From f8b636d4d0eb3835dc31cd6dbd98541dfb05dc9a Mon Sep 17 00:00:00 2001
From: Michal Szczecinski <mihashco89@gmail.com>
Date: Fri, 4 Jun 2021 13:24:29 +0200
Subject: [PATCH] common gradient: Fix possible crash in color setter

Memcpy is not allowed on nullptr. If colorStops is invalid colors are
cleared.
---
 src/lib/tvgFill.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lib/tvgFill.cpp b/src/lib/tvgFill.cpp
index f986523b..b3fbc736 100644
--- a/src/lib/tvgFill.cpp
+++ b/src/lib/tvgFill.cpp
@@ -43,11 +43,13 @@ Fill::~Fill()
 
 Result Fill::colorStops(const ColorStop* colorStops, uint32_t cnt) noexcept
 {
+    if ((!colorStops && cnt > 0) || (colorStops && cnt == 0)) return Result::InvalidArguments;
+
     if (cnt == 0) {
         if (pImpl->colorStops) {
             free(pImpl->colorStops);
             pImpl->colorStops = nullptr;
-            pImpl->cnt = cnt;
+            pImpl->cnt = 0;
         }
         return Result::Success;
     }