From e84d8353f1347e1f26f0a95770d92ba14e6ede38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Golasowski?= <golasowski.o@gmail.com>
Date: Mon, 25 Apr 2022 12:04:46 +0200
Subject: [PATCH] Fix heap buffer overflow in stl_update_connects_remove_1

- Add argument value check to the stl_update_connects_remove_1
- Add neighbor value check in stl_remove_degenerate

Fixes https://github.com/admesh/admesh/issues/28
Merges https://github.com/admesh/admesh/pull/55
---
 src/connect.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/connect.c b/src/connect.c
index b5bc46d..0b923e9 100644
--- a/src/connect.c
+++ b/src/connect.c
@@ -792,14 +792,13 @@ stl_remove_degenerate(stl_file *stl, int facet) {
   neighbor1 = stl->neighbors_start[facet].neighbor[edge1];
   neighbor2 = stl->neighbors_start[facet].neighbor[edge2];
 
-  if(neighbor1 == -1) {
+  if(neighbor1 == -1 && neighbor2 != -1) {
     stl_update_connects_remove_1(stl, neighbor2);
   }
-  if(neighbor2 == -1) {
+  else if (neighbor2 == -1 && neighbor1 != -1) {
     stl_update_connects_remove_1(stl, neighbor1);
   }
 
-
   neighbor3 = stl->neighbors_start[facet].neighbor[edge3];
   vnot1 = stl->neighbors_start[facet].which_vertex_not[edge1];
   vnot2 = stl->neighbors_start[facet].which_vertex_not[edge2];
@@ -826,7 +825,11 @@ void
 stl_update_connects_remove_1(stl_file *stl, int facet_num) {
   int j;
 
-  if (stl->error) return;
+  if (
+    stl->error ||
+    facet_num < 0
+  ) return;
+
   /* Update list of connected edges */
   j = ((stl->neighbors_start[facet_num].neighbor[0] == -1) +
        (stl->neighbors_start[facet_num].neighbor[1] == -1) +