Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.x] Verify GLTF indices to prevent crash with corrupt files #94972

Merged
merged 1 commit into from
Aug 19, 2024
Merged

[3.x] Verify GLTF indices to prevent crash with corrupt files #94972

merged 1 commit into from
Aug 19, 2024
+33 −0

Conversation

lawnjelly
Copy link
Member

@lawnjelly lawnjelly commented Jul 31, 2024
edited
Loading

Also verify prior to vertex optimization.

Fixes #94696

Error reporting is now:

Godot Engine v3.6.rc.custom_build (c) 2007-2022 Juan Linietsky, Ariel Manzur & Godot Contributors.
 ./modules/gltf/gltf_document.cpp:2949 - Condition "!Geometry::verify_indices(inds.ptr(), inds.size(), num_verts)" is true. Returned: ERR_FILE_CORRUPT
 ./modules/gltf/packed_scene_gltf.cpp:76 - Condition "err != Error::OK" is true. Returned: nullptr
 ./editor/editor_file_system.cpp:1764 - Error importing 'res://gltf/03_level_RocksMaze.gltf'.

Notes

  • Could possibly produce an error dialog or something to alert the user, but erring on the side of caution here as that could be an annoyance if multiple files / multiple attempts at import, and we don't want to introduce annoyances immediately prior to 3.6 stable.
  • Also now checks during vertex cache optimization, as the MRP did also crash within vertex optimization, and obviously the third party vertex optimization code isn't fault tolerant. Now it just returns false and flags an ERR_FAIL prior to attempting the optimization.

Other similar vulnerabilities

Although the linked bug (#94696) in GLTF import is closed by this PR, it is possible that a similar crash can still occur if add_surface_from_arrays() is called with invalid data from elsewhere in the source code.

We could in the long term decide to play it safe and verify all input indices during add_surface_from_arrays() (instead of during the GLTF import), however I'm not yet clear whether this could cause performance impact unnecessarily, so it may be worth waiting to see if we have any reports of similar crashes from elsewhere (I haven't seen any recently on github, and this vulnerability is not new, it has probably existed for years).

It would be very simple to move the verification check to add_surface_from_arrays() in a follow up PR if we later decide that would be better approach.

@lawnjelly
Verify GLTF indices to prevent crash with corrupt files
3771078 
Also verify prior to vertex optimization.
@lawnjelly lawnjelly added this to the 3.6 milestone Jul 31, 2024
@lawnjelly lawnjelly requested review from a team as code owners July 31, 2024 09:51
clayjohn
clayjohn approved these changes Aug 19, 2024
View reviewed changes
Copy link
Member

@clayjohn clayjohn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. As far as I can tell, in 4.x, we only validate indices at import time. I think it is fine to only add the check in places that are impacted by the specific bug report.

@lawnjelly lawnjelly merged commit 01c78d8 into godotengine:3.x Aug 19, 2024
14 checks passed
@lawnjelly
Copy link
Member Author

Thanks!

@lawnjelly lawnjelly deleted the verify_gltf_inds branch August 19, 2024 16:42
@lawnjelly lawnjelly mentioned this pull request Aug 24, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clayjohn clayjohn clayjohn approved these changes

Assignees
No one assigned
Labels
bug crash topic:import topic:3d
Projects
None yet
Milestone
3.6
Development

Successfully merging this pull request may close these issues.
2 participants
@lawnjelly @clayjohn