!62 Fix CVE-2025-2151

From: @wk333 Reviewed-by: @wang--ge Signed-off-by: @wang--ge
2025-03-20 06:11:44 +00:00 · 2025-03-20 06:11:44 +00:00 · 99d4d5360a
commit 99d4d5360a
parent ff5bf87f5a 99724aac73
2 changed files with 37 additions and 1 deletions
--- a/CVE-2025-2151.patch
+++ b/CVE-2025-2151.patch
@ -0,0 +1,32 @@
+From d2c6e64a1122884570caf4aaa589d810f5351f28 Mon Sep 17 00:00:00 2001
+From: Kim Kulling <kimkulling@users.noreply.github.com>
+Date: Thu, 13 Mar 2025 10:17:43 +0100
+Subject: [PATCH] Fix: Avoid override in line parsing (#6048)
+
+Origin: https://github.com/assimp/assimp/commit/d2c6e64a1122884570caf4aaa589d810f5351f28
+
+* Fix: Avoid override in line parsing
+
+- closes https://github.com/assimp/assimp/issues/6026
+
+* Update ParsingUtils.h
+---
+ code/ParsingUtils.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/code/ParsingUtils.h b/code/ParsingUtils.h
+index 2371ee6..1617112 100644
+--- a/code/ParsingUtils.h
+++ b/code/ParsingUtils.h
+@@ -184,7 +184,7 @@ AI_FORCE_INLINE bool GetNextLine( const char_t*& buffer, char_t out[ BufferSize
+     }
+     *_out = (char_t)'\0';
+ 
+-    while( IsLineEnd( *buffer ) && '\0' != *buffer ) {
+    while( IsLineEnd( *buffer ) && '\0' != *buffer && buffer != end) {
+         ++buffer;
+     }
+ 
+-- 
+2.33.0
+
--- a/assimp.spec
+++ b/assimp.spec
@ -1,6 +1,6 @@
 Name:          assimp
 Version:       3.3.1
-Release:       21
+Release:       22
 Summary:       Library to load and process various 3D model formats into applications.
 License:       BSD and MIT
 URL:           http://assimp.sourceforge.net
@ -14,6 +14,7 @@ Patch0006:     0001-Morph-animation-support-for-collada.patch
 Patch0007:     0001-Enable-doxygen-been-properly-used-from-cmake-build-a.patch
 Patch0008:     0001-Apply-mechanism-to-decide-use-for-IrrXML-external-or.patch
 Patch0009:     CVE-2024-48425.patch
+Patch0010:     CVE-2025-2151.patch
 BuildRequires: gcc-c++ boost-devel cmake dos2unix irrlicht-devel irrXML-devel
 BuildRequires: doxygen poly2tri-devel gtest-devel pkgconfig(zzip-zlib-config)
 BuildRequires: pkgconfig(zlib) pkgconfig(minizip) pkgconfig(python2) python2-rpm-macros
@ -117,6 +118,9 @@ install -m 0644 port/PyAssimp/pyassimp/*.py %{buildroot}%{python3_sitelib}/pyass
 %{python3_sitelib}/pyassimp

 %changelog
+* Thu Mar 20 2025 wangkai <13474090681@163.com> - 3.3.1-22
+- Fix CVE-2025-2151
+
 * Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 3.3.1-21
 - Fix CVE-2024-48425