From 8582ca9c81791040ec236a12a6265e637bffcd5a Mon Sep 17 00:00:00 2001 From: Reini Urban Date: Sat, 1 Aug 2020 16:24:32 +0200 Subject: [PATCH] spec: fix MATERIAL.map the 2nd mapper transmatrix was wrong, we need a texture here. This caused a double-free if map.source == 2. Only found via fuzzing GH #256 by @seviezhou. --- src/dwg.spec | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/dwg.spec b/src/dwg.spec index a6bf7e06ac..fa6a49849e 100644 --- a/src/dwg.spec +++ b/src/dwg.spec @@ -7623,15 +7623,15 @@ DWG_SUBCLASS_DECL (MATERIAL, Texture_diffusemap); } #define MAT_MAP(map, dxf1, dxf2, dxf3, dxf4, dxf5, dxf6, dxf7) \ - FIELD_BD (map.blendfactor, dxf1); \ - MAT_MAPPER (map, dxf4, dxf5, dxf6, dxf7); \ - FIELD_RC (map.source, dxf2); /* 0 scene, 1 file (def), 2 procedural */ \ - if (FIELD_VALUE (map.source) == 1) \ - { \ - FIELD_T (map.filename, dxf3); /* if NULL no map */ \ - } \ - else if (FIELD_VALUE (map.source) == 2) \ - MAT_MAPPER (map, dxf4, dxf5, dxf6, dxf7) + FIELD_BD (map.blendfactor, dxf1); \ + MAT_MAPPER (map, dxf4, dxf5, dxf6, dxf7); \ + FIELD_RC (map.source, dxf2); /* 0 scene, 1 file (def), 2 procedural */ \ + if (FIELD_VALUE (map.source) == 1) \ + { \ + FIELD_T (map.filename, dxf3); /* if NULL no map */ \ + } \ + else if (FIELD_VALUE (map.source) == 2) \ + MAT_TEXTURE (map, 0) #define Texture_diffusemap_fields MAT_TEXTURE (diffusemap, 0) DWG_SUBCLASS (MATERIAL, Texture_diffusemap);