- Add feature to limit file size for external resources(images, buffers)
- Use strlen to correctly retrieve a string from a string which contains multiple null-characters.
- Return fail when opening a directory(Posix only). Fixes#416
Tinygltf is able to write files defined by a URI, so it needs to be able
to decode it. Since it may also modify the path where the image is saved
it may need to re-encode the URI too. This patch provides an API to set
URI encoding and decoding callbacks and exposes the default decode
method.
Uses the existing dlib::urldecode as a decode default. The encode
callback is left null, matching existing behaviour.
Updates the WriteImageDataFunction signature to include
tinygltf::URICallbacks.
Decodes the image and buffer uris before using them as a filename.
If the encode callback is set, encodes the written image location in the
default WriteImageDataFunction and encodes generated buffer locations
when writing .bin files.
Adds a save+load step to the test image-uri-spaces to verify uri
encoding.
Modifies UpdateImageObject() so that Returning false from the
WriteImageDataFunction callback results in the WriteGltfScene*() call
returning false.
Does not call WriteImageDataFunction if there is no image data.
Adds test case serialize-image-failure to verify the callback return
code is able to cause an overall failure to save the gltf.
Adds 'const' to all Serialize*() methods.
Updates WriteImageData callback to take a URI out pointer that was
previously being written to the Image::uri, which is now const.
This breaks the WriteImageData API and as a side effect, Image::uri will
no longer contain the written image URI after saving.
Adds test serialize-const-image, which verifies the model's image is not
changed (because it's const), but the uri written to the gltf json is
still correct.
Adds test serialize-image-callback that defines a WriteImageDataFunction
and also verifies the uri can be overwritten.
This allows multiple gltf's to be loaded/saved in parallel. It removes the restriction of a single JsonDocument active at once which is default behavior. Enable with TINYGLTF_USE_RAPIDJSON_CRTALLOCATOR
When parsing numeric values as doubles, its possible for users to
specify values that cannot be converted to integers, such as Inf, NaN,
and extremes such as 1e100. If this value is received, and then cast to
an int, it is undefined behavior, which trips ubsan when running
tinygltf under a fuzzer.
Instead of parsing integral values as doubles, use nlohmann/json's
built-in support to parse integer and unsigned values directly, with
.is_number_integer() and .is_number_unsigned().
Add ParseIntegerProperty, ParseUnsignedProperty, and
ParseIntegerArrayProperty helpers that allow parsing directly to
int/uint values and update code to use them when appropriate.
When loading untrusted glTF files, ideally an error should be returned
if the file is malformed instead of an exception/crash. Add additional
validation for crashes found when running tinygltf under a fuzzer, and
add test cases to confirm:
1. Validate that the primitive indices value is within the
model->accessors bounds before dereferencing.
2. Validate that the accessors bufferView index if valid.
3. Validate that the buffer's index is valid when parsing images.
4. For glb files, validate that the overall length is within the
provided input buffer.
