From db1107c41bf94ae2d3233e509453c6c8ba5c9290 Mon Sep 17 00:00:00 2001 From: JunsuChoi Date: Mon, 15 Apr 2024 10:43:28 +0900 Subject: [PATCH] loader/svg: Add null to the end of data Because memcpy() is not guaranteed to copy null at the end of the data array, it increase the size by 1 and add null This prevents invalid access of string functions in parser. --- src/loaders/svg/tvgSvgLoader.cpp | 7 ++++--- src/loaders/svg/tvgSvgLoader.h | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/loaders/svg/tvgSvgLoader.cpp b/src/loaders/svg/tvgSvgLoader.cpp index 9cfc595d..e1ad339c 100644 --- a/src/loaders/svg/tvgSvgLoader.cpp +++ b/src/loaders/svg/tvgSvgLoader.cpp @@ -3813,10 +3813,11 @@ bool SvgLoader::open(const char* data, uint32_t size, bool copy) clear(); if (copy) { - content = (char*)malloc(size); + content = (char*)malloc(size + 1); if (!content) return false; memcpy((char*)content, data, size); - } else content = data; + content[size] = '\0'; + } else content = (char*)data; this->size = size; this->copy = copy; @@ -3840,7 +3841,7 @@ bool SvgLoader::open(const string& path) if (filePath.empty()) return false; - content = filePath.c_str(); + content = (char*)filePath.c_str(); size = filePath.size(); return header(); diff --git a/src/loaders/svg/tvgSvgLoader.h b/src/loaders/svg/tvgSvgLoader.h index e0cba8b1..b0e49b13 100644 --- a/src/loaders/svg/tvgSvgLoader.h +++ b/src/loaders/svg/tvgSvgLoader.h @@ -31,7 +31,7 @@ class SvgLoader : public ImageLoader, public Task public: string filePath; string svgPath = ""; - const char* content = nullptr; + char* content = nullptr; uint32_t size = 0; SvgLoaderData loaderData;