From 2497a9f22851aa8f653e66514a81cbcc8407f97f Mon Sep 17 00:00:00 2001 From: Jan Date: Sun, 28 Apr 2024 14:36:02 +0200 Subject: [PATCH] fix: use after free when dumping xmodel vertex weights --- .../Game/IW3/AssetDumpers/AssetDumperXModel.cpp | 8 ++++---- .../Game/IW4/AssetDumpers/AssetDumperXModel.cpp | 8 ++++---- .../Game/IW5/AssetDumpers/AssetDumperXModel.cpp | 8 ++++---- src/ObjWriting/Game/T5/AssetDumpers/AssetDumperXModel.cpp | 8 ++++---- src/ObjWriting/Game/T6/AssetDumpers/AssetDumperXModel.cpp | 8 ++++---- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/ObjWriting/Game/IW3/AssetDumpers/AssetDumperXModel.cpp b/src/ObjWriting/Game/IW3/AssetDumpers/AssetDumperXModel.cpp index 82b1ed39..d720515d 100644 --- a/src/ObjWriting/Game/IW3/AssetDumpers/AssetDumperXModel.cpp +++ b/src/ObjWriting/Game/IW3/AssetDumpers/AssetDumperXModel.cpp @@ -393,10 +393,11 @@ namespace weightCollection.weights.resize(totalWeightCount); } - void AddXModelVertexBoneWeights(XModelCommon& out, const XModel* model, const unsigned lod, XModelVertexBoneWeightCollection& weightCollection) + void AddXModelVertexBoneWeights(XModelCommon& out, const XModel* model, const unsigned lod) { const auto* surfs = &model->surfs[model->lodInfo[lod].surfIndex]; const auto surfCount = model->lodInfo[lod].numsurfs; + auto& weightCollection = out.m_bone_weight_data; size_t weightOffset = 0u; @@ -533,14 +534,13 @@ namespace void PopulateXModelWriter(XModelCommon& out, const AssetDumpingContext& context, const unsigned lod, const XModel* model) { DistinctMapper materialMapper(model->numsurfs); - XModelVertexBoneWeightCollection boneWeightCollection; - AllocateXModelBoneWeights(model, lod, boneWeightCollection); + AllocateXModelBoneWeights(model, lod, out.m_bone_weight_data); AddXModelBones(out, context, model); AddXModelMaterials(out, materialMapper, model); AddXModelObjects(out, model, lod, materialMapper); AddXModelVertices(out, model, lod); - AddXModelVertexBoneWeights(out, model, lod, boneWeightCollection); + AddXModelVertexBoneWeights(out, model, lod); AddXModelFaces(out, model, lod); } diff --git a/src/ObjWriting/Game/IW4/AssetDumpers/AssetDumperXModel.cpp b/src/ObjWriting/Game/IW4/AssetDumpers/AssetDumperXModel.cpp index 419ce4e1..a1064a0a 100644 --- a/src/ObjWriting/Game/IW4/AssetDumpers/AssetDumperXModel.cpp +++ b/src/ObjWriting/Game/IW4/AssetDumpers/AssetDumperXModel.cpp @@ -390,8 +390,9 @@ namespace weightCollection.weights.resize(totalWeightCount); } - void AddXModelVertexBoneWeights(XModelCommon& out, const XModelSurfs* modelSurfs, XModelVertexBoneWeightCollection& weightCollection) + void AddXModelVertexBoneWeights(XModelCommon& out, const XModelSurfs* modelSurfs) { + auto& weightCollection = out.m_bone_weight_data; size_t weightOffset = 0u; for (auto surfIndex = 0u; surfIndex < modelSurfs->numsurfs; surfIndex++) @@ -526,14 +527,13 @@ namespace const auto* modelSurfs = model->lodInfo[lod].modelSurfs; DistinctMapper materialMapper(model->numsurfs); - XModelVertexBoneWeightCollection boneWeightCollection; - AllocateXModelBoneWeights(modelSurfs, boneWeightCollection); + AllocateXModelBoneWeights(modelSurfs, out.m_bone_weight_data); AddXModelBones(out, context, model); AddXModelMaterials(out, materialMapper, model); AddXModelObjects(out, modelSurfs, materialMapper, model->lodInfo[lod].surfIndex); AddXModelVertices(out, modelSurfs); - AddXModelVertexBoneWeights(out, modelSurfs, boneWeightCollection); + AddXModelVertexBoneWeights(out, modelSurfs); AddXModelFaces(out, modelSurfs); } diff --git a/src/ObjWriting/Game/IW5/AssetDumpers/AssetDumperXModel.cpp b/src/ObjWriting/Game/IW5/AssetDumpers/AssetDumperXModel.cpp index 1be3b9f2..a11240e8 100644 --- a/src/ObjWriting/Game/IW5/AssetDumpers/AssetDumperXModel.cpp +++ b/src/ObjWriting/Game/IW5/AssetDumpers/AssetDumperXModel.cpp @@ -389,8 +389,9 @@ namespace weightCollection.weights.resize(totalWeightCount); } - void AddXModelVertexBoneWeights(XModelCommon& out, const XModelSurfs* modelSurfs, XModelVertexBoneWeightCollection& weightCollection) + void AddXModelVertexBoneWeights(XModelCommon& out, const XModelSurfs* modelSurfs) { + auto& weightCollection = out.m_bone_weight_data; size_t weightOffset = 0u; for (auto surfIndex = 0u; surfIndex < modelSurfs->numsurfs; surfIndex++) @@ -525,14 +526,13 @@ namespace const auto* modelSurfs = model->lodInfo[lod].modelSurfs; DistinctMapper materialMapper(model->numsurfs); - XModelVertexBoneWeightCollection boneWeightCollection; - AllocateXModelBoneWeights(modelSurfs, boneWeightCollection); + AllocateXModelBoneWeights(modelSurfs, out.m_bone_weight_data); AddXModelBones(out, context, model); AddXModelMaterials(out, materialMapper, model); AddXModelObjects(out, modelSurfs, materialMapper, model->lodInfo[lod].surfIndex); AddXModelVertices(out, modelSurfs); - AddXModelVertexBoneWeights(out, modelSurfs, boneWeightCollection); + AddXModelVertexBoneWeights(out, modelSurfs); AddXModelFaces(out, modelSurfs); } diff --git a/src/ObjWriting/Game/T5/AssetDumpers/AssetDumperXModel.cpp b/src/ObjWriting/Game/T5/AssetDumpers/AssetDumperXModel.cpp index a77887a7..82d59797 100644 --- a/src/ObjWriting/Game/T5/AssetDumpers/AssetDumperXModel.cpp +++ b/src/ObjWriting/Game/T5/AssetDumpers/AssetDumperXModel.cpp @@ -393,10 +393,11 @@ namespace weightCollection.weights.resize(totalWeightCount); } - void AddXModelVertexBoneWeights(XModelCommon& out, const XModel* model, const unsigned lod, XModelVertexBoneWeightCollection& weightCollection) + void AddXModelVertexBoneWeights(XModelCommon& out, const XModel* model, const unsigned lod) { const auto* surfs = &model->surfs[model->lodInfo[lod].surfIndex]; const auto surfCount = model->lodInfo[lod].numsurfs; + auto& weightCollection = out.m_bone_weight_data; size_t weightOffset = 0u; @@ -533,14 +534,13 @@ namespace void PopulateXModelWriter(XModelCommon& out, const AssetDumpingContext& context, const unsigned lod, const XModel* model) { DistinctMapper materialMapper(model->numsurfs); - XModelVertexBoneWeightCollection boneWeightCollection; - AllocateXModelBoneWeights(model, lod, boneWeightCollection); + AllocateXModelBoneWeights(model, lod, out.m_bone_weight_data); AddXModelBones(out, context, model); AddXModelMaterials(out, materialMapper, model); AddXModelObjects(out, model, lod, materialMapper); AddXModelVertices(out, model, lod); - AddXModelVertexBoneWeights(out, model, lod, boneWeightCollection); + AddXModelVertexBoneWeights(out, model, lod); AddXModelFaces(out, model, lod); } diff --git a/src/ObjWriting/Game/T6/AssetDumpers/AssetDumperXModel.cpp b/src/ObjWriting/Game/T6/AssetDumpers/AssetDumperXModel.cpp index bfeaa64c..526dfa68 100644 --- a/src/ObjWriting/Game/T6/AssetDumpers/AssetDumperXModel.cpp +++ b/src/ObjWriting/Game/T6/AssetDumpers/AssetDumperXModel.cpp @@ -411,10 +411,11 @@ namespace weightCollection.weights.resize(totalWeightCount); } - void AddXModelVertexBoneWeights(XModelCommon& out, const XModel* model, const unsigned lod, XModelVertexBoneWeightCollection& weightCollection) + void AddXModelVertexBoneWeights(XModelCommon& out, const XModel* model, const unsigned lod) { const auto* surfs = &model->surfs[model->lodInfo[lod].surfIndex]; const auto surfCount = model->lodInfo[lod].numsurfs; + auto& weightCollection = out.m_bone_weight_data; if (!surfs) return; @@ -557,14 +558,13 @@ namespace void PopulateXModelWriter(XModelCommon& out, const AssetDumpingContext& context, const unsigned lod, const XModel* model) { DistinctMapper materialMapper(model->numsurfs); - XModelVertexBoneWeightCollection boneWeightCollection; - AllocateXModelBoneWeights(model, lod, boneWeightCollection); + AllocateXModelBoneWeights(model, lod, out.m_bone_weight_data); AddXModelBones(out, context, model); AddXModelMaterials(out, materialMapper, model); AddXModelObjects(out, model, lod, materialMapper); AddXModelVertices(out, model, lod); - AddXModelVertexBoneWeights(out, model, lod, boneWeightCollection); + AddXModelVertexBoneWeights(out, model, lod); AddXModelFaces(out, model, lod); }