Compare commits
1 Commits
| Author | SHA1 | Date |
|---|---|---|
Miro Hrončok
|
d6b5571d1b |
|
|
@ -0,0 +1,61 @@
|
|||
diff --git a/src/import_stl.cc b/src/import_stl.cc
|
||||
index 8f0efb3..2a4b752 100644
|
||||
--- a/src/import_stl.cc
|
||||
+++ b/src/import_stl.cc
|
||||
@@ -88,12 +88,17 @@ PolySet *import_stl(const std::string &filename, const Location &loc)
|
||||
f.read(data, 5);
|
||||
if (!binary && !f.eof() && f.good() && !memcmp(data, "solid", 5)) {
|
||||
int i = 0;
|
||||
+ int lineno = 1;
|
||||
double vdata[3][3];
|
||||
std::string line;
|
||||
std::getline(f, line);
|
||||
while (!f.eof()) {
|
||||
+ lineno++;
|
||||
std::getline(f, line);
|
||||
boost::trim(line);
|
||||
+ if (line.length() == 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
if (boost::regex_search(line, ex_sfe)) {
|
||||
continue;
|
||||
}
|
||||
@@ -101,23 +106,27 @@ PolySet *import_stl(const std::string &filename, const Location &loc)
|
||||
i = 0;
|
||||
continue;
|
||||
}
|
||||
+ if (i >= 3) {
|
||||
+ PRINTB("ERROR: STL line %1$s, extra vertex line '%2$s' importing file '%3$s'", lineno % line % filename);
|
||||
+ delete p;
|
||||
+ return new PolySet(3);
|
||||
+ }
|
||||
boost::smatch results;
|
||||
if (boost::regex_search(line, results, ex_vertices)) {
|
||||
try {
|
||||
for (int v=0;v<3;v++) {
|
||||
vdata[i][v] = boost::lexical_cast<double>(results[v+1]);
|
||||
}
|
||||
- }
|
||||
- catch (const boost::bad_lexical_cast &blc) {
|
||||
- PRINTB("WARNING: Can't parse vertex line '%s', import() at line %d", line % loc.firstLine());
|
||||
- i = 10;
|
||||
- continue;
|
||||
- }
|
||||
- if (++i == 3) {
|
||||
- p->append_poly();
|
||||
- p->append_vertex(vdata[0][0], vdata[0][1], vdata[0][2]);
|
||||
- p->append_vertex(vdata[1][0], vdata[1][1], vdata[1][2]);
|
||||
- p->append_vertex(vdata[2][0], vdata[2][1], vdata[2][2]);
|
||||
+ if (++i == 3) {
|
||||
+ p->append_poly();
|
||||
+ p->append_vertex(vdata[0][0], vdata[0][1], vdata[0][2]);
|
||||
+ p->append_vertex(vdata[1][0], vdata[1][1], vdata[1][2]);
|
||||
+ p->append_vertex(vdata[2][0], vdata[2][1], vdata[2][2]);
|
||||
+ }
|
||||
+ } catch (const boost::bad_lexical_cast& blc) {
|
||||
+ PRINTB("ERROR: STL line %1$s, can't parse vertex line '%2$s' importing file '%3$s'", lineno % line % filename);
|
||||
+ delete p;
|
||||
+ return new PolySet(3);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Name: openscad
|
||||
Version: 2019.05
|
||||
%global upversion %{version}
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
Summary: The Programmers Solid 3D CAD Modeller
|
||||
# COPYING contains a linking exception for CGAL
|
||||
# Appdata file is CC0
|
||||
|
|
@ -32,6 +32,10 @@ Patch3: boost-1.73.patch
|
|||
# https://github.com/openscad/openscad/commit/b6c170cc5dd1bc677176ee732cdb0ddae57e5cf0
|
||||
Patch4: openscad-missing-include.patch
|
||||
|
||||
# CVE-2020-28599: Fix STL import, don't try to import partial files
|
||||
# https://github.com/openscad/openscad/pull/3611
|
||||
Patch5: CVE-2020-28599.patch
|
||||
|
||||
BuildRequires: CGAL-devel >= 3.6
|
||||
BuildRequires: ImageMagick
|
||||
BuildRequires: Xvfb
|
||||
|
|
@ -231,6 +235,10 @@ cd -
|
|||
%{_datadir}/%{name}/libraries/MCAD/bitmap/*.scad
|
||||
|
||||
%changelog
|
||||
* Thu Feb 25 2021 Miro Hrončok <mhroncok@redhat.com> - 2019.05-13
|
||||
- Security fix for CVE-2020-28599
|
||||
- Fixes: rhbz#1932557
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2019.05-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue