From 294dd3d363d8dd93823131b2eec7b9dc96127598 Mon Sep 17 00:00:00 2001
From: Wojtek Figat <wojtek@figat.pl>
Date: Fri, 30 May 2025 00:42:55 +0200
Subject: [PATCH] Fix json guid parsing to check for correct hex characters

#3476
---
 Source/Engine/Serialization/JsonTools.cpp | 17 +++++++++--------
 Source/Engine/Serialization/JsonTools.h   |  8 ++++----
 2 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/Source/Engine/Serialization/JsonTools.cpp b/Source/Engine/Serialization/JsonTools.cpp
index 25ce8ff5b..e60a424b8 100644
--- a/Source/Engine/Serialization/JsonTools.cpp
+++ b/Source/Engine/Serialization/JsonTools.cpp
@@ -28,13 +28,13 @@ void ChangeIds(rapidjson_flax::Value& obj, rapidjson_flax::Document& document, c
     else if (obj.IsString() && obj.GetStringLength() == 32)
     {
         auto value = JsonTools::GetGuid(obj);
-        if (mapping.TryGet(value, value))
+        if (value.IsValid() && mapping.TryGet(value, value))
         {
             // Unoptimized version:
             //obj.SetString(value.ToString(Guid::FormatType::N).ToSTD().c_str(), 32, document.GetAllocator());
 
             // Optimized version:
-            char buffer[32] =
+            static char buffer[32] =
             {
             // @formatter:off
                 '0','0','0','0','0','0','0','0','0','0',
@@ -255,9 +255,8 @@ BoundingBox JsonTools::GetBoundingBox(const Value& value)
 
 Guid JsonTools::GetGuid(const Value& value)
 {
-    if (!value.IsString())
+    if (!value.IsString() || value.GetStringLength() != 32)
         return Guid::Empty;
-    CHECK_RETURN(value.GetStringLength() == 32, Guid::Empty);
 
     // Split
     const char* a = value.GetString();
@@ -267,10 +266,12 @@ Guid JsonTools::GetGuid(const Value& value)
 
     // Parse
     Guid result;
-    StringUtils::ParseHex(a, 8, &result.A);
-    StringUtils::ParseHex(b, 8, &result.B);
-    StringUtils::ParseHex(c, 8, &result.C);
-    StringUtils::ParseHex(d, 8, &result.D);
+    bool failed = StringUtils::ParseHex(a, 8, &result.A);
+    failed |= StringUtils::ParseHex(b, 8, &result.B);
+    failed |= StringUtils::ParseHex(c, 8, &result.C);
+    failed |= StringUtils::ParseHex(d, 8, &result.D);
+    if (failed)
+        return Guid::Empty;
     return result;
 }
 
diff --git a/Source/Engine/Serialization/JsonTools.h b/Source/Engine/Serialization/JsonTools.h
index 0e1e3850f..0e807c784 100644
--- a/Source/Engine/Serialization/JsonTools.h
+++ b/Source/Engine/Serialization/JsonTools.h
@@ -214,7 +214,7 @@ public:
         const auto member = node.FindMember(name);
         if (member != node.MemberEnd() && member->value.IsInt())
         {
-            result = member->value.GetInt();
+            result = (byte)member->value.GetInt();
         }
     }
 
@@ -232,7 +232,7 @@ public:
         const auto member = node.FindMember(name);
         if (member != node.MemberEnd() && member->value.IsInt())
         {
-            result = member->value.GetInt();
+            result = (uint32)member->value.GetInt();
         }
     }
 
@@ -241,7 +241,7 @@ public:
         const auto member = node.FindMember(name);
         if (member != node.MemberEnd() && member->value.IsInt())
         {
-            result = member->value.GetInt();
+            result = (int16)member->value.GetInt();
         }
     }
 
@@ -250,7 +250,7 @@ public:
         const auto member = node.FindMember(name);
         if (member != node.MemberEnd() && member->value.IsInt())
         {
-            result = member->value.GetInt();
+            result = (uint16)member->value.GetInt();
         }
     }