Buffer overrun: PLY with a header that specifies more vertices than what the file really has

[RamonArguelles]

Aka, if the header says there are 20 vertices, but the contents only have 19, you'll hit the problem.

Looking a little bit into the code, tinyply already uses the information from the header to allocate a buffer that should fit the file contents. The size of the buffer is thus known, but it is not passed all the way down. We coded a simple fix that mainly passes the buffer size a couple of frames down into the stack, when we are about to read from the file and copy into the buffer. If we pass the buffer size down, we can check if the copy is going to fit, and if not, throw an exception instead of attempting to reference beyond the buffer.

We tested our local fix with both master and variable-length branches, and it does seem to work. So, we are unblocked. But wanted to post the issue in case we can either directly contribute it back, or just share what we did for a potential future fix.

Thanks!

[ddiakopoulos]

Hey @RamonArguelles this is definitely a bug and thank you taking the time to properly diagnose, debug, and fix that! I'd be happy to accept a pull request.

[RamonArguelles]

Thanks a ton for your response, @ddiakopoulos. Sorry for delay. Just posted a couple of PRs for you to review whenever you have a chance. Opened separate ones for master and 2.4 branches, although the other alternative of getting the fix into master first, and then merging master into 2.4, would be possible too, after dealing with the possible merge conflicts.