From d49aed4585c0f064963e126165ae5b434d118de3 Mon Sep 17 00:00:00 2001 From: Max Vollmer Date: Mon, 11 Jan 2021 08:45:47 +0000 Subject: [PATCH 1/3] * Check that buffer view has buffer * Handle integer overflow when calculating byte length * Minor code cleanup for exception messages --- code/AssetLib/glTF2/glTF2Asset.inl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/code/AssetLib/glTF2/glTF2Asset.inl b/code/AssetLib/glTF2/glTF2Asset.inl index 456da9772..0e265efef 100644 --- a/code/AssetLib/glTF2/glTF2Asset.inl +++ b/code/AssetLib/glTF2/glTF2Asset.inl @@ -560,18 +560,17 @@ inline void BufferView::Read(Value &obj, Asset &r) { buffer = r.buffers.Retrieve(bufferVal->GetUint()); } + if (!buffer) { + throw DeadlyImportError("GLTF: Buffer view without valid buffer."); + } + byteOffset = MemberOrDefault(obj, "byteOffset", size_t(0)); byteLength = MemberOrDefault(obj, "byteLength", size_t(0)); byteStride = MemberOrDefault(obj, "byteStride", 0u); // Check length if ((byteOffset + byteLength) > buffer->byteLength) { - const uint8_t val_size = 64; - - char val[val_size]; - - ai_snprintf(val, val_size, "%llu, %llu", (unsigned long long)byteOffset, (unsigned long long)byteLength); - throw DeadlyImportError("GLTF: Buffer view with offset/length (", val, ") is out of range."); + throw DeadlyImportError("GLTF: Buffer view with offset/length (", byteOffset, "/", byteLength, ") is out of range."); } } @@ -649,13 +648,14 @@ inline void Accessor::Read(Value &obj, Asset &r) { if (bufferView) { // Check length unsigned long long byteLength = (unsigned long long)GetBytesPerComponent() * (unsigned long long)count; + + // handle integer overflow + if (byteLength < count) { + throw DeadlyImportError("GLTF: Accessor with offset/count (", byteOffset, "/", count, ") is out of range."); + } + if ((byteOffset + byteLength) > bufferView->byteLength || (bufferView->byteOffset + byteOffset + byteLength) > bufferView->buffer->byteLength) { - const uint8_t val_size = 64; - - char val[val_size]; - - ai_snprintf(val, val_size, "%llu, %llu", (unsigned long long)byteOffset, (unsigned long long)byteLength); - throw DeadlyImportError("GLTF: Accessor with offset/length (", val, ") is out of range."); + throw DeadlyImportError("GLTF: Accessor with offset/length (", byteOffset, "/", byteLength, ") is out of range."); } } From 9174bca3f76dd0f5d82e0192bb6212e89c158a17 Mon Sep 17 00:00:00 2001 From: kkulling Date: Tue, 12 Jan 2021 10:01:53 +0100 Subject: [PATCH 2/3] closes https://github.com/assimp/assimp/issues/3517: use const instead of constexpr --- code/AssetLib/AC/ACLoader.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/code/AssetLib/AC/ACLoader.h b/code/AssetLib/AC/ACLoader.h index 92a5114f1..c0bf97866 100644 --- a/code/AssetLib/AC/ACLoader.h +++ b/code/AssetLib/AC/ACLoader.h @@ -4,7 +4,6 @@ Open Asset Import Library (assimp) Copyright (c) 2006-2020, assimp team - All rights reserved. Redistribution and use of this software in source and binary forms, @@ -117,7 +116,7 @@ public: Mask = 0xf, }; - inline constexpr uint8_t GetType() const { return (flags & Mask); } + inline const uint8_t GetType() const { return (flags & Mask); } }; // Represents an AC3D object From 484ac21ef5e772b96186f3b57d19cacf19d3ebba Mon Sep 17 00:00:00 2001 From: Kim Kulling Date: Thu, 14 Jan 2021 11:53:25 +0100 Subject: [PATCH 3/3] Remove dependency to posix-extension function --- include/assimp/StringComparison.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/assimp/StringComparison.h b/include/assimp/StringComparison.h index 255123c0e..21007bf68 100644 --- a/include/assimp/StringComparison.h +++ b/include/assimp/StringComparison.h @@ -145,11 +145,7 @@ int ASSIMP_stricmp(const char *s1, const char *s2) { #if (defined _MSC_VER) return ::_stricmp(s1, s2); -#elif defined(__GNUC__) - - return ::strcasecmp(s1, s2); #else - char c1, c2; do { c1 = tolower(*s1++);