static unsigned int nsvg__parseColorRGB(const char* str)
{
int r = -1, g = -1, b = -1;
- char s1[32]="", s2[32]="";
+ char s1[33]="", s2[33]="";
/**
* In the original file, the formatted data reading did not specify the string with width limitation.
* To prevent the possible overflow, we replace '%s' with '%32s' here.
static NSVGcoordinate nsvg__parseCoordinateRaw(const char* str)
{
NSVGcoordinate coord = {0, NSVG_UNITS_USER};
- char units[32]="";
+ char units[33]="";
/**
* In the original file, the formatted data reading did not specify the string with width limitation.
* To prevent the possible overflow, we replace '%s' with '%32s' here.
NSVGimage* nsvgParseFromFile(const char* filename, const char* units, float dpi)
{
FILE* fp = NULL;
- size_t size;
+ size_t size = 0;
+ long value = 0;
char* data = NULL;
NSVGimage* image = NULL;
fp = fopen(filename, "rb");
if (!fp) goto error;
fseek(fp, 0, SEEK_END);
- size = ftell(fp);
+ value = ftell(fp);
+ /**
+ * In the original file, unsigned long type 'size' gets a return value. But, the return value of 'ftell()' is
+ * signed long type. To prevent interpreting an unexpected large value, we put the comparitive condition here.
+ */
+ if( value < 0 ) goto error;
+ size = value;
fseek(fp, 0, SEEK_SET);
data = (char*)malloc(size+1);
if (data == NULL) goto error;
projects / platform / core / uifw / dali-toolkit.git / blobdiff