The heap-use-after-free vulnerability occurs in the
CallbackToLogRedirector function. During the process of logging,
a previously freed memory region is accessed, leading to a
use-after-free condition. This vulnerability stems from incorrect
memory management, specifically, freeing a log stream and then
attempting to access it later on.
This patch sets NULL value for The DefaultStream global pointer.
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
In all other instances where we set mErrorString inside a catch block
we also set mException. I think that this was an oversight.
Co-authored-by: Michael Schmitt <michael.schmitt@visometry.com>
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
assigning s_pNullLogger to the parameter "logger" is definitely wrong.
However, custom logger previously set from user must not be deleted.
The user itself must handle allocation / deallocation.
* fix potential memory leak in scenecombiner
* also cleansup srclist
* de-duplicates before deleting
---------
Co-authored-by: Kim Kulling <kimkulling@users.noreply.github.com>
* Make color single precision
* Fix the unittests for double precision
* Fix merge issues
* Fix issues with Vertex + Color4
* Fix vertex operator, some tests are still red.
* Squash development commits for PR
* Fix failing build on armeabi-v7a via android NDK
* Update with blendshape support
* Migrate to auto-cloning and patching tinyusdz (instead of manually copying files)
* Update to latest rendermesh-refactor branch commit
* Remove tracked file
* Update to use recent commit to "dev" branch
"rendermesh-refactor" was merged to "dev" around 9 May 2024 but merge
was not obvious from commit messages
* Add UNUSED() macro
(cherry picked from commit d89fe8f034c353cc5cc5b3ac78cd8845e006de38)
* Update tinyusdz branch
* Prevent per-ABI (x86, x86_64 etc) clone on android
* Add verbose logging cmake option
* Fix macro and patch
* Address compiler warnings
* Address compiler warnings
* Address compiler warnings
* Attempt prevent re-clone/re-patch once downloaded by any ABI build
* Disable tinyusdz clone/build by default
assimp github PR auto-CI checks clone/build the tinyusdz code, and reject PR
due to compiler warnings in the 3rd party external tinyusdz project
---------
Co-authored-by: Steve M <praktique-tellypresence@yahoo.com>
- std::min/max were not defined in StackAllocator.inl; Also added explicit template arguments to break macro expansion if Windows.h is included prior and NOMINMAX macro is not present.
- Made static_assert statements compatible with C++11 in ProcessHelper.cpp.
- Removed unused string_view include in ObjFileParser.cpp.
