Scarfski/assimp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12,783 Commits 19 Branches 43 Tags
bugfix/fix_copyrights_in_python
Commit Graph

6877 Commits

Author SHA1 Message Date
Kim Kulling
ac0cfc8d9c Feature/pjoe fix fbx export (#6405) 
* fix: texture paths issues with fbx export

* Update LICENSE (#6327)

* FBX: Fix offset calculation by adding cursor check (#6337)

- closes https://github.com/assimp/assimp/issues/6336

* [CMake] -l (#6329)

- Fix zlib linkage.

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Add null check for aiNode in AddNode method (#6348)

- Added null check for node in AddNode function.
- closes https://github.com/assimp/assimp/issues/6347

* fix large glb reading by providing a proper helper for reading size_t type (#6307)

Co-authored-by: Vitaly Ovchinnikov <v@ovch.ru>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Updated doc/Preamble.txt & SECURITY.md (#6338)

* Update LICENSE

* Update Preamble.txt

* Update SECURITY.md

* Remove GitHub's default comment

* Better README! Fixed discord link as well (#6351)

* Better README!

* PyAssimp: Re-add 'aiProcess_Triangulate' (#6335)

apparently, b9bfac0418 accidentally
removed a couple of lines with a botched copy'n'paste.

Co-authored-by: IOhannes m zmölnig <zmoelnig@umlautT.umlaeute.mur.at>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Fixed Build.md (#6354)

* Fixed itch.io spelling from itchi.io

* Fix hasTangentsAndBitangents method in AiMesh.java (#6345)

original code m_tangents != null && m_tangents != null; triggers error prone

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Added tangent handedness to glTF export (#6322)

* Added tangent handedness to glTF export

* Restore merging of near-identical vertices for JoinIdenticalVertices (#6278)

* Restore merging of near-identical vertices for JoinIdenticalVertices

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Add BOM skip and fix mtl parsing (#6253)

* Add BOM skip and fix mtl parsing
* Remove old code
* Fix #5635
* Add all attributes to ObjFileData
---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Clone meshlab/tinyusdz repos in default location (#6239)

* Leave FETCHCONTENT_BASE_DIR as default to avoid target platform generated build file conflicts

* Attempt address sonarCloud complaint about generic-looking include file (bare "Parser.h")

---------

Co-authored-by: tellypresence <info@tellypresence.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Fix an invalid offsetof warning-as-error (#6359)

The code already disables the warning on clang. It's also caused on
GCC in some circumstances (particularly when building with
-D_GLIBCXX_DEBUG).

* Add unit test for subdivision modifier on Blender importer (#5345)

* Add unit test for subdivision modifier on Blender importer

Blend file is composed of default cube with subdivision modifier applied
and same cube with subdivision modifier.

* Update utBlenderImportExport.cpp

Fix compiler warning.

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Change strcpy to strncpy for format hint safety (#6365)

* Update default material name handling (#6366)

* Replace strcpy by strncpy

* Bugfix/fix sonarcube findings (#6369)

* Fix sonarcube findings.
---------
Co-authored-by: Kim Kulling <kim.kulling@draeger.com>

* Update texture output format in AssxmlFileWriter (#6372)

* Update texture output format in AssxmlFileWriter

* Collada: Fix overflow in CopyVertex (#6374)

* Fix overflow in CopyVertex

* COB: fix validation for ascii header (#6376)

* COB: fix validation for ascii header

* MD5: Fix face index allocation in MD5Parser (#6380)

- Ensure face indices are properly allocated and resized.
- closes https://github.com/assimp/assimp/issues/6379

* Removed unnecessary copy constructor declaration in aiVector3t (#6384)

* Removed unnecessary copy constructor declaration in aiVector3t
* Added copy constructor back in aiVector3t
* Added explicit declaration of assignment operator in aiVector3t

* Bump actions/upload-artifact from 4 to 5 (#6383)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Bump actions/download-artifact from 5 to 6 (#6382)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Made the README more tidy & fix Build.md (#6371)

* Update LICENSE

* Update Preamble.txt

* Update SECURITY.md

* Remove GitHub's default comment

* Better README!

* Fix discord link! Boom, that's how it's done

* Fixed itch.io spelling from itchi.io

* Make README more tidy :)

AR is back! Anyways, I'm working on my horror game & making devlogs so I don't have time to write. Here's a small summary:
- Just placed the dir structure information correctly in one place so the README looks tidy.

* Add international download link for Visual Studio

* Fix out-of-range access cause of aiProcess_GenNormals : array size inconsistency of members of mesh after process (#6332)

* Fix aiProcess_GenNormals process: copy members of mesh corresponding with additional vertices

* Fix aiProcess_GenNormals process: Refoctoring

* refactoring: fix SonarQube Issue

* Update GenFaceNormalsProcess.cpp: fix small findings

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Fix Heap-buffer-overflow in Q3DImporter::InternReadFile (#6370)

Checks if multiplying texture width and height would overflow before
performing the operation. This avoids incorrect memory allocations and
potential crashes with very large textures.

Fixes #6358

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Revert "Refactoring: use using types (#6266)" (#6324)

* Revert "Refactoring: use using types (#6266)"

* fix: write textures to folder of PBRT file (#6099)

* fix: write textures to folder of PBRT file

* Refactor condition checks for empty vectors (#6385)

* Refactor based on SonarCube.

* Fix sonarcube stuff (#6387)

* Fix sonarcube stuff

* Update contact email for reporting vulnerabilities (#6389)

* [PyAssimp] Create `pyproject.toml` (#6378)

* Create pyproject.toml

* glTF2: Avoid lookups for generating IDs (#6120)

* glTF2: Reduce lookups for generating IDs
- closes https://github.com/assimp/assimp/issues/5661

* Refactor string checks and variable declarations (#6392)

* Refactor string checks and variable declarations

* Change string check from contains to find

* Fix syntax error in mesh node creation loop

* Fix the doxygen documentation from public headers (#6394)

* Add documentation comments to DeboneProcess.h

* Added static cast for conversion from uLong to unsigned int for compiler error (#6393)

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Reorganize code top prevent security warning. (#6395)

* Reorganize code to prevent security warning.

* Fix linkage (#6388)

* Fix linkage when all importers aren't part of the build.

* Update LineSplitter.h (#6396)

* Added missing scene extras properties for glTF2Importer (#6397)

* WiP. Passing USD prims along with render nodes to look for USD references. Save reference path to metaData['ref'] (#5807)

Signed-off-by: AMZN-Gene <genewalt@amazon.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Bump actions/checkout from 5 to 6 (#6401)

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

* Update Readme.md (#6402)

* Update Readme.md

- Reorganize readme for code structure

* Update Readme.md

* Delete test/other/streamload.py (#6403)

* Update Readme.md

- Reorganize readme for code structure

* Update Readme.md

* Delete test/other/streamload.py

* Delete test/regression directory

* Update AndroidJNIIOSystem.cpp

* Update BundledAssetIOSystem.cpp

* Fixed DXFHelper using float instead of ai_real (#6404)

* Fixed DXFHelper using float instead of ai_real

* fixed cmake presets

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: AMZN-Gene <genewalt@amazon.com>
Co-authored-by: Pelle Johnsen <pelle.johnsen@gmail.com>
Co-authored-by: AbdulRehman <ardev1.deverson@proton.me>
Co-authored-by: Steven French <95558717+ZeunO8@users.noreply.github.com>
Co-authored-by: Vitaly Ovchinnikov <vitaly.ovchinnikov@gmail.com>
Co-authored-by: Vitaly Ovchinnikov <v@ovch.ru>
Co-authored-by: umläute <umlaeute@users.noreply.github.com>
Co-authored-by: IOhannes m zmölnig <zmoelnig@umlautT.umlaeute.mur.at>
Co-authored-by: fifth_light <liu-yu-jie@foxmail.com>
Co-authored-by: Luca Della Vedova <lucadv@intrinsic.ai>
Co-authored-by: Matt Penny <mwpenny@users.noreply.github.com>
Co-authored-by: Paul Bauriegel <paul.bauriegel@web.de>
Co-authored-by: Steve M <madsen.steve@yahoo.com>
Co-authored-by: tellypresence <info@tellypresence.com>
Co-authored-by: Sami Liedes <sami.liedes@iki.fi>
Co-authored-by: Alexandre Avenel <avenel.alexandre@gmail.com>
Co-authored-by: Kim Kulling <kim.kulling@draeger.com>
Co-authored-by: EddieBreeg <eddiebreeg0@protonmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: sSsA01 <59872472+Riv1s-sSsA01@users.noreply.github.com>
Co-authored-by: Jan Grulich <jgrulich@redhat.com>
Co-authored-by: Jan Honsbrok <jan.honsbrok@gmail.com>
Co-authored-by: thedestroyer4312 <trevortsai1@gmail.com>
Co-authored-by: Jerome St-Louis <jerome@ecere.com>
Co-authored-by: John Curley <johndanielcurley@gmail.com>
Co-authored-by: Orleonn <76880668+Orleonn@users.noreply.github.com>
Co-authored-by: Gene Walters <32776221+AMZN-Gene@users.noreply.github.com>
Co-authored-by: JakobPer <JakobPer@protonmail.com>
 2025-12-01 14:17:45 +01:00
JakobPer
11272f13bd Fixed DXFHelper using float instead of ai_real (#6404) 
* Fixed DXFHelper using float instead of ai_real

* fixed cmake presets

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-11-30 22:01:11 +01:00
Gene Walters
a989b30b58 WiP. Passing USD prims along with render nodes to look for USD references. Save reference path to metaData['ref'] (#5807) 
Signed-off-by: AMZN-Gene <genewalt@amazon.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-11-24 21:26:46 +01:00
Orleonn
ab28db52f0 Added missing scene extras properties for glTF2Importer (#6397) 2025-11-18 15:58:41 +01:00
Kim Kulling
19108dff6a Fix linkage (#6388) 
* Fix linkage when all importers aren't part of the build.
 2025-11-16 20:05:50 +01:00
Kim Kulling
05a4fb57f1 Reorganize code top prevent security warning. (#6395) 
* Reorganize code to prevent security warning.
 2025-11-15 12:16:56 +01:00
Kim Kulling
1cc7f2ba74 Fix the doxygen documentation from public headers (#6394) 
* Add documentation comments to DeboneProcess.h
 2025-11-14 22:05:08 +01:00
Kim Kulling
e98ec7b2d3 Refactor string checks and variable declarations (#6392) 
* Refactor string checks and variable declarations

* Change string check from contains to find

* Fix syntax error in mesh node creation loop
 2025-11-14 00:18:35 +01:00
Jerome St-Louis
0be7cdd6db glTF2: Avoid lookups for generating IDs (#6120) 
* glTF2: Reduce lookups for generating IDs
- closes https://github.com/assimp/assimp/issues/5661
 2025-11-13 10:50:26 +01:00
Kim Kulling
34cda45471 Fix sonarcube stuff (#6387) 
* Fix sonarcube stuff
 2025-11-10 23:29:03 +01:00
Kim Kulling
a4b8943533 Refactor condition checks for empty vectors (#6385) 
* Refactor based on SonarCube.
 2025-11-07 16:07:39 +01:00
Jan Honsbrok
0996221017 fix: write textures to folder of PBRT file (#6099) 
* fix: write textures to folder of PBRT file
 2025-11-05 08:24:41 +01:00
Luca Della Vedova
672594c230 Revert "Refactoring: use using types (#6266)" (#6324) 
* Revert "Refactoring: use using types (#6266)"
 2025-11-04 15:10:45 +01:00
Jan Grulich
0978918f71 Fix Heap-buffer-overflow in Q3DImporter::InternReadFile (#6370) 
Checks if multiplying texture width and height would overflow before
performing the operation. This avoids incorrect memory allocations and
potential crashes with very large textures.

Fixes #6358

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-11-04 10:09:13 +01:00
sSsA01
8e35cb1a9f Fix out-of-range access cause of aiProcess_GenNormals : array size inconsistency of members of mesh after process (#6332) 
* Fix aiProcess_GenNormals process: copy members of mesh corresponding with additional vertices

* Fix aiProcess_GenNormals process: Refoctoring

* refactoring: fix SonarQube Issue

* Update GenFaceNormalsProcess.cpp: fix small findings

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-11-01 21:15:17 +01:00
Kim Kulling
e778c84cd6 MD5: Fix face index allocation in MD5Parser (#6380) 
- Ensure face indices are properly allocated and resized.
- closes https://github.com/assimp/assimp/issues/6379
 2025-10-24 10:15:01 +02:00
Kim Kulling
5f7c06a71e COB: fix validation for ascii header (#6376) 
* COB: fix validation for ascii header
 2025-10-23 22:44:54 +02:00
Kim Kulling
7dcf6a8984 Collada: Fix overflow in CopyVertex (#6374) 
* Fix overflow in CopyVertex
 2025-10-19 23:13:59 +02:00
Kim Kulling
cc6ab1408f Update texture output format in AssxmlFileWriter (#6372) 
* Update texture output format in AssxmlFileWriter
 2025-10-17 11:24:38 +02:00
Kim Kulling
f544f9c217 Bugfix/fix sonarcube findings (#6369) 
* Fix sonarcube findings.
---------
Co-authored-by: Kim Kulling <kim.kulling@draeger.com>
 2025-10-14 00:01:50 +02:00
Kim Kulling
194da5b2fd Update default material name handling (#6366) 
* Replace strcpy by strncpy
 2025-10-07 20:25:24 +02:00
Kim Kulling
f28a96121d Change strcpy to strncpy for format hint safety (#6365) 2025-10-02 16:31:00 +02:00
Sami Liedes
1894bfb22c Fix an invalid offsetof warning-as-error (#6359) 
The code already disables the warning on clang. It's also caused on
GCC in some circumstances (particularly when building with
-D_GLIBCXX_DEBUG).
 2025-09-28 20:30:59 +02:00
Steve M
b8133b04c7 Clone meshlab/tinyusdz repos in default location (#6239) 
* Leave FETCHCONTENT_BASE_DIR as default to avoid target platform generated build file conflicts

* Attempt address sonarCloud complaint about generic-looking include file (bare "Parser.h")

---------

Co-authored-by: tellypresence <info@tellypresence.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-09-23 11:34:13 +02:00
Paul Bauriegel
709fe3c3d0 Add BOM skip and fix mtl parsing (#6253) 
* Add BOM skip and fix mtl parsing
* Remove old code
* Fix #5635
* Add all attributes to ObjFileData
---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-09-22 11:20:24 +02:00
Matt Penny
489c8d565b Restore merging of near-identical vertices for JoinIdenticalVertices (#6278) 
* Restore merging of near-identical vertices for JoinIdenticalVertices

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-09-21 10:57:17 +02:00
Luca Della Vedova
0581ed5f11 Added tangent handedness to glTF export (#6322) 
* Added tangent handedness to glTF export
 2025-09-18 14:10:41 +02:00
Vitaly Ovchinnikov
69f8eb21fd fix large glb reading by providing a proper helper for reading size_t type (#6307) 
Co-authored-by: Vitaly Ovchinnikov <v@ovch.ru>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-09-09 14:27:17 +02:00
Kim Kulling
72b9939b9f Add null check for aiNode in AddNode method (#6348) 
- Added null check for node in AddNode function.
- closes https://github.com/assimp/assimp/issues/6347
 2025-09-09 14:10:07 +02:00
Kim Kulling
8ef3838beb FBX: Fix offset calculation by adding cursor check (#6337) 
- closes https://github.com/assimp/assimp/issues/6336
 2025-08-28 11:48:38 +02:00
Pranav P
f7bbf6dc15 Fix endiannes issues regarding floats on s390x (#6276) (#6277) 
* Fix endiannes issues regarding floats on s390x (#6276)

* Fix CI Warnings

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-08-26 15:34:33 +02:00
Dongge Liu
4c42db1805 Fixed a heap-use-after-free in SortByPTypeProcess. (#6326) 
The process incorrectly deleted original meshes from the scene when cleaning up after an error if those meshes had been added to its output list (outMeshes). The fix ensures proper ownership transfer by nullifying the original mesh pointer in the scene (pScene->mMeshes[i] = nullptr;) when the mesh is moved to outMeshes. This prevents the scene destructor from attempting to delete the mesh again later, while allowing the error cleanup path in SortByPTypeProcess to correctly delete all meshes it owns (both newly created and transferred originals).

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-08-21 09:31:15 +02:00
Dongge Liu
36b004e286 Fixed a heap-buffer-overflow in the Half-Life 1 MDL loader. (#6321) 
The loader attempted to read the MDL header without verifying if the input buffer was large enough.
Added a check in MDLImporter::InternReadFile_HL1 to ensure the buffer size is sufficient before proceeding with loading.

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-08-18 09:29:45 +03:00
Kyungjoon Ko
6d7ea78792 Fix SEGV write in Assimp::SortByPTypeProcess::Execute (#6318) 
* Fix OOB Write in Assimp::SortByPTypeProcess::Execute
 2025-08-10 11:45:30 +03:00
sSsA01
8355e0c4bc Fix to fail in the function fast_atoreal_move when the flag ASSIMP_DOUBLE_PRESICION is enabled (#6250) 
* Refix export fbx PolygonVertexIndex

* Fix the function ColladaParser::ReadEffectColor when the flag ASSIMP_DOUBLE_PRESICION is enabled

* Fix the static function ReadLight in ColladaParser when the flag ASSIMP_DOUBLE_PRESICION is enabled

* Refactor of the call of the function fast_atoreal_move to the member of aiColor3D

* Fix the call of the function fast_atoreal_move when the flag ASSIMP_DOUBLE_PRESICION is enabled and and refactor

* Fix the call of the function fast_atoreal_move when the flag ASSIMP_DOUBLE_PRESICION is enabled

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-07-29 14:19:50 +02:00
DIGITAL IMAGE DESIGN
6fa9d09a97 AC: Support Double-Sided Faces (#6252) 
* AC: Support Double-Sided Faces

The AC format marks double-sided SURF elements with the 0x20 flag, which Assimp ignored. This commit adds support for double-sided faces.

On encountering a double-sided face via the flag mentioned above, the front face is generated as usual but is then duplicated. The winding order of the duplicate is flipped to form a back face. Vertices are duplicated too so that back faces work correctly with normal vector generation and face smoothing.

* Add test file

* Simplify test case

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-07-29 13:09:30 +02:00
Kim Kulling
9f4e7c6d8d Refactoring: use using types (#6266) 
* Refactoring: use using types

---------

Co-authored-by: Kim Kulling <kim.kulling@draeger.com>
 2025-07-28 17:00:45 +02:00
Kim Kulling
59bc03d931 X3D: Fix invalid vector::back usage (#6283) 
* X3D: Fix invalid vector::back usage
 2025-07-25 15:01:16 +02:00
Kim Kulling
a79dc358cf Add windows clang to CI (#5537) 
- Add windows clang build step
- Closes https://github.com/assimp/assimp/issues/5519


Co-authored-by: Kim Kulling <kim.kulling@draeger.com>
Co-authored-by: Kim Kulling <kullingk@LDED5178.corp.draeger.global>
 2025-07-16 16:43:20 +02:00
sSsA01
4c61ca3af5 Refix export fbx PolygonVertexIndex (#6240) 
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-27 11:30:04 +02:00
HandsomeXi
4b6cc8c28a bugfix: Fixed the memory leak when texture transforming (#6236) (#6237) 
* bugfix: Fixed the memory leak when texture transforming (#6236)

---------

Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-26 10:53:08 +02:00
Kim Kulling
d99f9bd2f7 Refactoring: Add nupptr-checks (#6241) 2025-06-26 00:09:02 +02:00
NSG
ad6e8e210a Fix: export fbx wrong to_ktime in FBXExporter.cpp (#6105) 
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-17 08:23:21 +02:00
Kim Kulling
fb375dd8c0 Prepare 6.0.2 (#6231) 2025-06-08 21:50:39 +02:00
sSsA01
a95addfc4a Fix the function "aiGetMaterialColor" when the flag ASSIMP_DOUBLE_PRECISION is enabled. (#6090) 
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-08 14:25:47 +02:00
Vinz Spring
357b5baabb fix-CVE-2025-3158: closes #6023 Fixes CVE-2025-3158: Heap-based Buffer Overflow in Assimp::LWO::AnimResolver::UpdateAnimRangeSetup (#6222) 
- changed loop-condition to reflect the fact that m must be smaller than n

Co-authored-by: Vinz Spring <vinzs@amazon.de>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-08 14:02:04 +02:00
Vinz Spring
269987085f Fixes CVE-2025-2750: out of bounds write by assigning to wrong array element count tracking (closes #6011) (#6225) 
description:
- The current implementation has faulty reallocation logic when parsing a CSM file
- Issue 1
    - 4ad1d2aa30/code/AssetLib/CSM/CSMLoader.cpp (L205)
    - By assigning s->mNumPositionKeys = alloc*2 right before resizing the buffer, making s->mNumPositionKeys equivalent to the
      max number of aiVectorKey that can be stored in s->mPositionKeys
    - the code later attempts to get the next write location by doing: aiVectorKey* sub = s->mPositionKeys + s->mNumPositionKeys;
    - this points to the end of the array, not after the last element in the array
- Issue 2
    - 4ad1d2aa30/code/AssetLib/CSM/CSMLoader.cpp (L178-L184)
    - if the CSM file does not declare last frame data, then mPositionKeys will never be initialized

fix:
- we preserve s->mNumPositionKeys to still contain the actual number of aiVectorKeys and ensure that we will not write out of bounds
- we initialize mPositionKeys with a default value and if we find last frame info, we just re-initialize it

Co-authored-by: Vinz Spring <vinzs@amazon.de>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-08 13:46:39 +02:00
Vinz Spring
5be336779d Fixes CVE-2025-2757: Heap-based Buffer Overflow in AI_MD5_PARSE_STRING_IN_QUOTATION (closes #6019) (#6223) 
description:
- heap buffer overflow in AI_MD5_PARSE_STRING_IN_QUOTATION. An attacker could potentially exploit the vulnerability to cause a remote code execution,
  if they can trick the victim into running assimp on a malformed MD5 file

fix:
- truncated the string to the maximum supported length, mitigating overflow

Co-authored-by: Vinz Spring <vinzs@amazon.de>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-08 13:38:05 +02:00
Vinz Spring
177797c77b Fixes CVE-2025-2751: Out-of-bounds Read in Assimp::CSMImporter::InternReadFile (closes #6012) (#6224) 
description:
issue:
- 4ad1d2aa30/code/AssetLib/CSM/CSMLoader.cpp (L274C1-L275C1)
- sometimes the code tried to construct a new 4x4 matrix from a nullptr, thus reading out of bounds

fix:
- added nullptr check
- added array count check
- added default fallback init to identity matrix

Co-authored-by: Vinz Spring <vinzs@amazon.de>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
 2025-06-08 12:10:12 +02:00
Kim Kulling
c1d6226c06 Update/update pugi xml (#6229) 
* update pugixml

Improvements:

Many xml_attribute:: and xml_node:: functions now transparently support std::string_view and std::string when C++17 support is detected.
CMake improvements:

Improve pkg-config file generation for NixOS
PUGIXML_BUILD_APPLE_FRAMEWORK CMake option can be used to build pugixml as .xcframework
PUGIXML_INSTALL CMake option can be used to disable installation targets
Compatibility improvements:

Fix clang/gcc warnings -Wzero-as-null-pointer-constant, -Wuseless-cast, -Wshorten-64-to-32
Fix unreferenced function warnings in PUGIXML_NO_STL configuration
Fix CMake 3.31 deprecation warnings
Stop using deprecated throw() when noexcept is available

Improvements:

xml_attribute::set_name and xml_node::set_name now have overloads that accept pointer to non-null-terminated string and size
Implement parse_merge_pcdata parsing mode in which PCDATA contents is merged into a single node when original document had comments that were skipped during parsing
xml_document::load_file now returns a more consistent error status when given a path to a folder
Bug fixes:

Fix assertion in XPath number→string conversion when using non-English locales
Fix PUGIXML_STATIC_CRT CMake option to correctly select static CRT when using MSVC and recent CMake
Compatibility improvements:

Fix GCC 2.95/3.3 builds
Fix CMake 3.27 deprecation warnings
Fix XCode 14 sprintf deprecation warning when compiling in C++03 mode
Fix clang/gcc warnings -Wweak-vtables, -Wreserved-macro-identifier

* Update CMakeLists.txt

* pugixml: upgrade to v1.15

* pugixml: Add export directives for non-windows platforms

* pugixml: replace NULL by nullptr.

---------

Co-authored-by: Andrea <realeandrea@yahoo.it>
Co-authored-by: mosfet80 <10235105+mosfet80@users.noreply.github.com>
 2025-06-08 02:12:05 +02:00