From 2c4389b0152a5ca40e467420fd6dab18a0d84829 Mon Sep 17 00:00:00 2001 From: Seoyeon Kim Date: Thu, 28 Apr 2016 10:34:27 +0900 Subject: [PATCH] [3.0] Fix the buffer overflow issue in nanosvg Change-Id: I89d0e386dd3caec1ded02325a3886cbec48c2a7b Signed-off-by: Seoyeon Kim --- .../internal/controls/renderers/svg/nanosvg/nanosvg.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc b/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc index 820e61954b..e52cb157b3 100644 --- a/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc +++ b/dali-toolkit/internal/controls/renderers/svg/nanosvg/nanosvg.cc @@ -1244,7 +1244,12 @@ static NSVGcoordinate nsvg__parseCoordinateRaw(const char* str) { NSVGcoordinate coord = {0, NSVG_UNITS_USER}; char units[32]=""; - sscanf(str, "%f%s", &coord.value, units); + + /** + * In the original file, the formatted data reading did not specify the string with width limitation. + * To prevent the possible overflow, we replace '%s' with '%32s' here. + */ + sscanf(str, "%f%32s", &coord.value, units); coord.units = nsvg__parseUnits(units); return coord; } -- 2.34.1