While all other places have proper null checks, the line in here is missing null checks when accessing mapping_element->first_property and reference_element->first_property.
Note that from what I could see, there are no direct ACE security concerns from this bug, as the Element::first_property reference is initialized to nullptr. However, it does mean user controlled input can crash the application by passing in FBX file with a geometry with "LayerElementMaterial" with "MappingInformationType" or "ReferenceInformationType" containing no properties, like this:
This group of issues are discovered when our team is porting OpenFBX library to run natively on C#. Our company is planning to use OpenFBX to expend model loading support for our game (and game engine), as we are currently using block bench parsing and loading only which provides limited features. While the modified C# port is currently closed source and for internal use only, it is undecided whether we will release the port in any format once it is to a stage we are happy with.
nem0
commented
1 year ago
While all other places have proper null checks, the line in here is missing null checks when accessing
mapping_element->first_propertyandreference_element->first_property.Note that from what I could see, there are no direct ACE security concerns from this bug, as the
Element::first_propertyreference is initialized tonullptr. However, it does mean user controlled input can crash the application by passing in FBX file with a geometry with "LayerElementMaterial" with "MappingInformationType" or "ReferenceInformationType" containing no properties, like this:Background info:
This group of issues are discovered when our team is porting OpenFBX library to run natively on C#. Our company is planning to use OpenFBX to expend model loading support for our game (and game engine), as we are currently using block bench parsing and loading only which provides limited features. While the modified C# port is currently closed source and for internal use only, it is undecided whether we will release the port in any format once it is to a stage we are happy with.