Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mesh.Faces use wrong array length of buffer #7

Open
ZenDay opened this issue Oct 17, 2024 · 2 comments
Open

mesh.Faces use wrong array length of buffer #7

ZenDay opened this issue Oct 17, 2024 · 2 comments

Comments

@ZenDay
Copy link

ZenDay commented Oct 17, 2024

In the function mesh.Faces, using the variable NumFaces as the buffer's length will cause the program to access unknown memory.
In fact, we should use 3 * NumFaces as the buffer's length.

As shown in the code below:

func (m *Mesh) Faces(buffer []uint32) []uint32 {
	n := m.NumFaces()*3
	if len(buffer) < int(n) {
		buffer = append(buffer, make([]uint32, int(n)-len(buffer))...)
	}
	C.dracoMeshGetIndices(m.ref, C.size_t(n*4), (*C.uint32_t)(unsafe.Pointer(&buffer[0])))
	return buffer[:n]
}
@qmuntal
Copy link
Owner

qmuntal commented Oct 17, 2024

Thanks for reporting. Could you share a gltf model that triggers the bug?

@ZenDay
Copy link
Author

ZenDay commented Oct 18, 2024

Thanks for reporting. Could you share a gltf model that triggers the bug?

It will definitely produce the following error as long as you keep looping to decode any GLB file (about 100 times):

unexpected fault address 0xa4200000b4a
fatal error: fault
[signal SIGSEGV: segmentation violation code=0x1 addr=0xa4200000b4a pc=0x10300c773]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qmuntal @ZenDay