From 9194af68f2052978b34fbf98e0841d384b46a000 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Thu, 19 Sep 2024 11:16:16 +0800
Subject: [PATCH] fix CVE-2024-45679

(cherry picked from commit 50af6653b5e7d1dd112722624c6f1b48dd5f68a5)
---
 CVE-2024-45679.patch | 38 ++++++++++++++++++++++++++++++++++++++
 assimp.spec          |  6 +++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-45679.patch

diff --git a/CVE-2024-45679.patch b/CVE-2024-45679.patch
new file mode 100644
index 0000000..389442e
--- /dev/null
+++ b/CVE-2024-45679.patch
@@ -0,0 +1,38 @@
+From e4e2c63e0c2c449cd69fb9a3269e865eb83c241d Mon Sep 17 00:00:00 2001
+From: Alexandre Avenel <alexandre.avenel@ls-vr.com>
+Date: Sat, 4 Nov 2023 10:28:19 +0100
+Subject: [PATCH] Fix heap-buffer overflow in PLY parser
+Origin: https://github.com/assimp/assimp/commit/e4e2c63e0c2c449cd69fb9a3269e865eb83c241d
+
+---
+ code/AssetLib/Ply/PlyParser.cpp | 3 ++-
+ include/assimp/IOStreamBuffer.h | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/code/AssetLib/Ply/PlyParser.cpp b/code/AssetLib/Ply/PlyParser.cpp
+index 6edba71fca..662da805ea 100644
+--- a/code/AssetLib/Ply/PlyParser.cpp
++++ b/code/AssetLib/Ply/PlyParser.cpp
+@@ -425,7 +425,8 @@ bool PLY::DOM::ParseHeader(IOStreamBuffer<char> &streamBuffer, std::vector<char>
+             break;
+         } else {
+             // ignore unknown header elements
+-            streamBuffer.getNextLine(buffer);
++            if (!streamBuffer.getNextLine(buffer))
++              return false;
+         }
+     }
+ 
+diff --git a/include/assimp/IOStreamBuffer.h b/include/assimp/IOStreamBuffer.h
+index fae480e715..47db35a957 100644
+--- a/include/assimp/IOStreamBuffer.h
++++ b/include/assimp/IOStreamBuffer.h
+@@ -287,7 +287,7 @@ static AI_FORCE_INLINE bool isEndOfCache(size_t pos, size_t cacheSize) {
+ template <class T>
+ AI_FORCE_INLINE bool IOStreamBuffer<T>::getNextLine(std::vector<T> &buffer) {
+     buffer.resize(m_cacheSize);
+-    if (isEndOfCache(m_cachePos, m_cacheSize) || 0 == m_filePos) {
++    if (m_cachePos >= m_cacheSize || 0 == m_filePos) {
+         if (!readNextBlock()) {
+             return false;
+         }
diff --git a/assimp.spec b/assimp.spec
index 1a8dfea..d537004 100644
--- a/assimp.spec
+++ b/assimp.spec
@@ -1,6 +1,6 @@
 Name:          assimp
 Version:       5.3.1
-Release:       3
+Release:       4
 Summary:       Library to load and process various 3D model formats into applications.
 License:       BSD and MIT and LGPL-2.1 and LGPL-2.0 and GPL-2.0 and LGPL-3.0 and GPL-3.0
 URL:           http://www.assimp.org/
@@ -13,6 +13,7 @@ URL:           http://www.assimp.org/
 Source0:       assimp-%{version}-free.tar.xz
 
 Patch01:       CVE-2024-40724-Fix-out-of-bound-access-5651.patch
+Patch02:       CVE-2024-45679.patch
 
 BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
 BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zziplib)
@@ -92,6 +93,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
 %{python3_sitelib}/pyassimp
 
 %changelog
+* Thu Sep 19 2024 wangkai <13474090681@163.com> - 5.3.1-4
+- fix CVE-2024-45679
+
 * Mon Jul 22 2024 yinyongkang <yinyongkang@kylinos.cn> - 5.3.1-3
 - fix CVE-2024-40724
 
-- 
Gitee