From d51f033e203762fa4239eb8c47180dd5e2da262f Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Mon, 17 Apr 2023 21:30:47 +0200
Subject: [PATCH 1/2] Fix: Avoid integer overflow in inversion op

- closes https://github.com/assimp/assimp/issues/3424
---
 include/assimp/fast_atof.h | 33 ++++++++++++++-------------------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/include/assimp/fast_atof.h b/include/assimp/fast_atof.h
index 43bbbff64..61c053bc0 100644
--- a/include/assimp/fast_atof.h
+++ b/include/assimp/fast_atof.h
@@ -39,7 +39,7 @@
 
 namespace Assimp {
 
-const double fast_atof_table[16] =  {  // we write [16] here instead of [] to work around a swig bug
+constexpr double fast_atof_table[16] =  {  // we write [16] here instead of [] to work around a swig bug
     0.0,
     0.1,
     0.01,
@@ -58,12 +58,10 @@ const double fast_atof_table[16] =  {  // we write [16] here instead of [] to wo
     0.000000000000001
 };
 
-
 // ------------------------------------------------------------------------------------
 // Convert a string in decimal format to a number
 // ------------------------------------------------------------------------------------
-inline
-unsigned int strtoul10( const char* in, const char** out=0) {
+inline unsigned int strtoul10( const char* in, const char** out=0) {
     unsigned int value = 0;
 
     for ( ;; ) {
@@ -83,8 +81,7 @@ unsigned int strtoul10( const char* in, const char** out=0) {
 // ------------------------------------------------------------------------------------
 // Convert a string in octal format to a number
 // ------------------------------------------------------------------------------------
-inline
-unsigned int strtoul8( const char* in, const char** out=0) {
+inline unsigned int strtoul8( const char* in, const char** out=0) {
     unsigned int value( 0 );
     for ( ;; ) {
         if ( *in < '0' || *in > '7' ) {
@@ -103,8 +100,7 @@ unsigned int strtoul8( const char* in, const char** out=0) {
 // ------------------------------------------------------------------------------------
 // Convert a string in hex format to a number
 // ------------------------------------------------------------------------------------
-inline
-unsigned int strtoul16( const char* in, const char** out=0) {
+inline unsigned int strtoul16( const char* in, const char** out=0) {
     unsigned int value( 0 );
     for ( ;; ) {
         if ( *in >= '0' && *in <= '9' ) {
@@ -128,8 +124,7 @@ unsigned int strtoul16( const char* in, const char** out=0) {
 // Convert just one hex digit
 // Return value is UINT_MAX if the input character is not a hex digit.
 // ------------------------------------------------------------------------------------
-inline
-unsigned int HexDigitToDecimal(char in) {
+inline unsigned int HexDigitToDecimal(char in) {
     unsigned int out( UINT_MAX );
     if ( in >= '0' && in <= '9' ) {
         out = in - '0';
@@ -146,16 +141,14 @@ unsigned int HexDigitToDecimal(char in) {
 // ------------------------------------------------------------------------------------
 // Convert a hex-encoded octet (2 characters, i.e. df or 1a).
 // ------------------------------------------------------------------------------------
-inline
-uint8_t HexOctetToDecimal(const char* in) {
+inline uint8_t HexOctetToDecimal(const char* in) {
     return ((uint8_t)HexDigitToDecimal(in[0])<<4)+(uint8_t)HexDigitToDecimal(in[1]);
 }
 
 // ------------------------------------------------------------------------------------
 // signed variant of strtoul10
 // ------------------------------------------------------------------------------------
-inline
-int strtol10( const char* in, const char** out=0) {
+inline int strtol10( const char* in, const char** out=0) {
     bool inv = (*in=='-');
     if ( inv || *in == '+' ) {
         ++in;
@@ -163,7 +156,11 @@ int strtol10( const char* in, const char** out=0) {
 
     int value = strtoul10(in,out);
     if (inv) {
-        value = -value;
+        if (value < INT_MAX) {
+            value = -value;
+        } else {
+            ASSIMP_LOG_WARN( "Converting the string \"", in, "\" into an inverted value resulted in overflow." );
+        }
     }
     return value;
 }
@@ -174,8 +171,7 @@ int strtol10( const char* in, const char** out=0) {
 // 0NNN   - oct
 // NNN    - dec
 // ------------------------------------------------------------------------------------
-inline
-unsigned int strtoul_cppstyle( const char* in, const char** out=0) {
+inline unsigned int strtoul_cppstyle( const char* in, const char** out=0) {
     if ('0' == in[0]) {
         return 'x' == in[1] ? strtoul16(in+2,out) : strtoul8(in+1,out);
     }
@@ -187,8 +183,7 @@ unsigned int strtoul_cppstyle( const char* in, const char** out=0) {
 // It is mainly used by fast_atof to prevent ugly and unwanted integer overflows.
 // ------------------------------------------------------------------------------------
 template<typename ExceptionType = DeadlyImportError>
-inline
-uint64_t strtoul10_64( const char* in, const char** out=0, unsigned int* max_inout=0) {
+inline uint64_t strtoul10_64( const char* in, const char** out=0, unsigned int* max_inout=0) {
     unsigned int cur = 0;
     uint64_t value = 0;
 

From fd59a2209beaa60f380a1e1250b66e9045e1a2bd Mon Sep 17 00:00:00 2001
From: Kim Kulling <kimkulling@users.noreply.github.com>
Date: Mon, 17 Apr 2023 22:07:49 +0200
Subject: [PATCH 2/2] Update fast_atof.h

---
 include/assimp/fast_atof.h | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/include/assimp/fast_atof.h b/include/assimp/fast_atof.h
index 61c053bc0..f2d179d60 100644
--- a/include/assimp/fast_atof.h
+++ b/include/assimp/fast_atof.h
@@ -39,7 +39,9 @@
 
 namespace Assimp {
 
-constexpr double fast_atof_table[16] =  {  // we write [16] here instead of [] to work around a swig bug
+static constexpr size_t NumItems = 16;
+
+constexpr double fast_atof_table[NumItems] =  {  // we write [16] here instead of [] to work around a swig bug
     0.0,
     0.1,
     0.01,
@@ -236,8 +238,7 @@ inline uint64_t strtoul10_64( const char* in, const char** out=0, unsigned int*
 // signed variant of strtoul10_64
 // ------------------------------------------------------------------------------------
 template<typename ExceptionType = DeadlyImportError>
-inline
-int64_t strtol10_64(const char* in, const char** out = 0, unsigned int* max_inout = 0) {
+inline int64_t strtol10_64(const char* in, const char** out = 0, unsigned int* max_inout = 0) {
     bool inv = (*in == '-');
     if ( inv || *in == '+' ) {
         ++in;
@@ -259,8 +260,7 @@ int64_t strtol10_64(const char* in, const char** out = 0, unsigned int* max_inou
 // If you find any bugs, please send them to me, niko (at) irrlicht3d.org.
 // ------------------------------------------------------------------------------------
 template<typename Real, typename ExceptionType = DeadlyImportError>
-inline
-const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true) {
+inline const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true) {
     Real f = 0;
 
     bool inv = (*c == '-');
@@ -349,8 +349,7 @@ const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true)
 // ------------------------------------------------------------------------------------
 // The same but more human.
 template<typename ExceptionType = DeadlyImportError>
-inline
-ai_real fast_atof(const char* c) {
+inline ai_real fast_atof(const char* c) {
     ai_real ret(0.0);
     fast_atoreal_move<ai_real, ExceptionType>(c, ret);
 
@@ -367,8 +366,7 @@ ai_real fast_atof( const char* c, const char** cout) {
 }
 
 template<typename ExceptionType = DeadlyImportError>
-inline
-ai_real fast_atof( const char** inout) {
+inline ai_real fast_atof( const char** inout) {
     ai_real ret(0.0);
     *inout = fast_atoreal_move<ai_real, ExceptionType>(*inout, ret);