Merge pull request #4324 from alpire/master

Fix fuzzer crashes
pull/4328/head
Kim Kulling 2022-01-06 20:43:38 +01:00 committed by GitHub
commit 6a1f720f68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 59 additions and 33 deletions

View File

@ -538,7 +538,7 @@ void LWSImporter::InternReadFile(const std::string &pFile, aiScene *pScene, IOSy
// get file format version and print to log // get file format version and print to log
++it; ++it;
if ((*it).tokens[0].empty()) { if (it == root.children.end() || (*it).tokens[0].empty()) {
ASSIMP_LOG_ERROR("Invalid LWS file detectedm abort import."); ASSIMP_LOG_ERROR("Invalid LWS file detectedm abort import.");
return; return;
} }

View File

@ -59,11 +59,38 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
namespace Assimp { namespace Assimp {
// ----------------------------------------------------------------
// A read-only file inside a ZIP
class ZipFile : public IOStream {
friend class ZipFileInfo;
explicit ZipFile(std::string &filename, size_t size);
public:
std::string m_Filename;
virtual ~ZipFile();
// IOStream interface
size_t Read(void *pvBuffer, size_t pSize, size_t pCount) override;
size_t Write(const void * /*pvBuffer*/, size_t /*pSize*/, size_t /*pCount*/) override { return 0; }
size_t FileSize() const override;
aiReturn Seek(size_t pOffset, aiOrigin pOrigin) override;
size_t Tell() const override;
void Flush() override {}
private:
size_t m_Size = 0;
size_t m_SeekPtr = 0;
std::unique_ptr<uint8_t[]> m_Buffer;
};
// ---------------------------------------------------------------- // ----------------------------------------------------------------
// Wraps an existing Assimp::IOSystem for unzip // Wraps an existing Assimp::IOSystem for unzip
class IOSystem2Unzip { class IOSystem2Unzip {
public: public:
static voidpf open(voidpf opaque, const char *filename, int mode); static voidpf open(voidpf opaque, const char *filename, int mode);
static voidpf opendisk(voidpf opaque, voidpf stream, uint32_t number_disk, int mode);
static uLong read(voidpf opaque, voidpf stream, void *buf, uLong size); static uLong read(voidpf opaque, voidpf stream, void *buf, uLong size);
static uLong write(voidpf opaque, voidpf stream, const void *buf, uLong size); static uLong write(voidpf opaque, voidpf stream, const void *buf, uLong size);
static long tell(voidpf opaque, voidpf stream); static long tell(voidpf opaque, voidpf stream);
@ -92,6 +119,28 @@ voidpf IOSystem2Unzip::open(voidpf opaque, const char *filename, int mode) {
return (voidpf)io_system->Open(filename, mode_fopen); return (voidpf)io_system->Open(filename, mode_fopen);
} }
voidpf IOSystem2Unzip::opendisk(voidpf opaque, voidpf stream, uint32_t number_disk, int mode) {
ZipFile *io_stream = (ZipFile *)stream;
voidpf ret = NULL;
size_t i;
char *disk_filename = (char*)malloc(io_stream->m_Filename.length() + 1);
strncpy(disk_filename, io_stream->m_Filename.c_str(), io_stream->m_Filename.length() + 1);
for (i = io_stream->m_Filename.length() - 1; i >= 0; i -= 1)
{
if (disk_filename[i] != '.')
continue;
snprintf(&disk_filename[i], io_stream->m_Filename.length() - i, ".z%02u", number_disk + 1);
break;
}
if (i >= 0)
ret = open(opaque, disk_filename, mode);
free(disk_filename);
return ret;
}
uLong IOSystem2Unzip::read(voidpf /*opaque*/, voidpf stream, void *buf, uLong size) { uLong IOSystem2Unzip::read(voidpf /*opaque*/, voidpf stream, void *buf, uLong size) {
IOStream *io_stream = (IOStream *)stream; IOStream *io_stream = (IOStream *)stream;
@ -147,6 +196,7 @@ zlib_filefunc_def IOSystem2Unzip::get(IOSystem *pIOHandler) {
zlib_filefunc_def mapping; zlib_filefunc_def mapping;
mapping.zopen_file = (open_file_func)open; mapping.zopen_file = (open_file_func)open;
mapping.zopendisk_file = (opendisk_file_func)opendisk;
mapping.zread_file = (read_file_func)read; mapping.zread_file = (read_file_func)read;
mapping.zwrite_file = (write_file_func)write; mapping.zwrite_file = (write_file_func)write;
mapping.ztell_file = (tell_file_func)tell; mapping.ztell_file = (tell_file_func)tell;
@ -159,30 +209,6 @@ zlib_filefunc_def IOSystem2Unzip::get(IOSystem *pIOHandler) {
return mapping; return mapping;
} }
// ----------------------------------------------------------------
// A read-only file inside a ZIP
class ZipFile : public IOStream {
friend class ZipFileInfo;
explicit ZipFile(size_t size);
public:
virtual ~ZipFile();
// IOStream interface
size_t Read(void *pvBuffer, size_t pSize, size_t pCount) override;
size_t Write(const void * /*pvBuffer*/, size_t /*pSize*/, size_t /*pCount*/) override { return 0; }
size_t FileSize() const override;
aiReturn Seek(size_t pOffset, aiOrigin pOrigin) override;
size_t Tell() const override;
void Flush() override {}
private:
size_t m_Size = 0;
size_t m_SeekPtr = 0;
std::unique_ptr<uint8_t[]> m_Buffer;
};
// ---------------------------------------------------------------- // ----------------------------------------------------------------
// Info about a read-only file inside a ZIP // Info about a read-only file inside a ZIP
class ZipFileInfo { class ZipFileInfo {
@ -190,7 +216,7 @@ public:
explicit ZipFileInfo(unzFile zip_handle, size_t size); explicit ZipFileInfo(unzFile zip_handle, size_t size);
// Allocate and Extract data from the ZIP // Allocate and Extract data from the ZIP
ZipFile *Extract(unzFile zip_handle) const; ZipFile *Extract(std::string &filename, unzFile zip_handle) const;
private: private:
size_t m_Size = 0; size_t m_Size = 0;
@ -206,7 +232,7 @@ ZipFileInfo::ZipFileInfo(unzFile zip_handle, size_t size) :
unzGetFilePos(zip_handle, &(m_ZipFilePos)); unzGetFilePos(zip_handle, &(m_ZipFilePos));
} }
ZipFile *ZipFileInfo::Extract(unzFile zip_handle) const { ZipFile *ZipFileInfo::Extract(std::string &filename, unzFile zip_handle) const {
// Find in the ZIP. This cannot fail // Find in the ZIP. This cannot fail
unz_file_pos_s *filepos = const_cast<unz_file_pos_s *>(&(m_ZipFilePos)); unz_file_pos_s *filepos = const_cast<unz_file_pos_s *>(&(m_ZipFilePos));
if (unzGoToFilePos(zip_handle, filepos) != UNZ_OK) if (unzGoToFilePos(zip_handle, filepos) != UNZ_OK)
@ -215,7 +241,7 @@ ZipFile *ZipFileInfo::Extract(unzFile zip_handle) const {
if (unzOpenCurrentFile(zip_handle) != UNZ_OK) if (unzOpenCurrentFile(zip_handle) != UNZ_OK)
return nullptr; return nullptr;
ZipFile *zip_file = new ZipFile(m_Size); ZipFile *zip_file = new ZipFile(filename, m_Size);
// Unzip has a limit of UINT16_MAX bytes buffer // Unzip has a limit of UINT16_MAX bytes buffer
uint16_t unzipBufferSize = zip_file->m_Size <= UINT16_MAX ? static_cast<uint16_t>(zip_file->m_Size) : UINT16_MAX; uint16_t unzipBufferSize = zip_file->m_Size <= UINT16_MAX ? static_cast<uint16_t>(zip_file->m_Size) : UINT16_MAX;
@ -245,8 +271,8 @@ ZipFile *ZipFileInfo::Extract(unzFile zip_handle) const {
return zip_file; return zip_file;
} }
ZipFile::ZipFile(size_t size) : ZipFile::ZipFile(std::string &filename, size_t size) :
m_Size(size) { m_Filename(filename), m_Size(size) {
ai_assert(m_Size != 0); ai_assert(m_Size != 0);
m_Buffer = std::unique_ptr<uint8_t[]>(new uint8_t[m_Size]); m_Buffer = std::unique_ptr<uint8_t[]>(new uint8_t[m_Size]);
} }
@ -372,7 +398,7 @@ void ZipArchiveIOSystem::Implement::MapArchive() {
unz_file_info fileInfo; unz_file_info fileInfo;
if (unzGetCurrentFileInfo(m_ZipFileHandle, &fileInfo, filename, FileNameSize, nullptr, 0, nullptr, 0) == UNZ_OK) { if (unzGetCurrentFileInfo(m_ZipFileHandle, &fileInfo, filename, FileNameSize, nullptr, 0, nullptr, 0) == UNZ_OK) {
if (fileInfo.uncompressed_size != 0) { if (fileInfo.uncompressed_size != 0 && fileInfo.size_filename <= FileNameSize) {
std::string filename_string(filename, fileInfo.size_filename); std::string filename_string(filename, fileInfo.size_filename);
SimplifyFilename(filename_string); SimplifyFilename(filename_string);
m_ArchiveMap.emplace(filename_string, ZipFileInfo(m_ZipFileHandle, fileInfo.uncompressed_size)); m_ArchiveMap.emplace(filename_string, ZipFileInfo(m_ZipFileHandle, fileInfo.uncompressed_size));
@ -422,7 +448,7 @@ IOStream *ZipArchiveIOSystem::Implement::OpenFile(std::string &filename) {
return nullptr; return nullptr;
const ZipFileInfo &zip_file = (*zip_it).second; const ZipFileInfo &zip_file = (*zip_it).second;
return zip_file.Extract(m_ZipFileHandle); return zip_file.Extract(filename, m_ZipFileHandle);
} }
inline void ReplaceAll(std::string &data, const std::string &before, const std::string &after) { inline void ReplaceAll(std::string &data, const std::string &before, const std::string &after) {