git_clone/thorvg
1
0
Fork 0
mirror of https://github.com/thorvg/thorvg.git synced 2025-06-14 12:04:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

tvg_saver TvgBinInterpreter: prevent misaligned memory access

Browse source 
When parsing a binary stored as a char type,
interpreter can access the misaligned memory while accessing it with a pointer.
To prevent that, pass the array copied to memcpy as tvg Object.
This commit is contained in:
JunsuChoi 2021-11-22 16:09:54 +09:00 committed by Hermet Park
parent 80cc0177fb
commit baab43aff2
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/loaders/tvg/tvgTvgBinInterpreter.cpp
View file

@ -248,12 +248,20 @@ static bool _parseShapeStrokeDashPattern(const char *ptr, const char *end, Shape
uint32_t dashPatternCnt;
READ_UI32(&dashPatternCnt, ptr);
ptr += SIZE(uint32_t);
const float* dashPattern = (float*) ptr;
if (dashPatternCnt > 0) {
float* dashPattern = static_cast<float*>(malloc(sizeof(float) * dashPatternCnt));
if (!dashPattern) return false;
memcpy(dashPattern, ptr, sizeof(float) * dashPatternCnt);
ptr += SIZE(float) * dashPatternCnt;
if (ptr > end) return false;
if (ptr > end) {
free(dashPattern);
return false;
}
shape->stroke(dashPattern, dashPatternCnt);
free(dashPattern);
}
return true;
}