From: =?utf-8?q?Timo_R=C3=B6hling?= <roehling@debian.org>
Date: Thu, 8 Sep 2022 19:07:02 +0200
Subject: CVE-2022-3008

Backport of upstream commit 52ff00a38447f06a17eab1caa2cf0730a119c751
---
 tiny_gltf.h | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/tiny_gltf.h b/tiny_gltf.h
index 9c41e34..778408c 100644
--- a/tiny_gltf.h
+++ b/tiny_gltf.h
@@ -1608,7 +1608,7 @@ class TinyGLTF {
 #endif
 
 #elif !defined(__ANDROID__)
-#include <wordexp.h>
+//#include <wordexp.h>
 #endif
 
 #if defined(__sparcv9)
@@ -2616,6 +2616,18 @@ bool FileExists(const std::string &abs_filename, void *) {
 }
 
 std::string ExpandFilePath(const std::string &filepath, void *) {
+  // https://github.com/syoyo/tinygltf/issues/368
+  //
+  // No file path expansion in built-in FS function anymore, since glTF URI
+  // should not contain tilde('~') and environment variables, and for security
+  // reason(`wordexp`).
+  //
+  // Users need to supply `base_dir`(in `LoadASCIIFromString`,
+  // `LoadBinaryFromMemory`) in expanded absolute path.
+
+  return filepath;
+
+#if 0
 #ifdef _WIN32
   // Assume input `filepath` is encoded in UTF-8
   std::wstring wfilepath = UTF8ToWchar(filepath);
@@ -2663,6 +2675,7 @@ std::string ExpandFilePath(const std::string &filepath, void *) {
 
   return s;
 #endif
+#endif
 }
 
 bool ReadWholeFile(std::vector<unsigned char> *out, std::string *err,