Skip to content

fix: add bounds checking in normalizeSkinningWeights to prevent heap OOB write#9878

Open
YLChen-007 wants to merge 1 commit intogoogle:mainfrom
YLChen-007:fix/gltfio-oob-skinning-weights
Open

fix: add bounds checking in normalizeSkinningWeights to prevent heap OOB write#9878
YLChen-007 wants to merge 1 commit intogoogle:mainfrom
YLChen-007:fix/gltfio-oob-skinning-weights

Conversation

@YLChen-007
Copy link
Copy Markdown

@YLChen-007 YLChen-007 commented Apr 4, 2026

Summary

Fix a heap buffer overflow vulnerability in normalizeSkinningWeights (resolves #9877).

Problem

The normalize lambda in libs/gltfio/src/ResourceLoader.cpp trusts the glTF accessor's count field without validating it against the actual buffer size. A maliciously crafted .gltf file can specify an arbitrarily large count with a small buffer, causing out-of-bounds heap writes during skinning weight normalization.

This leads to:

  • Denial of Service via segfault
  • Potential code execution via heap memory corruption

Any application using Filament's gltfio with normalizeSkinningWeights = true (the default in gltf_viewer, Android ModelViewer, Web viewer, etc.) is vulnerable when loading untrusted glTF files.

Fix

This patch adds bounds checking to the normalize lambda:

  1. Null pointer validation: Check buffer_view, buffer, and data pointers before dereferencing
  2. Offset validation: Ensure totalOffset (viewOffset + accessorOffset) does not exceed buffer size
  3. Safe count computation: Calculate the maximum number of elements that fit within the buffer based on available bytes and stride
  4. Count clamping: Clamp data->count to the safe maximum with a LOG(WARNING) message

The fix gracefully handles malformed inputs by clamping the iteration count rather than crashing.

Testing

Verified with a standalone harness mirroring the normalizeSkinningWeights logic:

Test Case Input Expected Result
Exploit (poc.gltf) count=1000000, buffer=16 bytes No crash, warning logged ✅ Pass
Control (control.gltf) count=1, buffer=16 bytes Normal processing ✅ Pass
Unpatched baseline Exploit → segfault (exit 139) Crash confirmed ✅ Confirmed

Changes

  • libs/gltfio/src/ResourceLoader.cpp: Added bounds checking in normalizeSkinningWeights normalize lambda (+38 lines, -2 lines)

@cyl-auth
fix: add bounds checking in normalizeSkinningWeights to prevent heap …
1df7101 
…OOB write

The normalize lambda in normalizeSkinningWeights trusts the accessor's
count field without validating it against the actual buffer size. A
maliciously crafted glTF file can set an arbitrarily large count with a
small buffer, causing out-of-bounds heap writes during weight
normalization.

This patch adds the following safety checks:
- Null pointer validation for buffer_view, buffer, and data pointers
- Offset validation to ensure accessor offset is within buffer bounds
- Safe count computation based on available buffer bytes and stride
- Clamping of accessor count to prevent out-of-bounds access

The fix gracefully handles malformed inputs by clamping the iteration
count and logging a warning, rather than crashing or corrupting memory.
@google-cla
Copy link
Copy Markdown

google-cla bot commented Apr 4, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@YLChen-007 YLChen-007 mentioned this pull request Apr 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Heap Buffer Overflow in gltfio normalizeSkinningWeights via malicious glTF file

2 participants

@YLChen-007 @cyl-auth