From 87e9dbac40b0972880efa4fded94918f34fc279b Mon Sep 17 00:00:00 2001 From: Colin Reeder Date: Mon, 3 Jan 2022 16:32:34 -0700 Subject: [PATCH 1/8] Fix bone fitted check in gltf2 exporter --- code/AssetLib/glTF2/glTF2Exporter.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/AssetLib/glTF2/glTF2Exporter.cpp b/code/AssetLib/glTF2/glTF2Exporter.cpp index 606a4a919..a2b5e9848 100644 --- a/code/AssetLib/glTF2/glTF2Exporter.cpp +++ b/code/AssetLib/glTF2/glTF2Exporter.cpp @@ -972,7 +972,7 @@ void ExportSkin(Asset &mAsset, const aiMesh *aimesh, Ref &meshRef, Ref 3) { int boneIndexFitted = FitBoneWeight(vertexWeightData[vertexId], vertWeight); - if (boneIndexFitted) { + if (boneIndexFitted != -1) { vertexJointData[vertexId][boneIndexFitted] = static_cast(jointNamesIndex); } }else { From a591944c047cae1e79bb75999f0d1f0a522946f2 Mon Sep 17 00:00:00 2001 From: Kim Kulling Date: Tue, 4 Jan 2022 17:32:18 +0100 Subject: [PATCH 2/8] Add link to used enum for a better understandability for the mesh morphing method. --- include/assimp/mesh.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/assimp/mesh.h b/include/assimp/mesh.h index 42312a2c7..9d4ddf97b 100644 --- a/include/assimp/mesh.h +++ b/include/assimp/mesh.h @@ -740,6 +740,7 @@ struct aiMesh { /** * Method of morphing when anim-meshes are specified. + * @see aiMorphingMethod to learn more about the provided morphing targets. */ unsigned int mMethod; From 34d8fba10054c150be1be7d492b6b3d9c7a659da Mon Sep 17 00:00:00 2001 From: Alex Rebert Date: Wed, 5 Jan 2022 10:01:46 -0500 Subject: [PATCH 3/8] Fix stack overflow in ZipArchiveIOSystem::MapArchive The function allocates a filename buffer of 256, and copies the filename extracted from the zip file into it. However, a filename might be larger than 256 characters, in which case the function would write out of bounds. This commit skips any file whose name is larger than 256 to avoid the overflow. Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38870 Fix #4228 --- code/Common/ZipArchiveIOSystem.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/Common/ZipArchiveIOSystem.cpp b/code/Common/ZipArchiveIOSystem.cpp index 7df51b8aa..03ff6ce81 100644 --- a/code/Common/ZipArchiveIOSystem.cpp +++ b/code/Common/ZipArchiveIOSystem.cpp @@ -372,7 +372,7 @@ void ZipArchiveIOSystem::Implement::MapArchive() { unz_file_info fileInfo; if (unzGetCurrentFileInfo(m_ZipFileHandle, &fileInfo, filename, FileNameSize, nullptr, 0, nullptr, 0) == UNZ_OK) { - if (fileInfo.uncompressed_size != 0) { + if (fileInfo.uncompressed_size != 0 && fileInfo.size_filename <= FileNameSize) { std::string filename_string(filename, fileInfo.size_filename); SimplifyFilename(filename_string); m_ArchiveMap.emplace(filename_string, ZipFileInfo(m_ZipFileHandle, fileInfo.uncompressed_size)); From 310c81aaa20b7328ce7a354897db817f8becac3a Mon Sep 17 00:00:00 2001 From: Alex Rebert Date: Wed, 5 Jan 2022 15:10:11 -0500 Subject: [PATCH 4/8] Add support for spanned archives Without it, assimp would crash on some inputs by jumping to a NULL opendisk function. This commit adds an opendisk implementation, which required adding a filename member to ZipFile. Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38873 Fix #4229 --- code/Common/ZipArchiveIOSystem.cpp | 86 +++++++++++++++++++----------- 1 file changed, 56 insertions(+), 30 deletions(-) diff --git a/code/Common/ZipArchiveIOSystem.cpp b/code/Common/ZipArchiveIOSystem.cpp index 03ff6ce81..9870fa9d0 100644 --- a/code/Common/ZipArchiveIOSystem.cpp +++ b/code/Common/ZipArchiveIOSystem.cpp @@ -59,11 +59,38 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. namespace Assimp { +// ---------------------------------------------------------------- +// A read-only file inside a ZIP + +class ZipFile : public IOStream { + friend class ZipFileInfo; + explicit ZipFile(std::string &filename, size_t size); + +public: + std::string m_Filename; + virtual ~ZipFile(); + + // IOStream interface + size_t Read(void *pvBuffer, size_t pSize, size_t pCount) override; + size_t Write(const void * /*pvBuffer*/, size_t /*pSize*/, size_t /*pCount*/) override { return 0; } + size_t FileSize() const override; + aiReturn Seek(size_t pOffset, aiOrigin pOrigin) override; + size_t Tell() const override; + void Flush() override {} + +private: + size_t m_Size = 0; + size_t m_SeekPtr = 0; + std::unique_ptr m_Buffer; +}; + + // ---------------------------------------------------------------- // Wraps an existing Assimp::IOSystem for unzip class IOSystem2Unzip { public: static voidpf open(voidpf opaque, const char *filename, int mode); + static voidpf opendisk(voidpf opaque, voidpf stream, uint32_t number_disk, int mode); static uLong read(voidpf opaque, voidpf stream, void *buf, uLong size); static uLong write(voidpf opaque, voidpf stream, const void *buf, uLong size); static long tell(voidpf opaque, voidpf stream); @@ -92,6 +119,28 @@ voidpf IOSystem2Unzip::open(voidpf opaque, const char *filename, int mode) { return (voidpf)io_system->Open(filename, mode_fopen); } +voidpf IOSystem2Unzip::opendisk(voidpf opaque, voidpf stream, uint32_t number_disk, int mode) { + ZipFile *io_stream = (ZipFile *)stream; + voidpf ret = NULL; + size_t i; + + char *disk_filename = (char*)malloc(io_stream->m_Filename.length() + 1); + strncpy(disk_filename, io_stream->m_Filename.c_str(), io_stream->m_Filename.length() + 1); + for (i = io_stream->m_Filename.length() - 1; i >= 0; i -= 1) + { + if (disk_filename[i] != '.') + continue; + snprintf(&disk_filename[i], io_stream->m_Filename.length() - i, ".z%02u", number_disk + 1); + break; + } + + if (i >= 0) + ret = open(opaque, disk_filename, mode); + + free(disk_filename); + return ret; +} + uLong IOSystem2Unzip::read(voidpf /*opaque*/, voidpf stream, void *buf, uLong size) { IOStream *io_stream = (IOStream *)stream; @@ -147,6 +196,7 @@ zlib_filefunc_def IOSystem2Unzip::get(IOSystem *pIOHandler) { zlib_filefunc_def mapping; mapping.zopen_file = (open_file_func)open; + mapping.zopendisk_file = (opendisk_file_func)opendisk; mapping.zread_file = (read_file_func)read; mapping.zwrite_file = (write_file_func)write; mapping.ztell_file = (tell_file_func)tell; @@ -159,30 +209,6 @@ zlib_filefunc_def IOSystem2Unzip::get(IOSystem *pIOHandler) { return mapping; } -// ---------------------------------------------------------------- -// A read-only file inside a ZIP - -class ZipFile : public IOStream { - friend class ZipFileInfo; - explicit ZipFile(size_t size); - -public: - virtual ~ZipFile(); - - // IOStream interface - size_t Read(void *pvBuffer, size_t pSize, size_t pCount) override; - size_t Write(const void * /*pvBuffer*/, size_t /*pSize*/, size_t /*pCount*/) override { return 0; } - size_t FileSize() const override; - aiReturn Seek(size_t pOffset, aiOrigin pOrigin) override; - size_t Tell() const override; - void Flush() override {} - -private: - size_t m_Size = 0; - size_t m_SeekPtr = 0; - std::unique_ptr m_Buffer; -}; - // ---------------------------------------------------------------- // Info about a read-only file inside a ZIP class ZipFileInfo { @@ -190,7 +216,7 @@ public: explicit ZipFileInfo(unzFile zip_handle, size_t size); // Allocate and Extract data from the ZIP - ZipFile *Extract(unzFile zip_handle) const; + ZipFile *Extract(std::string &filename, unzFile zip_handle) const; private: size_t m_Size = 0; @@ -206,7 +232,7 @@ ZipFileInfo::ZipFileInfo(unzFile zip_handle, size_t size) : unzGetFilePos(zip_handle, &(m_ZipFilePos)); } -ZipFile *ZipFileInfo::Extract(unzFile zip_handle) const { +ZipFile *ZipFileInfo::Extract(std::string &filename, unzFile zip_handle) const { // Find in the ZIP. This cannot fail unz_file_pos_s *filepos = const_cast(&(m_ZipFilePos)); if (unzGoToFilePos(zip_handle, filepos) != UNZ_OK) @@ -215,7 +241,7 @@ ZipFile *ZipFileInfo::Extract(unzFile zip_handle) const { if (unzOpenCurrentFile(zip_handle) != UNZ_OK) return nullptr; - ZipFile *zip_file = new ZipFile(m_Size); + ZipFile *zip_file = new ZipFile(filename, m_Size); // Unzip has a limit of UINT16_MAX bytes buffer uint16_t unzipBufferSize = zip_file->m_Size <= UINT16_MAX ? static_cast(zip_file->m_Size) : UINT16_MAX; @@ -245,8 +271,8 @@ ZipFile *ZipFileInfo::Extract(unzFile zip_handle) const { return zip_file; } -ZipFile::ZipFile(size_t size) : - m_Size(size) { +ZipFile::ZipFile(std::string &filename, size_t size) : + m_Filename(filename), m_Size(size) { ai_assert(m_Size != 0); m_Buffer = std::unique_ptr(new uint8_t[m_Size]); } @@ -422,7 +448,7 @@ IOStream *ZipArchiveIOSystem::Implement::OpenFile(std::string &filename) { return nullptr; const ZipFileInfo &zip_file = (*zip_it).second; - return zip_file.Extract(m_ZipFileHandle); + return zip_file.Extract(filename, m_ZipFileHandle); } inline void ReplaceAll(std::string &data, const std::string &before, const std::string &after) { From b14b34d2b8954f6cc7fd25a8f7d20ad8f94faa27 Mon Sep 17 00:00:00 2001 From: Alex Rebert Date: Wed, 5 Jan 2022 15:19:06 -0500 Subject: [PATCH 5/8] LWSLoader: Fix out of bounds iterator access Fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38947 Fix #4222 --- code/AssetLib/LWS/LWSLoader.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/AssetLib/LWS/LWSLoader.cpp b/code/AssetLib/LWS/LWSLoader.cpp index cf04579b0..e046b6f58 100644 --- a/code/AssetLib/LWS/LWSLoader.cpp +++ b/code/AssetLib/LWS/LWSLoader.cpp @@ -537,8 +537,8 @@ void LWSImporter::InternReadFile(const std::string &pFile, aiScene *pScene, IOSy // get file format version and print to log ++it; - - if ((*it).tokens[0].empty()) { + + if (it == root.children.end() || (*it).tokens[0].empty()) { ASSIMP_LOG_ERROR("Invalid LWS file detectedm abort import."); return; } From 776130534bb66cb64c6f11b92a1375df9604ba83 Mon Sep 17 00:00:00 2001 From: Kim Kulling Date: Thu, 6 Jan 2022 22:35:32 +0100 Subject: [PATCH 6/8] Fix nullptr-dereferencing - Fix a possible nullptr-exception. --- code/AssetLib/X3D/X3DImporter.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/code/AssetLib/X3D/X3DImporter.cpp b/code/AssetLib/X3D/X3DImporter.cpp index fb8ec9bc5..f32f485df 100644 --- a/code/AssetLib/X3D/X3DImporter.cpp +++ b/code/AssetLib/X3D/X3DImporter.cpp @@ -264,6 +264,9 @@ void X3DImporter::InternReadFile(const std::string &pFile, aiScene *pScene, IOSy //search for root node element mNodeElementCur = NodeElement_List.front(); + if (mNodeElementCur == nullptr) { + return; + } while (mNodeElementCur->Parent != nullptr) { mNodeElementCur = mNodeElementCur->Parent; } From 1d8667bfdc140df93b6255c926a6d9e21877482c Mon Sep 17 00:00:00 2001 From: Kim Kulling Date: Sun, 9 Jan 2022 18:06:33 +0100 Subject: [PATCH 7/8] Update to 5.1.6 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 13b2ef936..39233fe88 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,7 +56,7 @@ IF(ASSIMP_HUNTER_ENABLED) add_definitions(-DASSIMP_USE_HUNTER) ENDIF() -PROJECT(Assimp VERSION 5.1.4) +PROJECT(Assimp VERSION 5.1.6) # All supported options ############################################### From 30f1583dde8ef34c02a73e4fb1b5d8e604e671ee Mon Sep 17 00:00:00 2001 From: Kim Kulling Date: Sun, 9 Jan 2022 21:06:05 +0100 Subject: [PATCH 8/8] Update utVersion.cpp --- test/unit/utVersion.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/test/unit/utVersion.cpp b/test/unit/utVersion.cpp index 6577c7758..790611556 100644 --- a/test/unit/utVersion.cpp +++ b/test/unit/utVersion.cpp @@ -49,17 +49,21 @@ TEST_F( utVersion, aiGetLegalStringTest ) { std::string text( lv ); size_t pos = text.find(std::string("2021")); - EXPECT_NE( pos, std::string::npos ); + EXPECT_NE(pos, std::string::npos); } TEST_F( utVersion, aiGetVersionMinorTest ) { - EXPECT_EQ( aiGetVersionMinor(), 1U ); + EXPECT_EQ(aiGetVersionMinor(), 1U); } TEST_F( utVersion, aiGetVersionMajorTest ) { EXPECT_EQ( aiGetVersionMajor(), 5U ); } +TEST_F( utVersion, aiGetVersionPatchTest ) { + EXPECT_EQ(aiGetVersionPatch(), 6U ); +} + TEST_F( utVersion, aiGetCompileFlagsTest ) { EXPECT_NE( aiGetCompileFlags(), 0U ); } @@ -71,5 +75,3 @@ TEST_F( utVersion, aiGetVersionRevisionTest ) { TEST_F( utVersion, aiGetBranchNameTest ) { EXPECT_NE( nullptr, aiGetBranchName() ); } - -