From 1ad789bae9d5f38d17ae525037fbbc4ce450f1b6 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 14:26:53 +0200
Subject: [PATCH 1/8] Raw: Reformat code, no functional change

---
 code/RawLoader.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/code/RawLoader.cpp b/code/RawLoader.cpp
index 2b76455d7..f8ca4e689 100644
--- a/code/RawLoader.cpp
+++ b/code/RawLoader.cpp
@@ -243,8 +243,10 @@ void RAWImporter::InternReadFile( const std::string& pFile,
     {
         cc = &pScene->mRootNode;
         pScene->mRootNode->mNumChildren = 0;
+    } else {
+        cc = new aiNode*[pScene->mRootNode->mNumChildren];
+        pScene->mRootNode->mChildren = cc;
     }
-    else cc = pScene->mRootNode->mChildren = new aiNode*[pScene->mRootNode->mNumChildren];
 
     pScene->mNumMaterials = pScene->mNumMeshes;
     aiMaterial** mats = pScene->mMaterials = new aiMaterial*[pScene->mNumMaterials];

From 7932a85ca16d8e87b008a1634d6f45a28383246c Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 14:38:26 +0200
Subject: [PATCH 2/8] Raw: Fix unitialized values in scene

---
 code/RawLoader.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/code/RawLoader.cpp b/code/RawLoader.cpp
index f8ca4e689..13deb0005 100644
--- a/code/RawLoader.cpp
+++ b/code/RawLoader.cpp
@@ -245,6 +245,7 @@ void RAWImporter::InternReadFile( const std::string& pFile,
         pScene->mRootNode->mNumChildren = 0;
     } else {
         cc = new aiNode*[pScene->mRootNode->mNumChildren];
+        memset(cc, 0, sizeof(aiNode*) * pScene->mRootNode->mNumChildren);
         pScene->mRootNode->mChildren = cc;
     }
 

From 407854382727d793937ce0f4155d49cece1c7e1f Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 14:57:14 +0200
Subject: [PATCH 3/8] OpenGEX: Throw exception on malformed color4 instead of
 crashing

---
 code/OpenGEXImporter.cpp | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/code/OpenGEXImporter.cpp b/code/OpenGEXImporter.cpp
index 025356c1d..5448edba5 100644
--- a/code/OpenGEXImporter.cpp
+++ b/code/OpenGEXImporter.cpp
@@ -778,10 +778,22 @@ static void fillColor4( aiColor4D *col4, Value *vals ) {
     Value *next( vals );
     col4->r = next->getFloat();
     next = next->m_next;
+    if (!next) {
+        throw DeadlyImportError( "OpenGEX: Not enough values to fill 4-element color, only 1" );
+    }
+
     col4->g = next->getFloat();
     next = next->m_next;
+    if (!next) {
+        throw DeadlyImportError( "OpenGEX: Not enough values to fill 4-element color, only 2" );
+    }
+
     col4->b = next->getFloat();
     next = next->m_next;
+    if (!next) {
+        throw DeadlyImportError( "OpenGEX: Not enough values to fill 4-element color, only 3" );
+    }
+
     col4->a = next->getFloat();
 }
 

From 0cc25491a4324d9e7dc7fb085c825a79d6c3c6d6 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 15:25:42 +0200
Subject: [PATCH 4/8] irrXML: Remove horrible hack

---
 contrib/irrXML/CXMLReaderImpl.h | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/contrib/irrXML/CXMLReaderImpl.h b/contrib/irrXML/CXMLReaderImpl.h
index 63b700dc1..7d33b9404 100644
--- a/contrib/irrXML/CXMLReaderImpl.h
+++ b/contrib/irrXML/CXMLReaderImpl.h
@@ -9,6 +9,8 @@
 #include "irrString.h"
 #include "irrArray.h"
 
+#include <cassert>
+
 using namespace Assimp;
 
 #ifdef _DEBUG
@@ -664,12 +666,9 @@ private:
 			TextData = new char_type[sizeWithoutHeader];
 
 			// MSVC debugger complains here about loss of data ...
-
-
-			// FIXME - gcc complains about 'shift width larger than width of type'
-			// for T == unsigned long. Avoid it by messing around volatile ..
-			volatile unsigned int c = 3;
-			const src_char_type cc = (src_char_type)((((uint64_t)1u << (sizeof( char_type)<<c)) - 1));
+			size_t numShift = sizeof( char_type) * 8;
+			assert(numShift < 64);
+			const src_char_type cc = (src_char_type)(((uint64_t(1u) << numShift) - 1));
 			for (int i=0; i<sizeWithoutHeader; ++i)
 				TextData[i] = char_type( source[i] & cc); 
 

From 90cdd0f20c964e05aeee186337f202e745bb4258 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 22:14:39 +0200
Subject: [PATCH 5/8] RemoveComments: Fix out-of-bounds read when file ends
 with a comment

---
 code/RemoveComments.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/code/RemoveComments.cpp b/code/RemoveComments.cpp
index 37d74124d..1ed94ea4d 100644
--- a/code/RemoveComments.cpp
+++ b/code/RemoveComments.cpp
@@ -66,6 +66,10 @@ void CommentRemover::RemoveLineComments(const char* szComment,
         if (!strncmp(szBuffer,szComment,len)) {
             while (!IsLineEnd(*szBuffer))
                 *szBuffer++ = chReplacement;
+
+            if (!*szBuffer) {
+                break;
+            }
         }
         ++szBuffer;
     }

From 55e69272bd73435630c1f8c7c230b2eaa3bf19f8 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 22:15:19 +0200
Subject: [PATCH 6/8] MMD: Remove bogus assert

It can be triggered by input file, it's undocumented and it looks like nothing breaks
---
 code/MMDImporter.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/code/MMDImporter.cpp b/code/MMDImporter.cpp
index 01f009519..c813063ab 100644
--- a/code/MMDImporter.cpp
+++ b/code/MMDImporter.cpp
@@ -141,8 +141,6 @@ void MMDImporter::CreateDataFromImport(const pmx::PmxModel *pModel,
   aiNode *pNode = new aiNode;
   if (!pModel->model_name.empty()) {
     pNode->mName.Set(pModel->model_name);
-  } else {
-    ai_assert(false);
   }
 
   pScene->mRootNode = pNode;

From dc94e5921e2ee2db974fc65a0c14d36d2cdb3675 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 22:17:11 +0200
Subject: [PATCH 7/8] MDLImporter: Use unique_ptr

Fixes a double free
---
 code/MDLMaterialLoader.cpp | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/code/MDLMaterialLoader.cpp b/code/MDLMaterialLoader.cpp
index 9086925aa..4d23d0aa6 100644
--- a/code/MDLMaterialLoader.cpp
+++ b/code/MDLMaterialLoader.cpp
@@ -56,6 +56,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include <assimp/Defines.h>
 #include "qnan.h"
 
+#include <memory>
+
 
 using namespace Assimp;
 static aiTexel* const bad_texel = reinterpret_cast<aiTexel*>(SIZE_MAX);
@@ -489,7 +491,7 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
     unsigned int iWidth,
     unsigned int iHeight)
 {
-    aiTexture* pcNew = nullptr;
+    std::unique_ptr<aiTexture> pcNew;
 
     // get the type of the skin
     unsigned int iMasked = (unsigned int)(iType & 0xF);
@@ -509,7 +511,7 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
                 "but texture height is not equal to 1, which is not supported by MED");
         }
 
-        pcNew = new aiTexture();
+        pcNew.reset(new aiTexture());
         pcNew->mHeight = 0;
         pcNew->mWidth = iWidth;
 
@@ -546,7 +548,7 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
     }
     else if (iMasked || !iType || (iType && iWidth && iHeight))
     {
-        pcNew = new aiTexture();
+        pcNew.reset(new aiTexture());
         if (!iHeight || !iWidth)
         {
             DefaultLogger::get()->warn("Found embedded texture, but its width "
@@ -577,7 +579,7 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
             pcNew->mHeight = iHeight;
 
             unsigned int iSkip = 0;
-            ParseTextureColorData(szCurrent,iMasked,&iSkip,pcNew);
+            ParseTextureColorData(szCurrent,iMasked,&iSkip,pcNew.get());
 
             // skip length of texture data
             szCurrent += iSkip;
@@ -588,7 +590,7 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
     // texture instead of material colors ... posssible they have
     // been converted to MDL7 from other formats, such as MDL5
     aiColor4D clrTexture;
-    if (pcNew)clrTexture = ReplaceTextureWithColor(pcNew);
+    if (pcNew)clrTexture = ReplaceTextureWithColor(pcNew.get());
     else clrTexture.r = get_qnan();
 
     // check whether a material definition is contained in the skin
@@ -680,8 +682,7 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
     // we don't need the texture anymore
     if (is_not_qnan(clrTexture.r))
     {
-        delete pcNew;
-        pcNew = NULL;
+        pcNew.reset();
     }
 
     // If an ASCII effect description (HLSL?) is contained in the file,
@@ -716,7 +717,7 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
         {
             pScene->mNumTextures = 1;
             pScene->mTextures = new aiTexture*[1];
-            pScene->mTextures[0] = pcNew;
+            pScene->mTextures[0] = pcNew.release();
         }
         else
         {
@@ -726,16 +727,13 @@ void MDLImporter::ParseSkinLump_3DGS_MDL7(
                 pScene->mTextures[i] = pc[i];
             }
 
-            pScene->mTextures[pScene->mNumTextures] = pcNew;
+            pScene->mTextures[pScene->mNumTextures] = pcNew.release();
             pScene->mNumTextures++;
             delete[] pc;
         }
     }
     VALIDATE_FILE_SIZE(szCurrent);
     *szCurrentOut = szCurrent;
-    if ( nullptr != pcNew ) {
-        delete pcNew;
-    }
 }
 
 // ------------------------------------------------------------------------------------------------

From 096056b899d9c423cdcad527849126e3e3e17a34 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sun, 24 Dec 2017 22:17:45 +0200
Subject: [PATCH 8/8] Q3BSP: Fix build with clang libc++

---
 code/Q3BSPZipArchive.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/code/Q3BSPZipArchive.cpp b/code/Q3BSPZipArchive.cpp
index 86c966d8e..1c8b18ad3 100644
--- a/code/Q3BSPZipArchive.cpp
+++ b/code/Q3BSPZipArchive.cpp
@@ -43,6 +43,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 #include "Q3BSPZipArchive.h"
 #include <cassert>
+#include <cstdlib>
 #include <assimp/ai_assert.h>
 
 namespace Assimp {