-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bvh importer assertion failures when attempting to import invalid files #3867
Comments
Cast to unsigned char as required by C++ (see C++ **[cctype.cyn]** -> ISO C99 section 7.4, [see also](https://en.cppreference.com/w/cpp/string/byte/isspace)). Addresses assimp#3867.
Mind having a look at |
Okay, I just searched the codebase for @JC3 if this is too much for you, I’ll put it on my TODO for another day. |
It's too much for both of us, so let's both put it on our TODO lists for
another day and we'll see who gets there first. 😂
I actually will have time eventually just maybe not in the next day or two,
as I'm about to travel out of town for work.
…On Tue, May 4, 2021 at 2:27 PM krishty ***@***.***> wrote:
Okay, I just searched the codebase for toupper(), tolower(), isalpha(),
isdigit() and it’s full of places where untrusted text like texture names
is passed without first casting to unsigned char.
@JC3 <https://github.com/JC3> if this is too much for you, I’ll put it on
my TODO for another day.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3867 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABLDV4ABMGBVHJUELQD7DUDTMA37TANCNFSM44CI5HXA>
.
|
Turns out, I've got time. PR forthcoming. Notes:
I'm not sure how to prevent potential issues from reappearing in the future, though. Maybe there's a code analysis tool that can spot ctype calls with char parameters that can be added to CI tests? No idea. PR forthcoming, as soon as I figure out how tf GitHub forks work (I'm a dinosaur). PS There was a chunk of gtest code that gave me the warm fuzzies (because I'm a huge nerd) as I was doing this, though: assimp/contrib/gtest/include/gtest/internal/gtest-port.h Lines 2256 to 2294 in 38df0f4
I feel so ... validated. |
Addresses assimp#3867 and then some.
Addresses assimp#3867 and then some.
Use IsAlNum instead (gtest-port.h), which deals with char signedness correctly. This was the only spot in gtest where a cctype function was called instead of its gtest-port.h equivalent. Addresses assimp#3867 and then some.
Addresses assimp#3867 and then some.
Cast to unsigned char as required by C++ (see C++ **[cctype.cyn]** -> ISO C99 section 7.4, [see also](https://en.cppreference.com/w/cpp/string/byte/isspace)). Addresses assimp#3867 and then some.
Addresses assimp#3867 and then some.
Use IsAlNum instead (gtest-port.h), which deals with char signedness correctly. This was the only spot in gtest where a cctype function was called instead of its gtest-port.h equivalent. Addresses assimp#3867 and then some.
Addresses assimp#3867 and then some.
Great, thanks a lot! This may save us from a few fuzzing issues :D
I remember learning this from one tool, that’s why I was so alarmed when I read your issue. But I don’t remember whether it was clang-tidy or just GCC with all warnings. Also noticed that Assimp compiles with /W3 instead of /W4 on Visual C++; another thing for my TODO (now that you made a little room there). |
Closed by #3880 |
BVH importer raises a large number of the following assertion failures when it attempts to load invalid files containing binary data:
While I have not investigated the exact source, this particular assertion is almost certainly due to passing signed chars to one of the cctype functions, which are undefined for values outside of EOF & the range of unsigned chars.
Presuming that's the case, the fix is to convert to unsigned chars (I promise this is the correct fix; I just don't feel like citing C99 / C++ standards right now).
The text was updated successfully, but these errors were encountered: