Skip to content

harden binary parser against integer underflow and unsafe type punning#2340

Open
SABITHSAHEB wants to merge 1 commit into
Ultimaker:mainfrom
SABITHSAHEB:stl-parser-hardening
Open

harden binary parser against integer underflow and unsafe type punning#2340
SABITHSAHEB wants to merge 1 commit into
Ultimaker:mainfrom
SABITHSAHEB:stl-parser-hardening

Conversation

@SABITHSAHEB

Copy link
Copy Markdown

This patch improves the safety of the binary STL loader when handling malformed or truncated files.

Changes

  • Rejects STL files that are too small to contain a valid header.
  • Handles ftell() failures and adds a missing fopen() null check.
  • Warns when the triangle count stored in the header does not match the file size.
  • Replaces raw float pointer casting with a safer memcpy-based implementation.
  • Replaces temporary C-style arrays with std::array.

These changes do not affect valid STL files and preserve existing parsing behavior.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)

Testing

Added tests for:

  • Truncated STL files.
  • Header triangle count mismatches.
  • Normal STL loading (testModel.stl, 564 triangles).

@github-actions github-actions Bot added the PR: Community Contribution 👑 Community Contribution PR's label Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

PR: Community Contribution 👑 Community Contribution PR's

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant