Avoid out of bounds when calculating b.URI[startPos:]

[pic4xiu]

Processing illegal base64 content may cause the program to panic, For example, the following gltf file:

{"buffers": [
    {
      "uri": "data:application/octet-stream;base64",
      "byteLength": 1
    }
  ]
}

When our program calculates the index, the split character is counted by default, and 1 is automatically added, resulting in an out-of-bounds problem in the program.

func (b *Buffer) marshalData() ([]byte, error) {
    if !b.IsEmbeddedResource() {
        return nil, nil
    }
    startPos := len(mimetypeApplicationOctet) + 1//startPos is 37
    //But our b.URI is only 36 in length in this processing.
    sl, err := base64.StdEncoding.DecodeString(b.URI[startPos:])
    if len(sl) == 0 || err != nil {
        return nil, err
    }
    return sl, nil
}

what happened

❯ go run main.go
panic: runtime error: slice bounds out of range [37:36]

goroutine 1 [running]:
github.com/qmuntal/gltf.(*Buffer).marshalData(0x1400012c1e0)
        /Users/housihan/go/pkg/mod/github.com/qmuntal/gltf@v0.24.0/gltf.go:136 +0xdc

[qmuntal]

Thanks for reporting and fixing this issue @pic4xiu.

The fix seems OK, I'm just missing a test case.

[pic4xiu]

Maybe no one would write like this, I discovered it by accidental testing. But it does cause the program to panic and cause trouble for users.

[qmuntal]

Maybe no one would write like this, I discovered it by accidental testing. But it does cause the program to panic and cause trouble for users.

I'm still missing a test case that covers the new code. Can you submit it @pic4xiu? Thanks!

[pic4xiu]

Hello, please take a look to see if this added test case meets the standard?

[qmuntal]

Hello, please take a look to see if this added test case meets the standard?

I does. Merging 😄