benkyd/tinyobjloader
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix buffer overrun when parsing 'l' line.

Browse Source
This commit is contained in:
Syoyo Fujita
2018-07-25 16:24:40 +09:00
parent 0e950513a3
commit 0d68262246
2 changed files with 255 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
loader_example.cc
View File

@@ -137,8 +137,10 @@ static void PrintInfo(const tinyobj::attrib_t& attrib,
for (size_t i = 0; i < shapes.size(); i++) {
printf("shape[%ld].name = %s\n", static_cast<long>(i),
shapes[i].name.c_str());
printf("Size of shape[%ld].indices: %lu\n", static_cast<long>(i),
printf("Size of shape[%ld].mesh.indices: %lu\n", static_cast<long>(i),
static_cast<unsigned long>(shapes[i].mesh.indices.size()));
printf("Size of shape[%ld].path.indices: %lu\n", static_cast<long>(i),
static_cast<unsigned long>(shapes[i].path.indices.size()));
size_t index_offset = 0;

58
tiny_obj_loader.h
View File

@@ -23,6 +23,7 @@ THE SOFTWARE.
*/
//
// version 1.2.1 : Added initial support for line('l') primitive(PR #178)
// version 1.2.0 : Hardened implementation(#175)
// version 1.1.1 : Support smoothing groups(#162)
// version 1.1.0 : Support parsing vertex color(#144)
@@ -377,8 +378,8 @@ void LoadMtl(std::map<std::string, int> *material_map,
#include <cstddef>
#include <cstdlib>
#include <cstring>
#include <utility>
#include <limits>
#include <utility>
#include <fstream>
#include <sstream>
@@ -1010,9 +1011,8 @@ static void InitMaterial(material_t *material) {
}
// code from https://wrf.ecse.rpi.edu//Research/Short_Notes/pnpoly.html
template<typename T>
static int pnpoly(int nvert, T *vertx, T *verty, T testx,
T testy) {
template <typename T>
static int pnpoly(int nvert, T *vertx, T *verty, T testx, T testy) {
int i, j, c = 0;
for (i = 0, j = nvert - 1; i < nvert; j = i++) {
if (((verty[i] > testy) != (verty[j] > testy)) &&
@@ -1029,18 +1029,14 @@ static bool exportGroupsToShape(shape_t *shape,
const std::vector<face_t> &faceGroup,
std::vector<int> &lineGroup,
const std::vector<tag_t> &tags,
const int material_id,
const std::string &name, bool triangulate,
const int material_id, const std::string &name,
bool triangulate,
const std::vector<real_t> &v) {
if (faceGroup.empty() && lineGroup.empty()) {
return false;
}
if (!faceGroup.empty()) {
// Flatten vertices and indices
for (size_t i = 0; i < faceGroup.size(); i++) {
const face_t &face = faceGroup[i];
@@ -1067,8 +1063,7 @@ static bool exportGroupsToShape(shape_t *shape,
size_t vi1 = size_t(i1.v_idx);
size_t vi2 = size_t(i2.v_idx);
if (((3 * vi0 + 2) >= v.size()) ||
((3 * vi1 + 2) >= v.size()) ||
if (((3 * vi0 + 2) >= v.size()) || ((3 * vi1 + 2) >= v.size()) ||
((3 * vi2 + 2) >= v.size())) {
// Invalid triangle.
// FIXME(syoyo): Is it ok to simply skip this invalid triangle?
@@ -1124,8 +1119,8 @@ static bool exportGroupsToShape(shape_t *shape,
area += (v0x * v1y - v0y * v1x) * static_cast<real_t>(0.5);
}
int maxRounds =
10; // arbitrary max loop count to protect against unexpected errors
int maxRounds = 10; // arbitrary max loop count to protect against
// unexpected errors
face_t remainingFace = face; // copy
size_t guess_vert = 0;
@@ -1172,9 +1167,7 @@ static bool exportGroupsToShape(shape_t *shape,
continue;
}
size_t ovi = size_t(
remainingFace.vertex_indices[idx]
.v_idx);
size_t ovi = size_t(remainingFace.vertex_indices[idx].v_idx);
if (((ovi * 3 + axes[0]) >= v.size()) ||
((ovi * 3 + axes[1]) >= v.size())) {
@@ -1272,8 +1265,7 @@ static bool exportGroupsToShape(shape_t *shape,
shape->mesh.tags = tags;
}
if(!lineGroup.empty()){
if (!lineGroup.empty()) {
shape->path.indices.swap(lineGroup);
}
@@ -1765,8 +1757,7 @@ bool LoadObj(attrib_t *attrib, std::vector<shape_t> *shapes,
#else
const char dirsep = '\\';
#endif
if (baseDir[baseDir.length() - 1] != dirsep)
baseDir += dirsep;
if (baseDir[baseDir.length() - 1] != dirsep) baseDir += dirsep;
}
MaterialFileReader matFileReader(baseDir);
@@ -1865,19 +1856,20 @@ bool LoadObj(attrib_t *attrib, std::vector<shape_t> *shapes,
}
// line
if (token[0] == 'l' && IS_SPACE((token[1]))){
if (token[0] == 'l' && IS_SPACE((token[1]))) {
token += 2;
line_t line_cache;
bool end_line_bit = 0;
while(!IS_NEW_LINE(token[0])){
//get index from string
while (!IS_NEW_LINE(token[0])) {
// get index from string
int idx;
fixIndex(parseInt(&token), 0, &idx);
// move to next space or end of string (\0 / \n)
token += strcspn(token, " \t\r")+1;
if(!end_line_bit){
size_t n = strspn(token, " \t\r");
token += n;
if (!end_line_bit) {
line_cache.idx0 = idx;
} else {
line_cache.idx1 = idx;
@@ -1995,8 +1987,8 @@ bool LoadObj(attrib_t *attrib, std::vector<shape_t> *shapes,
// group name
if (token[0] == 'g' && IS_SPACE((token[1]))) {
// flush previous face group.
bool ret = exportGroupsToShape(&shape, faceGroup, lineGroup, tags, material, name,
triangulate, v);
bool ret = exportGroupsToShape(&shape, faceGroup, lineGroup, tags,
material, name, triangulate, v);
(void)ret; // return value not used.
if (shape.mesh.indices.size() > 0) {
@@ -2032,8 +2024,8 @@ bool LoadObj(attrib_t *attrib, std::vector<shape_t> *shapes,
// object name
if (token[0] == 'o' && IS_SPACE((token[1]))) {
// flush previous face group.
bool ret = exportGroupsToShape(&shape, faceGroup, lineGroup, tags, material, name,
triangulate, v);
bool ret = exportGroupsToShape(&shape, faceGroup, lineGroup, tags,
material, name, triangulate, v);
if (ret) {
shapes->push_back(shape);
}
@@ -2140,8 +2132,8 @@ bool LoadObj(attrib_t *attrib, std::vector<shape_t> *shapes,
// Ignore unknown command.
}
bool ret = exportGroupsToShape(&shape, faceGroup, lineGroup, tags, material, name,
triangulate, v);
bool ret = exportGroupsToShape(&shape, faceGroup, lineGroup, tags, material,
name, triangulate, v);
// exportGroupsToShape return false when `usemtl` is called in the last
// line.
// we also add `shape` to `shapes` when `shape.mesh` has already some