From f13e1947ff2ede1f4acfc6a149d1dd1d745b577b Mon Sep 17 00:00:00 2001
From: JunsuChoi <jsuya.choi@samsung.com>
Date: Fri, 18 Dec 2020 11:05:22 +0900
Subject: [PATCH] svg_loader SvgLoader: Prevent array overflow

Since tagName array set '\0' at the end,
it may overflow when sz reaches 20.
So make it a maximum of 19.
---
 src/loaders/svg/tvgSvgLoader.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/loaders/svg/tvgSvgLoader.cpp b/src/loaders/svg/tvgSvgLoader.cpp
index 5d6e34a6..009b25d0 100644
--- a/src/loaders/svg/tvgSvgLoader.cpp
+++ b/src/loaders/svg/tvgSvgLoader.cpp
@@ -2075,7 +2075,7 @@ static void _svgLoaderParserXmlOpen(SvgLoaderData* loader, const char* content,
         sz = attrs - content;
         attrsLength = length - sz;
         while ((sz > 0) && (isspace(content[sz - 1]))) sz--;
-        if ((unsigned int)sz > sizeof(tagName)) return;
+        if ((unsigned int)sz >= sizeof(tagName)) return;
         strncpy(tagName, content, sz);
         tagName[sz] = '\0';
     }