int end = 0;
char quote;
+ /**
+ * In the original file, 's' is not compared to NULL value before it is dereferenced.
+ */
+ if (!s)
+ {
+ return;
+ }
+
// Skip white space after the '<'
while (*s && nsvg__isspace(*s)) s++;
return;
shape = (NSVGshape*)malloc(sizeof(NSVGshape));
- if (shape == NULL) goto error;
+
+ /**
+ * In the original file, if shape is NULL it goto error below 'return' and free shape memory.
+ * But, the error is only visited when shape is NULL, so there is not needed to free it.
+ */
+ if (shape == NULL) return;
memset(shape, 0, sizeof(NSVGshape));
memcpy(shape->id, attr->id, sizeof shape->id);
p->shapesTail = shape;
return;
-
-error:
- if (shape) free(shape);
}
static void nsvg__addPath(NSVGparser* p, char closed)
static unsigned int nsvg__parseColorRGB(const char* str)
{
int r = -1, g = -1, b = -1;
- char s1[32]="", s2[32]="";
+ char s1[33]="", s2[33]="";
/**
* In the original file, the formatted data reading did not specify the string with width limitation.
* To prevent the possible overflow, we replace '%s' with '%32s' here.
static float nsvg__parseOpacity(const char* str)
{
- float val = 0;
- sscanf(str, "%f", &val);
+ float val = nsvg__atof(str);
if (val < 0.0f) val = 0.0f;
if (val > 1.0f) val = 1.0f;
return val;
static float nsvg__parseMiterLimit(const char* str)
{
- float val = 0;
- sscanf(str, "%f", &val);
+ float val = nsvg__atof(str);
if (val < 0.0f) val = 0.0f;
return val;
}
static NSVGcoordinate nsvg__parseCoordinateRaw(const char* str)
{
NSVGcoordinate coord = {0, NSVG_UNITS_USER};
- char units[32]="";
- /**
- * In the original file, the formatted data reading did not specify the string with width limitation.
- * To prevent the possible overflow, we replace '%s' with '%32s' here.
- */
- sscanf(str, "%f%32s", &coord.value, units);
- coord.units = nsvg__parseUnits(units);
+ char buf[64];
+ coord.units = nsvg__parseUnits(nsvg__parseNumber(str, buf, 64));
+ coord.value = nsvg__atof(buf);
return coord;
}
} else if (strcmp(attr[i], "height") == 0) {
p->image->height = nsvg__parseCoordinate(p, attr[i + 1], 0.0f, 1.0f);
} else if (strcmp(attr[i], "viewBox") == 0) {
- sscanf(attr[i + 1], "%f%*[%%, \t]%f%*[%%, \t]%f%*[%%, \t]%f", &p->viewMinx, &p->viewMiny, &p->viewWidth, &p->viewHeight);
+ const char *s = attr[i + 1];
+ char buf[64];
+ s = nsvg__parseNumber(s, buf, 64);
+ p->viewMinx = nsvg__atof(buf);
+ while (*s && (nsvg__isspace(*s) || *s == '%' || *s == ',')) s++;
+ if (!*s) return;
+ s = nsvg__parseNumber(s, buf, 64);
+ p->viewMiny = nsvg__atof(buf);
+ while (*s && (nsvg__isspace(*s) || *s == '%' || *s == ',')) s++;
+ if (!*s) return;
+ s = nsvg__parseNumber(s, buf, 64);
+ p->viewWidth = nsvg__atof(buf);
+ while (*s && (nsvg__isspace(*s) || *s == '%' || *s == ',')) s++;
+ if (!*s) return;
+ s = nsvg__parseNumber(s, buf, 64);
+ p->viewHeight = nsvg__atof(buf);
} else if (strcmp(attr[i], "preserveAspectRatio") == 0) {
if (strstr(attr[i + 1], "none") != 0) {
// No uniform scaling
error:
if (fp) fclose(fp);
if (data) free(data);
- if (image) nsvgDelete(image);
+ /**
+ * In the original file, image has null check and free it here. But because image has data after all of the 'goto error',
+ * 'free(image)' was unreachable. So, we removed it.
+ */
return NULL;
}