vg_load_svg: Prevent memory overflow for tag_name

Summary: When copying tag_name, if length of referenced string is longer than general case, it is not used as tag_name. Test Plan: N/A Reviewers: Hermet, smohanty Reviewed By: Hermet Subscribers: kimcinoo, herb, cedric, #committers, #reviewers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12185
author: JunsuChoi <jsuya.choi@samsung.com> 2020-11-02 13:05:44 +0900
committer: Hermet Park <chuneon.park@samsung.com> 2020-11-02 13:05:45 +0900
commit: 888e1e74012a4d17bb56ef3d2be2dd6d635c449b (patch)
tree: ae34d907c2dedf944342a29ee3104625bbbeb9f1
parent: 94c2d2295f5effea80a21031d84a5ef370a93ef3 (diff)
download: efl-888e1e74012a4d17bb56ef3d2be2dd6d635c449b.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c
index e68edbb0c9..e8c46ceb1f 100644
--- a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c
+++ b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c
@@ -2279,6 +2279,7 @@ _evas_svg_loader_xml_open_parser(Evas_SVG_Loader *loader,
         attrs_length = length - sz;
         while ((sz > 0) && (isspace(content[sz - 1])))
           sz--;
+        if ((unsigned int)sz > sizeof(tag_name)) return;
         strncpy(tag_name, content, sz);
         tag_name[sz] = '\0';
      }
author	JunsuChoi <jsuya.choi@samsung.com>	2020-11-02 13:05:44 +0900
committer	Hermet Park <chuneon.park@samsung.com>	2020-11-02 13:05:45 +0900
commit	888e1e74012a4d17bb56ef3d2be2dd6d635c449b (patch)
tree	ae34d907c2dedf944342a29ee3104625bbbeb9f1
parent	94c2d2295f5effea80a21031d84a5ef370a93ef3 (diff)
download	efl-888e1e74012a4d17bb56ef3d2be2dd6d635c449b.tar.gz