diff --git a/code/AssetLib/3MF/D3MFOpcPackage.cpp b/code/AssetLib/3MF/D3MFOpcPackage.cpp index ac5b91e67..8d51a7417 100644 --- a/code/AssetLib/3MF/D3MFOpcPackage.cpp +++ b/code/AssetLib/3MF/D3MFOpcPackage.cpp @@ -149,7 +149,7 @@ D3MFOpcPackage::D3MFOpcPackage(IOSystem *pIOHandler, const std::string &rFile) : IOStream *fileStream = mZipArchive->Open(file.c_str()); if (nullptr == fileStream) { - ai_assert(fileStream != nullptr); + ASSIMP_LOG_ERROR("Filestream is nullptr."); continue; } diff --git a/code/AssetLib/HMP/HMPLoader.cpp b/code/AssetLib/HMP/HMPLoader.cpp index 97c1858fb..661e4d1b2 100644 --- a/code/AssetLib/HMP/HMPLoader.cpp +++ b/code/AssetLib/HMP/HMPLoader.cpp @@ -451,6 +451,7 @@ void HMPImporter::ReadFirstSkin(unsigned int iNumSkins, const unsigned char *szC // now we need to skip any other skins ... for (unsigned int i = 1; i < iNumSkins; ++i) { + SizeCheck(szCursor + 3 * sizeof(uint32_t)); iType = *((uint32_t *)szCursor); szCursor += sizeof(uint32_t); iWidth = *((uint32_t *)szCursor); diff --git a/code/AssetLib/M3D/m3d.h b/code/AssetLib/M3D/m3d.h index b148c11d7..875007eab 100644 --- a/code/AssetLib/M3D/m3d.h +++ b/code/AssetLib/M3D/m3d.h @@ -896,7 +896,7 @@ char *_m3d_safestr(char *in, int morelines) { if (!out) return NULL; while (*i == ' ' || *i == '\t' || *i == '\r' || (morelines && *i == '\n')) i++; - for (; *i && (morelines || (*i != '\r' && *i != '\n')); i++) { + for (; *i && (morelines || (*i != '\r' && *i != '\n')) && o - out < l; i++) { if (*i == '\r') continue; if (*i == '\n') { if (morelines >= 3 && o > out && *(o - 1) == '\n') break; diff --git a/code/AssetLib/MDL/MDLLoader.cpp b/code/AssetLib/MDL/MDLLoader.cpp index 40475021b..c59375da0 100644 --- a/code/AssetLib/MDL/MDLLoader.cpp +++ b/code/AssetLib/MDL/MDLLoader.cpp @@ -600,7 +600,7 @@ void MDLImporter::InternReadFile_3DGS_MDL345() { // need to read all textures for (unsigned int i = 0; i < (unsigned int)pcHeader->num_skins; ++i) { - if (szCurrent >= szEnd) { + if (szCurrent + sizeof(uint32_t) > szEnd) { throw DeadlyImportError("Texture data past end of file."); } BE_NCONST MDL::Skin *pcSkin; diff --git a/code/AssetLib/MDL/MDLMaterialLoader.cpp b/code/AssetLib/MDL/MDLMaterialLoader.cpp index f44896819..62320814a 100644 --- a/code/AssetLib/MDL/MDLMaterialLoader.cpp +++ b/code/AssetLib/MDL/MDLMaterialLoader.cpp @@ -132,6 +132,9 @@ void MDLImporter::CreateTextureARGB8_3DGS_MDL3(const unsigned char *szData) { pcNew->mWidth = pcHeader->skinwidth; pcNew->mHeight = pcHeader->skinheight; + if(pcNew->mWidth != 0 && pcNew->mHeight > UINT_MAX/pcNew->mWidth) { + throw DeadlyImportError("Invalid MDL file. A texture is too big."); + } pcNew->pcData = new aiTexel[pcNew->mWidth * pcNew->mHeight]; const unsigned char *szColorMap; @@ -217,6 +220,9 @@ void MDLImporter::ParseTextureColorData(const unsigned char *szData, // allocate storage for the texture image if (do_read) { + if(pcNew->mWidth != 0 && pcNew->mHeight > UINT_MAX/pcNew->mWidth) { + throw DeadlyImportError("Invalid MDL file. A texture is too big."); + } pcNew->pcData = new aiTexel[pcNew->mWidth * pcNew->mHeight]; } diff --git a/code/Common/FileSystemFilter.h b/code/Common/FileSystemFilter.h index 6782dd9e5..81576aa6c 100644 --- a/code/Common/FileSystemFilter.h +++ b/code/Common/FileSystemFilter.h @@ -300,13 +300,14 @@ private: const char separator = getOsSeparator(); for (it = in.begin(); it != in.end(); ++it) { + int remaining = std::distance(in.end(), it); // Exclude :// and \\, which remain untouched. // https://sourceforge.net/tracker/?func=detail&aid=3031725&group_id=226462&atid=1067632 - if ( !strncmp(&*it, "://", 3 )) { + if (remaining >= 3 && !strncmp(&*it, "://", 3 )) { it += 3; continue; } - if (it == in.begin() && !strncmp(&*it, "\\\\", 2)) { + if (it == in.begin() && remaining >= 2 && !strncmp(&*it, "\\\\", 2)) { it += 2; continue; } diff --git a/code/Common/RemoveComments.cpp b/code/Common/RemoveComments.cpp index e1ba99761..9974e985a 100644 --- a/code/Common/RemoveComments.cpp +++ b/code/Common/RemoveComments.cpp @@ -64,20 +64,28 @@ void CommentRemover::RemoveLineComments(const char* szComment, if (len > lenBuffer) { len = lenBuffer; } - while (*szBuffer) { + + char *szCurrent = szBuffer; + while (*szCurrent) { // skip over quotes - if (*szBuffer == '\"' || *szBuffer == '\'') - while (*szBuffer++ && *szBuffer != '\"' && *szBuffer != '\''); - if (!strncmp(szBuffer,szComment,len)) { - while (!IsLineEnd(*szBuffer)) - *szBuffer++ = chReplacement; + if (*szCurrent == '\"' || *szCurrent == '\'') + while (*szCurrent++ && *szCurrent != '\"' && *szCurrent != '\''); - if (!*szBuffer) { + size_t lenRemaining = lenBuffer - (szCurrent - szBuffer); + if(lenRemaining < len) { + break; + } + + if (!strncmp(szCurrent,szComment,len)) { + while (!IsLineEnd(*szCurrent)) + *szCurrent++ = chReplacement; + + if (!*szCurrent) { break; } } - ++szBuffer; + ++szCurrent; } } diff --git a/contrib/openddlparser/code/OpenDDLParser.cpp b/contrib/openddlparser/code/OpenDDLParser.cpp index 0c9e0bd98..e2bef97a7 100644 --- a/contrib/openddlparser/code/OpenDDLParser.cpp +++ b/contrib/openddlparser/code/OpenDDLParser.cpp @@ -292,12 +292,15 @@ char *OpenDDLParser::parseHeader(char *in, char *end) { Property *first(nullptr); in = lookForNextToken(in, end); - if (*in == Grammar::OpenPropertyToken[0]) { + if (in != end && *in == Grammar::OpenPropertyToken[0]) { in++; Property *prop(nullptr), *prev(nullptr); - while (*in != Grammar::ClosePropertyToken[0] && in != end) { + while (in != end && *in != Grammar::ClosePropertyToken[0]) { in = OpenDDLParser::parseProperty(in, end, &prop); in = lookForNextToken(in, end); + if(in == end) { + break; + } if (*in != Grammar::CommaSeparator[0] && *in != Grammar::ClosePropertyToken[0]) { logInvalidTokenError(in, Grammar::ClosePropertyToken, m_logCallback); @@ -314,7 +317,9 @@ char *OpenDDLParser::parseHeader(char *in, char *end) { prev = prop; } } - ++in; + if(in != end) { + ++in; + } } // set the properties @@ -479,7 +484,7 @@ void OpenDDLParser::normalizeBuffer(std::vector &buffer) { // check for a comment if (isCommentOpenTag(c, end)) { ++readIdx; - while (!isCommentCloseTag(&buffer[readIdx], end)) { + while (readIdx < len && !isCommentCloseTag(&buffer[readIdx], end)) { ++readIdx; } ++readIdx; @@ -489,7 +494,7 @@ void OpenDDLParser::normalizeBuffer(std::vector &buffer) { if (isComment(c, end)) { ++readIdx; // skip the comment and the rest of the line - while (!isEndofLine(buffer[readIdx])) { + while (readIdx < len && !isEndofLine(buffer[readIdx])) { ++readIdx; } } @@ -548,8 +553,7 @@ char *OpenDDLParser::parseIdentifier(char *in, char *end, Text **id) { // get size of id size_t idLen(0); char *start(in); - while (!isSeparator(*in) && - !isNewLine(*in) && (in != end) && + while ((in != end) && !isSeparator(*in) && !isNewLine(*in) && *in != Grammar::OpenPropertyToken[0] && *in != Grammar::ClosePropertyToken[0] && *in != '$') { @@ -861,7 +865,7 @@ char *OpenDDLParser::parseProperty(char *in, char *end, Property **prop) { in = parseIdentifier(in, end, &id); if (nullptr != id) { in = lookForNextToken(in, end); - if (*in == '=') { + if (in != end && *in == '=') { ++in; in = getNextToken(in, end); Value *primData(nullptr); diff --git a/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h b/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h index 5f177f252..42ad675f8 100644 --- a/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h +++ b/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h @@ -318,7 +318,8 @@ static const unsigned char chartype_table[256] = { template inline bool isNumeric(const T in) { - return (chartype_table[static_cast(in)] == 1); + size_t idx = static_cast(in); + return idx < sizeof(chartype_table) && (chartype_table[idx] == 1); } template diff --git a/include/assimp/IOStreamBuffer.h b/include/assimp/IOStreamBuffer.h index d54774759..bbb5ef256 100644 --- a/include/assimp/IOStreamBuffer.h +++ b/include/assimp/IOStreamBuffer.h @@ -261,6 +261,11 @@ AI_FORCE_INLINE bool IOStreamBuffer::getNextDataLine(std::vector &buffer, buffer[i] = m_cache[m_cachePos]; ++m_cachePos; ++i; + + if(i == buffer.size()) { + buffer.resize(buffer.size() * 2); + } + if (m_cachePos >= size()) { break; } @@ -308,6 +313,11 @@ AI_FORCE_INLINE bool IOStreamBuffer::getNextLine(std::vector &buffer) { buffer[i] = m_cache[m_cachePos]; ++m_cachePos; ++i; + + if(i == buffer.size()) { + buffer.resize(buffer.size() * 2); + } + if (m_cachePos >= m_cacheSize) { if (!readNextBlock()) { return false; diff --git a/include/assimp/port/AndroidJNI/AndroidJNIIOSystem.h b/include/assimp/port/AndroidJNI/AndroidJNIIOSystem.h index 01505d571..29ad8e079 100644 --- a/include/assimp/port/AndroidJNI/AndroidJNIIOSystem.h +++ b/include/assimp/port/AndroidJNI/AndroidJNIIOSystem.h @@ -2,7 +2,7 @@ Open Asset Import Library (assimp) ---------------------------------------------------------------------- -Copyright (c) 2006-2020, assimp team +Copyright (c) 2006-2021, assimp team All rights reserved. Redistribution and use of this software in source and binary forms, @@ -54,36 +54,32 @@ namespace Assimp { // --------------------------------------------------------------------------- /** Android extension to DefaultIOSystem using the standard C file functions */ -class ASSIMP_API AndroidJNIIOSystem : public DefaultIOSystem -{ +class ASSIMP_API AndroidJNIIOSystem : public DefaultIOSystem { public: - /** Initialize android activity data */ std::string mApkWorkspacePath; AAssetManager* mApkAssetManager; - /** Constructor. */ + /// Constructor. AndroidJNIIOSystem(ANativeActivity* activity); - /** Destructor. */ + /// Class constructor with past and asset manager. + AndroidJNIIOSystem(const char *internalPath, AAssetManager* assetManager); + + /// Destructor. ~AndroidJNIIOSystem(); - // ------------------------------------------------------------------- - /** Tests for the existence of a file at the given path. */ + /// Tests for the existence of a file at the given path. bool Exists( const char* pFile) const; - // ------------------------------------------------------------------- - /** Opens a file at the given path, with given mode */ + /// Opens a file at the given path, with given mode IOStream* Open( const char* strFile, const char* strMode); - // ------------------------------------------------------------------------------------------------ - // Inits Android extractor + /// Inits Android extractor void AndroidActivityInit(ANativeActivity* activity); - // ------------------------------------------------------------------------------------------------ - // Extracts android asset + /// Extracts android asset bool AndroidExtractAsset(std::string name); - }; } //!ns Assimp diff --git a/port/AndroidJNI/AndroidJNIIOSystem.cpp b/port/AndroidJNI/AndroidJNIIOSystem.cpp index db499a20b..e0f812362 100644 --- a/port/AndroidJNI/AndroidJNIIOSystem.cpp +++ b/port/AndroidJNI/AndroidJNIIOSystem.cpp @@ -3,7 +3,7 @@ Open Asset Import Library (assimp) --------------------------------------------------------------------------- -Copyright (c) 2006-2020, assimp team +Copyright (c) 2006-2021, assimp team All rights reserved. @@ -67,45 +67,50 @@ AndroidJNIIOSystem::AndroidJNIIOSystem(ANativeActivity* activity) AndroidActivityInit(activity); } +AndroidJNIIOSystem::AndroidJNIIOSystem(const char *internalPath, AAssetManager* assetManager) : + mApkWorkspacePath(internalPath), + mApkAssetManager(assetManager) { + // empty +} + // ------------------------------------------------------------------------------------------------ // Destructor. -AndroidJNIIOSystem::~AndroidJNIIOSystem() -{ - // nothing to do here +AndroidJNIIOSystem::~AndroidJNIIOSystem() { + // nothing to do here } // ------------------------------------------------------------------------------------------------ // Tests for the existence of a file at the given path. -bool AndroidJNIIOSystem::Exists( const char* pFile) const -{ - AAsset* asset = AAssetManager_open(mApkAssetManager, pFile, - AASSET_MODE_UNKNOWN); - FILE* file = ::fopen( (mApkWorkspacePath + getOsSeparator() + std::string(pFile)).c_str(), "rb"); +bool AndroidJNIIOSystem::Exists( const char* pFile) const { + AAsset* asset = AAssetManager_open(mApkAssetManager, pFile, AASSET_MODE_UNKNOWN); + FILE* file = ::fopen( (mApkWorkspacePath + getOsSeparator() + std::string(pFile)).c_str(), "rb"); + + if (!asset && !file) { + __android_log_print(ANDROID_LOG_ERROR, "Assimp", "Asset manager can not find: %s", pFile); + return false; + } - if (!asset && !file) - { - __android_log_print(ANDROID_LOG_ERROR, "Assimp", "Asset manager can not find: %s", pFile); - return false; - } - - __android_log_print(ANDROID_LOG_ERROR, "Assimp", "Asset exists"); - if (file) - ::fclose( file); - return true; + __android_log_print(ANDROID_LOG_ERROR, "Assimp", "Asset exists"); + if (file) { + ::fclose( file); + } + + return true; } // ------------------------------------------------------------------------------------------------ // Inits Android extractor -void AndroidJNIIOSystem::AndroidActivityInit(ANativeActivity* activity) -{ - mApkWorkspacePath = activity->internalDataPath; - mApkAssetManager = activity->assetManager; +void AndroidJNIIOSystem::AndroidActivityInit(ANativeActivity* activity) { + if (activity == nullptr) { + return; + } + mApkWorkspacePath = activity->internalDataPath; + mApkAssetManager = activity->assetManager; } // ------------------------------------------------------------------------------------------------ // Create the directory for the extracted resource -static int mkpath(std::string path, mode_t mode) -{ +static int mkpath(std::string path, mode_t mode) { if (mkdir(path.c_str(), mode) == -1) { switch(errno) { case ENOENT: @@ -125,82 +130,80 @@ static int mkpath(std::string path, mode_t mode) // ------------------------------------------------------------------------------------------------ // Extracts android asset -bool AndroidJNIIOSystem::AndroidExtractAsset(std::string name) -{ - std::string newPath = mApkWorkspacePath + getOsSeparator() + name; +bool AndroidJNIIOSystem::AndroidExtractAsset(std::string name) { + std::string newPath = mApkWorkspacePath + getOsSeparator() + name; - DefaultIOSystem io; + DefaultIOSystem io; - // Do not extract if extracted already - if ( io.Exists(newPath.c_str()) ) { - __android_log_print(ANDROID_LOG_DEFAULT, "Assimp", "Asset already extracted"); - return true; - } - // Open file - AAsset* asset = AAssetManager_open(mApkAssetManager, name.c_str(), + // Do not extract if extracted already + if ( io.Exists(newPath.c_str()) ) { + __android_log_print(ANDROID_LOG_DEFAULT, "Assimp", "Asset already extracted"); + return true; + } + + // Open file + AAsset* asset = AAssetManager_open(mApkAssetManager, name.c_str(), AASSET_MODE_UNKNOWN); - std::vector assetContent; + std::vector assetContent; - if (asset != NULL) { - // Find size - off_t assetSize = AAsset_getLength(asset); + if (asset != NULL) { + // Find size + off_t assetSize = AAsset_getLength(asset); - // Prepare input buffer - assetContent.resize(assetSize); + // Prepare input buffer + assetContent.resize(assetSize); - // Store input buffer - AAsset_read(asset, &assetContent[0], assetSize); + // Store input buffer + AAsset_read(asset, &assetContent[0], assetSize); - // Close - AAsset_close(asset); + // Close + AAsset_close(asset); - // Prepare directory for output buffer - std::string directoryNewPath = newPath; - directoryNewPath = dirname(&directoryNewPath[0]); + // Prepare directory for output buffer + std::string directoryNewPath = newPath; + directoryNewPath = dirname(&directoryNewPath[0]); - if (mkpath(directoryNewPath, S_IRUSR | S_IWUSR | S_IXUSR) == -1) { - __android_log_print(ANDROID_LOG_ERROR, "assimp", - "Can not create the directory for the output file"); - } + if (mkpath(directoryNewPath, S_IRUSR | S_IWUSR | S_IXUSR) == -1) { + __android_log_print(ANDROID_LOG_ERROR, "assimp", "Can not create the directory for the output file"); + } - // Prepare output buffer - std::ofstream assetExtracted(newPath.c_str(), - std::ios::out | std::ios::binary); - if (!assetExtracted) { - __android_log_print(ANDROID_LOG_ERROR, "assimp", - "Can not open output file"); - } + // Prepare output buffer + std::ofstream assetExtracted(newPath.c_str(), std::ios::out | std::ios::binary); + if (!assetExtracted) { + __android_log_print(ANDROID_LOG_ERROR, "assimp", "Can not open output file"); + } - // Write output buffer into a file - assetExtracted.write(&assetContent[0], assetContent.size()); - assetExtracted.close(); + // Write output buffer into a file + assetExtracted.write(&assetContent[0], assetContent.size()); + assetExtracted.close(); - __android_log_print(ANDROID_LOG_DEFAULT, "Assimp", "Asset extracted"); - } else { - __android_log_print(ANDROID_LOG_ERROR, "assimp", "Asset not found: %s", name.c_str()); - return false; - } - return true; + __android_log_print(ANDROID_LOG_DEFAULT, "Assimp", "Asset extracted"); + } else { + __android_log_print(ANDROID_LOG_ERROR, "assimp", "Asset not found: %s", name.c_str()); + return false; + } + + return true; } // ------------------------------------------------------------------------------------------------ // Open a new file with a given path. -IOStream* AndroidJNIIOSystem::Open( const char* strFile, const char* strMode) -{ - ai_assert(NULL != strFile); - ai_assert(NULL != strMode); +IOStream* AndroidJNIIOSystem::Open( const char* strFile, const char* strMode) { + ai_assert(nullptr != strFile); + ai_assert(nullptr != strMode); - std::string fullPath(mApkWorkspacePath + getOsSeparator() + std::string(strFile)); - if (Exists(strFile)) - AndroidExtractAsset(std::string(strFile)); + std::string fullPath(mApkWorkspacePath + getOsSeparator() + std::string(strFile)); + if (Exists(strFile)) { + AndroidExtractAsset(std::string(strFile)); + } - FILE* file = ::fopen( fullPath.c_str(), strMode); + FILE* file = ::fopen( fullPath.c_str(), strMode); + if (nullptr == file) { + return nullptr; + } - if( NULL == file) - return NULL; - - __android_log_print(ANDROID_LOG_ERROR, "assimp", "AndroidIOSystem: file %s opened", fullPath.c_str()); - return new DefaultIOStream(file, fullPath); + __android_log_print(ANDROID_LOG_ERROR, "assimp", "AndroidIOSystem: file %s opened", fullPath.c_str()); + return new DefaultIOStream(file, fullPath); } #undef PATHLIMIT