git_clone/thorvg
1
0
Fork 0
mirror of https://github.com/thorvg/thorvg.git synced 2025-06-14 12:04:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

svg_loader: fix potential mem corruption in _idFromUrl function

Browse source 
This patch fixes some potential memory corruptions in _idFromUrl function
when name (url) is longer than 50 chars or is incorrectly terminated.
This commit is contained in:
Michal Maciola 2021-09-22 09:48:54 +02:00 committed by Hermet Park
parent e0aa007659
commit d7a3aa580a
1 changed files with 4 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/loaders/svg/tvgSvgLoader.cpp
View file

@ -272,24 +272,19 @@ _parseDashArray(SvgLoaderData* loader, const char *str, SvgDash* dash)
static string* _idFromUrl(const char* url) static string* _idFromUrl(const char* url)
{ {
char tmp[50];
int i = 0;
url = _skipSpace(url, nullptr); url = _skipSpace(url, nullptr);
if ((*url) == '(') { if ((*url) == '(') {
++url; ++url;
url = _skipSpace(url, nullptr); url = _skipSpace(url, nullptr);
} }
if ((*url) == '\'') ++url;
if ((*url) == '#') ++url; if ((*url) == '#') ++url;
while ((*url) != ')') { int i = 0;
tmp[i++] = *url; while (url[i] > ' ' && url[i] != ')' && url[i] != '\'') ++i;
++url;
}
tmp[i] = '\0';
return new string(tmp); return new string(url, i);
} }