From 3a89e71ce83f5cbd26454cac520feb94d714c40d Mon Sep 17 00:00:00 2001
From: Heeyong Song <heeyong.song@samsung.com>
Date: Wed, 26 Apr 2017 16:51:10 +0900
Subject: [PATCH] [3.0] Fix SVACE issue - prevent buffer overflow

Change-Id: Id9e8c7958801aa5f74c6632297435b6eee8f4a94
---
 dali-toolkit/third-party/nanosvg/nanosvg.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dali-toolkit/third-party/nanosvg/nanosvg.cc b/dali-toolkit/third-party/nanosvg/nanosvg.cc
index d3ffc40..5ddad99 100644
--- a/dali-toolkit/third-party/nanosvg/nanosvg.cc
+++ b/dali-toolkit/third-party/nanosvg/nanosvg.cc
@@ -1038,9 +1038,9 @@ static unsigned int nsvg__parseColorRGB(const char* str)
 
     /**
      * In the original file, the formatted data reading did not specify the string with width limitation.
-     * To prevent the possible overflow, we replace '%s' with '%32s' here.
+     * To prevent the possible overflow, we replace '%s' with '%31s' here.
      */
-    sscanf(str + 4, "%d%32[%%, \t]%d%32[%%, \t]%d", &r, s1, &g, s2, &b);
+    sscanf(str + 4, "%d%31[%%, \t]%d%31[%%, \t]%d", &r, s1, &g, s2, &b);
     if (strchr(s1, '%')) {
         return NSVG_RGB((r*255)/100,(g*255)/100,(b*255)/100);
     } else {
@@ -1269,9 +1269,9 @@ static NSVGcoordinate nsvg__parseCoordinateRaw(const char* str)
 
     /**
      * In the original file, the formatted data reading did not specify the string with width limitation.
-     * To prevent the possible overflow, we replace '%s' with '%32s' here.
+     * To prevent the possible overflow, we replace '%s' with '%31s' here.
      */
-    sscanf(str, "%f%32s", &coord.value, units);
+    sscanf(str, "%f%31s", &coord.value, units);
     coord.units = nsvg__parseUnits(units);
     return coord;
 }
-- 
2.7.4