git_clone/thorvg
1
0
Fork 0
mirror of https://github.com/thorvg/thorvg.git synced 2025-06-10 06:34:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

svg_loader SvgLoader: Prevent memory overflow for tagName

Browse source 
When copying tagName, if length of referenced string is longer
than general case, it is not used as tagName.
This commit is contained in:
JunsuChoi 2020-10-23 11:55:07 +09:00 committed by Hermet Park
parent 0399d84478
commit 6cf2d89571
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/loaders/svg/tvgSvgLoader.cpp
View file

@ -2061,6 +2061,7 @@ static void _svgLoaderParserXmlOpen(SvgLoaderData* loader, const char* content,
sz = attrs - content;
attrsLength = length - sz;
while ((sz > 0) && (isspace(content[sz - 1]))) sz--;
if ((unsigned int)sz > sizeof(tagName)) return;
strncpy(tagName, content, sz);
tagName[sz] = '\0';
}
@ -2375,6 +2376,7 @@ static bool _svgLoaderParserForValidCheckXmlOpen(SvgLoaderData* loader, const ch
sz = attrs - content;
attrsLength = length - sz;
while ((sz > 0) && (isspace(content[sz - 1]))) sz--;
if ((unsigned int)sz > sizeof(tagName)) return false;
strncpy(tagName, content, sz);
tagName[sz] = '\0';
}