SpuGatheringCollisionTask buffer overflow

favreau / bullet

Automatically exported from code.google.com/p/bullet

0 stars 0 forks source link

SpuGatheringCollisionTask buffer overflow #561

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

SpuGatheringCollisionTask degenerateStats array has room for a gjk degeneracy 
value from 0 to 10. But btGjkPairDetector can set m_degenerateSimplex to 11, 
12, or 13.

The resulting buffer overflow leads to memory corruption.

Original issue reported on code.google.com by ja...@orcon.net.nz on 23 Oct 2011 at 7:11

GoogleCodeExporter commented 9 years ago

Good point, I'll fix it right now

Original comment by erwin.coumans on 24 Oct 2011 at 5:53

GoogleCodeExporter commented 9 years ago

Fixed in latest trunk:
http://code.google.com/p/bullet/source/detail?r=2445

Thanks for the report!

Original comment by erwin.coumans on 27 Oct 2011 at 8:26

Changed state: Fixed