Merge branch 'master' into patch-1

code/AssetLib/Collada/ColladaExporter.cpp

@@ -573,7 +573,7 @@ bool ColladaExporter::ReadMaterialSurface(Surface &poSurface, const aiMaterial &
             index_str = index_str.substr(1, std::string::npos);
 
             try {
-                index = (unsigned int)strtoul10_64(index_str.c_str());
+                index = (unsigned int)strtoul10_64<DeadlyExportError>(index_str.c_str());
             } catch (std::exception &error) {
                 throw DeadlyExportError(error.what());
             }

code/AssetLib/FBX/FBXImporter.cpp

@@ -187,6 +187,11 @@ void FBXImporter::InternReadFile(const std::string &pFile, aiScene *pScene, IOSy
 
 		// size relative to cm
 		float size_relative_to_cm = doc.GlobalSettings().UnitScaleFactor();
+        if (size_relative_to_cm == 0.0)
+        {
+			// BaseImporter later asserts that fileScale is non-zero.
+			ThrowException("The UnitScaleFactor must be non-zero");
+        }
 
 		// Set FBX file scale is relative to CM must be converted to M for
 		// assimp universal format (M)

code/AssetLib/glTF2/glTF2Asset.inl

@@ -554,6 +554,16 @@ inline void BufferView::Read(Value &obj, Asset &r) {
     byteOffset = MemberOrDefault(obj, "byteOffset", size_t(0));
     byteLength = MemberOrDefault(obj, "byteLength", size_t(0));
     byteStride = MemberOrDefault(obj, "byteStride", 0u);
+
+    // Check length
+    if ((byteOffset + byteLength) > buffer->byteLength) {
+        const uint8_t val_size = 64;
+
+        char val[val_size];
+
+        ai_snprintf(val, val_size, "%llu, %llu", (unsigned long long)byteOffset, (unsigned long long)byteLength);
+        throw DeadlyImportError("GLTF: Buffer view with offset/length (", val, ") is out of range.");
+    }
 }
 
 inline uint8_t *BufferView::GetPointer(size_t accOffset) {
@@ -627,6 +637,17 @@ inline void Accessor::Read(Value &obj, Asset &r) {
     const char *typestr;
     type = ReadMember(obj, "type", typestr) ? AttribType::FromString(typestr) : AttribType::SCALAR;
 
+    // Check length
+    unsigned long long byteLength = (unsigned long long)GetBytesPerComponent() * (unsigned long long)count;
+    if ((byteOffset + byteLength) > bufferView->byteLength || (bufferView->byteOffset + byteOffset + byteLength) > bufferView->buffer->byteLength) {
+        const uint8_t val_size = 64;
+
+        char val[val_size];
+
+        ai_snprintf(val, val_size, "%llu, %llu", (unsigned long long)byteOffset, (unsigned long long)byteLength);
+        throw DeadlyImportError("GLTF: Accessor with offset/length (", val, ") is out of range.");
+    }
+
     if (Value *sparseValue = FindObject(obj, "sparse")) {
         sparse.reset(new Sparse);
         // count
@@ -1115,7 +1136,10 @@ inline void Mesh::Read(Value &pJSON_Object, Asset &pAsset_Root) {
                     Mesh::AccessorList *vec = 0;
                     if (GetAttribVector(prim, attr, vec, undPos)) {
                         size_t idx = (attr[undPos] == '_') ? atoi(attr + undPos + 1) : 0;
-                        if ((*vec).size() <= idx) (*vec).resize(idx + 1);
+                        if ((*vec).size() != idx) {
+                            throw DeadlyImportError("GLTF: Invalid attribute: ", attr, ". All indices for indexed attribute semantics must start with 0 and be continuous positive integers: TEXCOORD_0, TEXCOORD_1, etc.");
+                        }
+                        (*vec).resize(idx + 1);
                         (*vec)[idx] = pAsset_Root.accessors.Retrieve(it->value.GetUint());
                     }
                 }

include/assimp/fast_atof.h

@@ -24,11 +24,11 @@
 #include <cmath>
 #include <limits>
 #include <stdint.h>
-#include <stdexcept>
 #include <assimp/defs.h>
 
 #include "StringComparison.h"
 #include <assimp/DefaultLogger.hpp>
+#include <assimp/Exceptional.h>
 
 #ifdef _MSC_VER
 #  include <stdint.h>
@@ -185,13 +185,15 @@ unsigned int strtoul_cppstyle( const char* in, const char** out=0) {
 // Special version of the function, providing higher accuracy and safety
 // It is mainly used by fast_atof to prevent ugly and unwanted integer overflows.
 // ------------------------------------------------------------------------------------
+template<typename ExceptionType = DeadlyImportError>
 inline
 uint64_t strtoul10_64( const char* in, const char** out=0, unsigned int* max_inout=0) {
     unsigned int cur = 0;
     uint64_t value = 0;
 
     if ( *in < '0' || *in > '9' ) {
-        throw std::invalid_argument( std::string( "The string \"" ) + in + "\" cannot be converted into a value." );
+        // The string is known to be bad, so don't risk printing the whole thing.
+        throw ExceptionType("The string \"", std::string(in).substr(0, 100), "\" cannot be converted into a value." );
     }
 
     for ( ;; ) {
@@ -237,6 +239,7 @@ uint64_t strtoul10_64( const char* in, const char** out=0, unsigned int* max_ino
 // ------------------------------------------------------------------------------------
 // signed variant of strtoul10_64
 // ------------------------------------------------------------------------------------
+template<typename ExceptionType = DeadlyImportError>
 inline
 int64_t strtol10_64(const char* in, const char** out = 0, unsigned int* max_inout = 0) {
     bool inv = (*in == '-');
@@ -244,7 +247,7 @@ int64_t strtol10_64(const char* in, const char** out = 0, unsigned int* max_inou
         ++in;
     }
 
-    int64_t value = strtoul10_64(in, out, max_inout);
+    int64_t value = strtoul10_64<ExceptionType>(in, out, max_inout);
     if (inv) {
         value = -value;
     }
@@ -259,7 +262,7 @@ int64_t strtol10_64(const char* in, const char** out = 0, unsigned int* max_inou
 //! about 6 times faster than atof in win32.
 // If you find any bugs, please send them to me, niko (at) irrlicht3d.org.
 // ------------------------------------------------------------------------------------
-template<typename Real>
+template<typename Real, typename ExceptionType = DeadlyImportError>
 inline
 const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true) {
     Real f = 0;
@@ -289,13 +292,14 @@ const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true)
 
     if (!(c[0] >= '0' && c[0] <= '9') &&
             !((c[0] == '.' || (check_comma && c[0] == ',')) && c[1] >= '0' && c[1] <= '9')) {
-        throw std::invalid_argument("Cannot parse string "
-                                    "as real number: does not start with digit "
+        // The string is known to be bad, so don't risk printing the whole thing.
+        throw ExceptionType("Cannot parse string \"", std::string(c).substr(0, 100), 
+                                    "\" as a real number: does not start with digit "
                                     "or decimal point followed by digit.");
     }
 
     if (*c != '.' && (! check_comma || c[0] != ',')) {
-        f = static_cast<Real>( strtoul10_64 ( c, &c) );
+        f = static_cast<Real>( strtoul10_64<ExceptionType> ( c, &c) );
     }
 
     if ((*c == '.' || (check_comma && c[0] == ',')) && c[1] >= '0' && c[1] <= '9') {
@@ -310,7 +314,7 @@ const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true)
         // number of digits to be read. AI_FAST_ATOF_RELAVANT_DECIMALS can be a value between
         // 1 and 15.
         unsigned int diff = AI_FAST_ATOF_RELAVANT_DECIMALS;
-        double pl = static_cast<double>( strtoul10_64 ( c, &c, &diff ));
+        double pl = static_cast<double>( strtoul10_64<ExceptionType> ( c, &c, &diff ));
 
         pl *= fast_atof_table[diff];
         f += static_cast<Real>( pl );
@@ -332,7 +336,7 @@ const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true)
         // The reason float constants are used here is that we've seen cases where compilers
         // would perform such casts on compile-time constants at runtime, which would be
         // bad considering how frequently fast_atoreal_move<float> is called in Assimp.
-        Real exp = static_cast<Real>( strtoul10_64(c, &c) );
+        Real exp = static_cast<Real>( strtoul10_64<ExceptionType>(c, &c) );
         if (einv) {
             exp = -exp;
         }
@@ -348,26 +352,29 @@ const char* fast_atoreal_move(const char* c, Real& out, bool check_comma = true)
 
 // ------------------------------------------------------------------------------------
 // The same but more human.
+template<typename ExceptionType = DeadlyImportError>
 inline
 ai_real fast_atof(const char* c) {
     ai_real ret(0.0);
-    fast_atoreal_move<ai_real>(c, ret);
+    fast_atoreal_move<ai_real, ExceptionType>(c, ret);
 
     return ret;
 }
 
+template<typename ExceptionType = DeadlyImportError>
 inline
 ai_real fast_atof( const char* c, const char** cout) {
     ai_real ret(0.0);
-    *cout = fast_atoreal_move<ai_real>(c, ret);
+    *cout = fast_atoreal_move<ai_real, ExceptionType>(c, ret);
 
     return ret;
 }
 
+template<typename ExceptionType = DeadlyImportError>
 inline
 ai_real fast_atof( const char** inout) {
     ai_real ret(0.0);
-    *inout = fast_atoreal_move<ai_real>(*inout, ret);
+    *inout = fast_atoreal_move<ai_real, ExceptionType>(*inout, ret);
 
     return ret;
 }