From c6cf9cb2cff0ead2139d15b2cc836c22171b3831 Mon Sep 17 00:00:00 2001
From: JunsuChoi <jsuya.choi@samsung.com>
Date: Fri, 16 Feb 2024 14:17:03 +0900
Subject: [PATCH] svg: Improve valid check for url(#id)

Improve parenthesis checking and space checking.
 - There must be only one pair of parentheses.
 - There cannot be spaces(and ') between id strings.

Issue: https://github.com/thorvg/thorvg/issues/1983

Co-authored-by: Hermet Park <hermet@lottiefiles.com>
---
 src/loaders/svg/tvgSvgLoader.cpp | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/loaders/svg/tvgSvgLoader.cpp b/src/loaders/svg/tvgSvgLoader.cpp
index cd428d76..7a4f5445 100644
--- a/src/loaders/svg/tvgSvgLoader.cpp
+++ b/src/loaders/svg/tvgSvgLoader.cpp
@@ -378,19 +378,25 @@ static void _parseDashArray(SvgLoaderData* loader, const char *str, SvgDash* das
 
 static char* _idFromUrl(const char* url)
 {
-    url = _skipSpace(url, nullptr);
-    if ((*url) == '(') {
-        ++url;
-        url = _skipSpace(url, nullptr);
+    auto open = strchr(url, '(');
+    auto close = strchr(url, ')');
+    if (!open || !close || open >= close) return nullptr;
+
+    open = strchr(url, '#');
+    if (!open || open >= close) return nullptr;
+
+    ++open;
+    --close;
+
+    //trim the rest of the spaces if any
+    while (open < close && *close == ' ') --close;
+
+    //quick verification
+    for (auto id = open; id < close; id++) {
+        if (*id == ' ' || *id == '\'') return nullptr;
     }
 
-    if ((*url) == '\'') ++url;
-    if ((*url) == '#') ++url;
-
-    int i = 0;
-    while (url[i] > ' ' && url[i] != ')' && url[i] != '\'') ++i;
-    
-    return strDuplicate(url, i);
+    return strDuplicate(open, (close - open + 1));
 }