From b25ea20a18545e0800e8cce1a799149890fc49da Mon Sep 17 00:00:00 2001
From: Trevor Hollmann <thollmann@uni-koblenz.de>
Date: Tue, 17 Aug 2021 14:08:21 +0200
Subject: [PATCH] [#79] Handle OOB access errors to buffers.

---
 .../asset_loader/src/vkcv/asset/asset_loader.cpp   | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/modules/asset_loader/src/vkcv/asset/asset_loader.cpp b/modules/asset_loader/src/vkcv/asset/asset_loader.cpp
index 8042f1b2..ce8cbe87 100644
--- a/modules/asset_loader/src/vkcv/asset/asset_loader.cpp
+++ b/modules/asset_loader/src/vkcv/asset/asset_loader.cpp
@@ -350,7 +350,7 @@ namespace vkcv::asset {
 								Scene &scene, Mesh &mesh) {
 		mesh.vertexGroups.reserve(objectMesh.primitives.size());
 	
-		for (const auto & objectPrimitive : objectMesh.primitives) {
+		for (const auto &objectPrimitive : objectMesh.primitives) {
 			VertexGroup vertexGroup;
 			
 			vertexGroup.vertexBuffer.attributes.reserve(
@@ -397,7 +397,7 @@ namespace vkcv::asset {
 				const fx::gltf::Buffer& indexBuffer = sceneObjects.buffers[indexBufferView.buffer];
 				
 				// Because the buffers are already preloaded into the memory by the gltf-library,
-				// it makes no sense to later them later on manually again into memory.
+				// it makes no sense to load them later on manually again into memory.
 				vertexGroup.indexBuffer.data.resize(indexBufferView.byteLength);
 				memcpy(vertexGroup.indexBuffer.data.data(),
 					   indexBuffer.data.data() + indexBufferView.byteOffset,
@@ -413,7 +413,17 @@ namespace vkcv::asset {
 				return ASSET_ERROR;
 			}
 	
+			if (posAccessor.bufferView >= sceneObjects.bufferViews.size()) {
+				vkcv_log(LogLevel::ERROR, "Access to bufferView out of bounds: %lu",
+						posAccessor.bufferView);
+				return ASSET_ERROR;
+			}
 			const fx::gltf::BufferView& vertexBufferView = sceneObjects.bufferViews[posAccessor.bufferView];
+			if (vertexBufferView.buffer >= sceneObjects.buffers.size()) {
+				vkcv_log(LogLevel::ERROR, "Access to buffer out of bounds: %lu",
+						vertexBufferView.buffer);
+				return ASSET_ERROR;
+			}
 			const fx::gltf::Buffer& vertexBuffer = sceneObjects.buffers[vertexBufferView.buffer];
 			
 			// only copy relevant part of vertex data
-- 
GitLab