From: Seoyeon Kim <seoyeon2.kim@samsung.com>
Date: Thu, 28 Apr 2016 01:34:27 +0000 (+0900)
Subject: [3.0] Fix the buffer overflow issue in nanosvg
X-Git-Tag: accepted/tizen/common/20160428.144545^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F54%2F67654%2F1;p=platform%2Fcore%2Fuifw%2Fdali-toolkit.git

[3.0] Fix the buffer overflow issue in nanosvg

Change-Id: I89d0e386dd3caec1ded02325a3886cbec48c2a7b
Signed-off-by: Seoyeon Kim <seoyeon2.kim@samsung.com>
---

diff --git a/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc b/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc
index 820e619..e52cb15 100644
--- a/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc
+++ b/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc
@@ -1244,7 +1244,12 @@ static NSVGcoordinate nsvg__parseCoordinateRaw(const char* str)
 {
     NSVGcoordinate coord = {0, NSVG_UNITS_USER};
     char units[32]="";
-    sscanf(str, "%f%s", &coord.value, units);
+
+    /**
+     * In the original file, the formatted data reading did not specify the string with width limitation.
+     * To prevent the possible overflow, we replace '%s' with '%32s' here.
+     */
+    sscanf(str, "%f%32s", &coord.value, units);
     coord.units = nsvg__parseUnits(units);
     return coord;
 }