git_clone/thorvg
1
0
Fork 0
mirror of https://github.com/thorvg/thorvg.git synced 2025-06-08 13:43:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

lottie: Fix heap-buffer-overflow in gradient populate

Browse source
This commit is contained in:
Jinny You 2024-04-03 13:09:05 +09:00 committed by Hermet Park
parent 349fd266b9
commit f54f22ae78
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/loaders/lottie/tvgLottieModel.h
View file

@ -383,12 +383,16 @@ struct LottieGradient : LottieObject
uint32_t populate(ColorStop& color)
{
colorStops.populated = true;
if (!color.input) return 0;
if (!color.input || color.input->count % 4 != 0) {
TVGERR("LOTTIE", "The given colorstop value is not correct!");
return 0;
}
uint32_t alphaCnt = (color.input->count - (colorStops.count * 4)) / 2;
Array<Fill::ColorStop> output(colorStops.count + alphaCnt);
uint32_t cidx = 0; //color count
uint32_t clast = colorStops.count * 4;
if (clast > color.input->count) clast = color.input->count;
uint32_t aidx = clast; //alpha count
Fill::ColorStop cs;