projects
/
platform
/
core
/
graphics
/
tizenvg.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
529b9d4
)
svg_loader SvgLoader: Prevent array overflow
author
JunsuChoi
<jsuya.choi@samsung.com>
Fri, 18 Dec 2020 02:05:22 +0000
(11:05 +0900)
committer
JunsuChoi
<jsuya.choi@samsung.com>
Tue, 22 Dec 2020 01:08:41 +0000
(10:08 +0900)
Since tagName array set '\0' at the end,
it may overflow when sz reaches 20.
So make it a maximum of 19.
Change-Id: I26e85aa8a3b7e2aad1ec849d14a8b4da6e1bcbf7
src/loaders/svg/tvgSvgLoader.cpp
patch
|
blob
|
history
diff --git
a/src/loaders/svg/tvgSvgLoader.cpp
b/src/loaders/svg/tvgSvgLoader.cpp
index
5d6e34a
..
009b25d
100644
(file)
--- a/
src/loaders/svg/tvgSvgLoader.cpp
+++ b/
src/loaders/svg/tvgSvgLoader.cpp
@@
-2075,7
+2075,7
@@
static void _svgLoaderParserXmlOpen(SvgLoaderData* loader, const char* content,
sz = attrs - content;
attrsLength = length - sz;
while ((sz > 0) && (isspace(content[sz - 1]))) sz--;
- if ((unsigned int)sz > sizeof(tagName)) return;
+ if ((unsigned int)sz >
=
sizeof(tagName)) return;
strncpy(tagName, content, sz);
tagName[sz] = '\0';
}