svg_loader: prevent heap memory overflow.

author Hermet Park <chuneon.park@samsung.com>

Thu, 24 Jun 2021 07:45:58 +0000 (16:45 +0900)

committer JunsuChoi <jsuya.choi@samsung.com>

Fri, 25 Jun 2021 00:45:46 +0000 (09:45 +0900)
author Hermet Park <chuneon.park@samsung.com>
Thu, 24 Jun 2021 07:45:58 +0000 (16:45 +0900)
committer JunsuChoi <jsuya.choi@samsung.com>
Fri, 25 Jun 2021 00:45:46 +0000 (09:45 +0900)
diff --git a/src/loaders/svg/tvgSvgSceneBuilder.cpp b/src/loaders/svg/tvgSvgSceneBuilder.cpp

index 6c6b52fb743fd362e461c52afd689de995f21ec3..ec0d8a5c408fb6589631e371ce223b4b61e150d8 100644 (file)
--- a/src/loaders/svg/tvgSvgSceneBuilder.cpp
+++ b/src/loaders/svg/tvgSvgSceneBuilder.cpp
@@ -291,7 +291,7 @@ static bool _appendShape(SvgNode* node, Shape* shape, float vx, float vy, float
          case SvgNodeType::Polygon: {
              if (node->node.polygon.pointsCount < 2) break;
              shape->moveTo(node->node.polygon.points[0], node->node.polygon.points[1]);
-            for (int i = 2; i < node->node.polygon.pointsCount; i += 2) {
+            for (int i = 2; i < node->node.polygon.pointsCount - 1; i += 2) {
                  shape->lineTo(node->node.polygon.points[i], node->node.polygon.points[i + 1]);
              }
              shape->close();
@@ -300,7 +300,7 @@ static bool _appendShape(SvgNode* node, Shape* shape, float vx, float vy, float
          case SvgNodeType::Polyline: {
              if (node->node.polygon.pointsCount < 2) break;
              shape->moveTo(node->node.polygon.points[0], node->node.polygon.points[1]);
-            for (int i = 2; i < node->node.polygon.pointsCount; i += 2) {
+            for (int i = 2; i < node->node.polygon.pointsCount - 1; i += 2) {
                  shape->lineTo(node->node.polygon.points[i], node->node.polygon.points[i + 1]);
              }
              break;
author	Hermet Park <chuneon.park@samsung.com>
	Thu, 24 Jun 2021 07:45:58 +0000 (16:45 +0900)
committer	JunsuChoi <jsuya.choi@samsung.com>
	Fri, 25 Jun 2021 00:45:46 +0000 (09:45 +0900)