From: John Preston <johnprestonmail@gmail.com>
Date: Sun, 1 Sep 2019 09:03:18 +0000 (+0300)
Subject: Fix possible out of bounds reading.
X-Git-Tag: submit/tizen/20190923.005744~5
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8b18cc58c8a9f37fb44bdacbee97c4ea78872bfd;p=platform%2Fcore%2Fuifw%2Flottie-player.git

Fix possible out of bounds reading.

Asserts could be disabled in the Release build.
---

diff --git a/src/lottie/lottieparser.cpp b/src/lottie/lottieparser.cpp
index 85696b7..622cf2b 100644
--- a/src/lottie/lottieparser.cpp
+++ b/src/lottie/lottieparser.cpp
@@ -771,10 +771,7 @@ LottieColor LottieParserImpl::toColor(const char *str)
 
     // some resource has empty color string
     // return a default color for those cases.
-    if (!len) return color;
-
-    RAPIDJSON_ASSERT(len == 7);
-    RAPIDJSON_ASSERT(str[0] == '#');
+    if (len != 7 || str[0] != '#') return color;
 
     char tmp[3] = {'\0', '\0', '\0'};
     tmp[0] = str[1];