diff options
author | JunsuChoi <jsuya.choi@samsung.com> | 2020-11-02 13:05:44 +0900 |
---|---|---|
committer | Hermet Park <chuneon.park@samsung.com> | 2020-11-02 13:05:45 +0900 |
commit | 888e1e74012a4d17bb56ef3d2be2dd6d635c449b (patch) | |
tree | ae34d907c2dedf944342a29ee3104625bbbeb9f1 | |
parent | 94c2d2295f5effea80a21031d84a5ef370a93ef3 (diff) | |
download | efl-888e1e74012a4d17bb56ef3d2be2dd6d635c449b.tar.gz |
vg_load_svg: Prevent memory overflow for tag_name
Summary:
When copying tag_name, if length of referenced string is longer
than general case, it is not used as tag_name.
Test Plan: N/A
Reviewers: Hermet, smohanty
Reviewed By: Hermet
Subscribers: kimcinoo, herb, cedric, #committers, #reviewers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12185
-rw-r--r-- | src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c index e68edbb0c9..e8c46ceb1f 100644 --- a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c +++ b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c @@ -2279,6 +2279,7 @@ _evas_svg_loader_xml_open_parser(Evas_SVG_Loader *loader, attrs_length = length - sz; while ((sz > 0) && (isspace(content[sz - 1]))) sz--; + if ((unsigned int)sz > sizeof(tag_name)) return; strncpy(tag_name, content, sz); tag_name[sz] = '\0'; } |