tvg_saver TvgBinInterpreter: prevent misaligned memory access

author JunsuChoi <jsuya.choi@samsung.com>

Mon, 22 Nov 2021 07:09:54 +0000 (16:09 +0900)

committer JunsuChoi <jsuya.choi@samsung.com>

Thu, 25 Nov 2021 00:34:37 +0000 (09:34 +0900)
author JunsuChoi <jsuya.choi@samsung.com>
Mon, 22 Nov 2021 07:09:54 +0000 (16:09 +0900)
committer JunsuChoi <jsuya.choi@samsung.com>
Thu, 25 Nov 2021 00:34:37 +0000 (09:34 +0900)
diff --git a/src/loaders/tvg/tvgTvgBinInterpreter.cpp b/src/loaders/tvg/tvgTvgBinInterpreter.cpp

index 383ae89b6545506c712878d69eb8272f2535ad10..b0364b105560007fd55c8f1e162f743e636d842f 100644 (file)
--- a/src/loaders/tvg/tvgTvgBinInterpreter.cpp
+++ b/src/loaders/tvg/tvgTvgBinInterpreter.cpp
@@ -248,12 +248,20 @@ static bool _parseShapeStrokeDashPattern(const char *ptr, const char *end, Shape
      uint32_t dashPatternCnt;
      READ_UI32(&dashPatternCnt, ptr);
      ptr += SIZE(uint32_t);
-    const float* dashPattern = (float*) ptr;
-    ptr += SIZE(float) * dashPatternCnt;
-
-    if (ptr > end) return false;
+    if (dashPatternCnt > 0) {
+        float* dashPattern = static_cast<float*>(malloc(sizeof(float) * dashPatternCnt));
+        if (!dashPattern) return false;
+        memcpy(dashPattern, ptr, sizeof(float) * dashPatternCnt);
+        ptr += SIZE(float) * dashPatternCnt;
+
+        if (ptr > end) {
+            free(dashPattern);
+            return false;
+        }
  
-    shape->stroke(dashPattern, dashPatternCnt);
+        shape->stroke(dashPattern, dashPatternCnt);
+        free(dashPattern);
+    }
      return true;
  }
author	JunsuChoi <jsuya.choi@samsung.com>
	Mon, 22 Nov 2021 07:09:54 +0000 (16:09 +0900)
committer	JunsuChoi <jsuya.choi@samsung.com>
	Thu, 25 Nov 2021 00:34:37 +0000 (09:34 +0900)