ||
| Templates | ||
| Tools | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .travis.yml | ||
| CMakeLists.txt | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE.md | ||
| README.md | ||
| vcpkg.json | ||
Torque3D
MIT Licensed Open Source version of Torque3D from GarageGames
Build Status:
More Information
Extras: Torque3D Resources | Awesome Torque3D
Pre-compiled Version
In addition to GitHub we also have a couple of pre-packaged files for you to download if you would prefer to not compile the code yourself. They are available from the Torque3D Binaries repo.
Legacy Links
- Legacy Repository
- GarageGames forum
- GarageGames professional services
- Project Manager repository
- Offline documentation repository