From 1c6f6efafcf10f8a2981a1316253e16a5a2ed546 Mon Sep 17 00:00:00 2001 From: rhiskey <35545041+rhiskey@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:21:06 +0300 Subject: [PATCH 1/7] Update tiny_gltf.h Fix max size of `header_and_json_size` limit. In case of 4GB will check ` sizeof(uint64_t)` insted deprecated max --- tiny_gltf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiny_gltf.h b/tiny_gltf.h index 5f64f17..c8c329e 100644 --- a/tiny_gltf.h +++ b/tiny_gltf.h @@ -6669,7 +6669,7 @@ bool TinyGLTF::LoadBinaryFromMemory(Model *model, std::string *err, // Use 64bit uint to avoid integer overflow. uint64_t header_and_json_size = 20ull + uint64_t(chunk0_length); - if (header_and_json_size > std::numeric_limits::max()) { + if (header_and_json_size > sizeof(uint64_t)) { // Do not allow 4GB or more GLB data. (*err) = "Invalid glTF binary. GLB data exceeds 4GB."; } From 32198f757fede8b37e3c8993751fe47201b29b63 Mon Sep 17 00:00:00 2001 From: rhiskey <35545041+rhiskey@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:22:14 +0300 Subject: [PATCH 2/7] Update stb_image_write.h Securing printing output via `sprintf_s` instead `sprintf`. --- stb_image_write.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stb_image_write.h b/stb_image_write.h index e4b32ed..48f8029 100644 --- a/stb_image_write.h +++ b/stb_image_write.h @@ -773,7 +773,7 @@ static int stbi_write_hdr_core(stbi__write_context *s, int x, int y, int comp, f #ifdef __STDC_LIB_EXT1__ len = sprintf_s(buffer, sizeof(buffer), "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #else - len = sprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); + len = sprintf_s(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #endif s->func(s->context, buffer, len); From 03b3a31e028b638493b1fb0b4bbfafc41556a6b3 Mon Sep 17 00:00:00 2001 From: rhiskey <35545041+rhiskey@users.noreply.github.com> Date: Mon, 4 Dec 2023 16:57:36 +0300 Subject: [PATCH 3/7] Update tiny_gltf.h Fixed `Windows.h` MINMAX error and reverted to original numeric limits of type `uint32_t` --- tiny_gltf.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tiny_gltf.h b/tiny_gltf.h index 795c513..cd86ce0 100644 --- a/tiny_gltf.h +++ b/tiny_gltf.h @@ -6669,7 +6669,8 @@ bool TinyGLTF::LoadBinaryFromMemory(Model *model, std::string *err, // Use 64bit uint to avoid integer overflow. uint64_t header_and_json_size = 20ull + uint64_t(chunk0_length); - if (header_and_json_size > sizeof(uint64_t)) { +#undef max + if (header_and_json_size > std::numeric_limits::max()) { // Do not allow 4GB or more GLB data. if (err) { (*err) = "Invalid glTF binary. GLB data exceeds 4GB."; From 8acf861db78b72926dc86cb15729a359f785baa3 Mon Sep 17 00:00:00 2001 From: rhiskey <35545041+rhiskey@users.noreply.github.com> Date: Mon, 4 Dec 2023 17:11:59 +0300 Subject: [PATCH 4/7] Update tiny_gltf.h Removed `#undef` and used the @syoyo method: https://github.com/syoyo/tinygltf/pull/467#issuecomment-1838703699 --- tiny_gltf.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tiny_gltf.h b/tiny_gltf.h index cd86ce0..d470bf4 100644 --- a/tiny_gltf.h +++ b/tiny_gltf.h @@ -6669,8 +6669,7 @@ bool TinyGLTF::LoadBinaryFromMemory(Model *model, std::string *err, // Use 64bit uint to avoid integer overflow. uint64_t header_and_json_size = 20ull + uint64_t(chunk0_length); -#undef max - if (header_and_json_size > std::numeric_limits::max()) { + if (header_and_json_size > (std::numeric_limits::max)()) { // Do not allow 4GB or more GLB data. if (err) { (*err) = "Invalid glTF binary. GLB data exceeds 4GB."; From 77238cf23c96d9ab6fb47a1f7effe609e7e9b094 Mon Sep 17 00:00:00 2001 From: rhiskey <35545041+rhiskey@users.noreply.github.com> Date: Tue, 5 Dec 2023 00:15:50 +0300 Subject: [PATCH 5/7] Update stb_image_write.h Fixed case when `__STDC_LIB_EXT1__ ` is not defined - for Linux, etc. According to the C99 standart @syoyo --- stb_image_write.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stb_image_write.h b/stb_image_write.h index 48f8029..95f9f4a 100644 --- a/stb_image_write.h +++ b/stb_image_write.h @@ -773,7 +773,7 @@ static int stbi_write_hdr_core(stbi__write_context *s, int x, int y, int comp, f #ifdef __STDC_LIB_EXT1__ len = sprintf_s(buffer, sizeof(buffer), "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #else - len = sprintf_s(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); + len = snprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #endif s->func(s->context, buffer, len); From 7fd75df70e6bf18f952c4d6dda7e3f2d8582fadc Mon Sep 17 00:00:00 2001 From: rhiskey <35545041+rhiskey@users.noreply.github.com> Date: Tue, 5 Dec 2023 00:21:41 +0300 Subject: [PATCH 6/7] Revert back stb_image_write.h to original code --- stb_image_write.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stb_image_write.h b/stb_image_write.h index 95f9f4a..e4b32ed 100644 --- a/stb_image_write.h +++ b/stb_image_write.h @@ -773,7 +773,7 @@ static int stbi_write_hdr_core(stbi__write_context *s, int x, int y, int comp, f #ifdef __STDC_LIB_EXT1__ len = sprintf_s(buffer, sizeof(buffer), "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #else - len = snprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); + len = sprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #endif s->func(s->context, buffer, len); From 8fdeca146e2e431dfad195e8598b979cdcb92d15 Mon Sep 17 00:00:00 2001 From: rhiskey <35545041+rhiskey@users.noreply.github.com> Date: Tue, 5 Dec 2023 00:28:18 +0300 Subject: [PATCH 7/7] Update stb_image_write.h Provided `sizeof(buffer)` in `sptintf` --- stb_image_write.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stb_image_write.h b/stb_image_write.h index e4b32ed..151eaca 100644 --- a/stb_image_write.h +++ b/stb_image_write.h @@ -773,7 +773,7 @@ static int stbi_write_hdr_core(stbi__write_context *s, int x, int y, int comp, f #ifdef __STDC_LIB_EXT1__ len = sprintf_s(buffer, sizeof(buffer), "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #else - len = sprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); + len = snprintf(buffer, sizeof(buffer), "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x); #endif s->func(s->context, buffer, len);