From c005d340edd5271f61becc70ee838fea9011ac0a Mon Sep 17 00:00:00 2001
From: Heeyong Song <heeyong.song@samsung.com>
Date: Fri, 14 Apr 2017 10:55:13 +0900
Subject: [PATCH] [3.0] Fix SVACE issue - prevent buffer overflow

Change-Id: I925be58421ffa73a34580a1c09fc94a58fc3e668
---
 dali-toolkit/third-party/nanosvg/nanosvg.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dali-toolkit/third-party/nanosvg/nanosvg.cc b/dali-toolkit/third-party/nanosvg/nanosvg.cc
index 9643567..d3ffc40 100644
--- a/dali-toolkit/third-party/nanosvg/nanosvg.cc
+++ b/dali-toolkit/third-party/nanosvg/nanosvg.cc
@@ -1035,7 +1035,12 @@ static unsigned int nsvg__parseColorRGB(const char* str)
 {
     int r = -1, g = -1, b = -1;
     char s1[32]="", s2[32]="";
-    sscanf(str + 4, "%d%[%%, \t]%d%[%%, \t]%d", &r, s1, &g, s2, &b);
+
+    /**
+     * In the original file, the formatted data reading did not specify the string with width limitation.
+     * To prevent the possible overflow, we replace '%s' with '%32s' here.
+     */
+    sscanf(str + 4, "%d%32[%%, \t]%d%32[%%, \t]%d", &r, s1, &g, s2, &b);
     if (strchr(s1, '%')) {
         return NSVG_RGB((r*255)/100,(g*255)/100,(b*255)/100);
     } else {
-- 
2.7.4