From e84d8353f1347e1f26f0a95770d92ba14e6ede38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Golasowski?= <golasowski.o@gmail.com> Date: Mon, 25 Apr 2022 12:04:46 +0200 Subject: [PATCH] Fix heap buffer overflow in stl_update_connects_remove_1 - Add argument value check to the stl_update_connects_remove_1 - Add neighbor value check in stl_remove_degenerate Fixes https://github.com/admesh/admesh/issues/28 Merges https://github.com/admesh/admesh/pull/55 --- src/connect.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/connect.c b/src/connect.c index b5bc46d..0b923e9 100644 --- a/src/connect.c +++ b/src/connect.c @@ -792,14 +792,13 @@ stl_remove_degenerate(stl_file *stl, int facet) { neighbor1 = stl->neighbors_start[facet].neighbor[edge1]; neighbor2 = stl->neighbors_start[facet].neighbor[edge2]; - if(neighbor1 == -1) { + if(neighbor1 == -1 && neighbor2 != -1) { stl_update_connects_remove_1(stl, neighbor2); } - if(neighbor2 == -1) { + else if (neighbor2 == -1 && neighbor1 != -1) { stl_update_connects_remove_1(stl, neighbor1); } - neighbor3 = stl->neighbors_start[facet].neighbor[edge3]; vnot1 = stl->neighbors_start[facet].which_vertex_not[edge1]; vnot2 = stl->neighbors_start[facet].which_vertex_not[edge2]; @@ -826,7 +825,11 @@ void stl_update_connects_remove_1(stl_file *stl, int facet_num) { int j; - if (stl->error) return; + if ( + stl->error || + facet_num < 0 + ) return; + /* Update list of connected edges */ j = ((stl->neighbors_start[facet_num].neighbor[0] == -1) + (stl->neighbors_start[facet_num].neighbor[1] == -1) +