From cf668683f90715dce4ca22086a06ef2ad33f5241 Mon Sep 17 00:00:00 2001
From: Doug Muir <dmuir@google.com>
Date: Mon, 28 Oct 2019 09:51:13 -0700
Subject: [PATCH] Fix check for invalid glTF to consider invalid
 length/model_length combinations.

---
 tiny_gltf.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tiny_gltf.h b/tiny_gltf.h
index a6c6592..84f297d 100644
--- a/tiny_gltf.h
+++ b/tiny_gltf.h
@@ -5618,6 +5618,7 @@ bool TinyGLTF::LoadBinaryFromMemory(Model *model, std::string *err,
   // JSON contents,
   // so use "greater than" operator.
   if ((20 + model_length > size) || (model_length < 1) || (length > size) ||
+      (20 + model_length > length) ||
       (model_format != 0x4E4F534A)) {  // 0x4E4F534A = JSON format.
     if (err) {
       (*err) = "Invalid glTF binary.";