diff options
author | JunsuChoi <jsuya.choi@samsung.com> | 2022-01-11 00:41:34 +0000 |
---|---|---|
committer | Carsten Haitzler (Rasterman) <raster@rasterman.com> | 2022-01-11 00:41:41 +0000 |
commit | a32373195b4b0323fa252f393451f21114c7f92b (patch) | |
tree | 16d589a00b0ae9b1db91cd5c0a06892fa63d83fe | |
parent | ec80ef2ce463fb3b9a14b9d9ed29f640908076cb (diff) | |
download | efl-a32373195b4b0323fa252f393451f21114c7f92b.tar.gz |
evas_vg_load_svg: Prevent array overflow
Summary: sz must be less than 20 to append 'carriage return'
Test Plan:
Example SVG
```
<?xml version="1.0" encoding="UTF-8"?>
<svg><aaaaaaaaaaaaaaaaaaaa > </aaaaaaaaaaaaaaaaaaaa></svg>
```
@fix
Reviewers: Hermet, raster, kimcinoo
Reviewed By: raster
Subscribers: cedric, #committers, #reviewers
Tags: #efl
Differential Revision: https://phab.enlightenment.org/D12313
-rw-r--r-- | src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c index 1d93741ba3..465b499505 100644 --- a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c +++ b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c @@ -2279,7 +2279,7 @@ _evas_svg_loader_xml_open_parser(Evas_SVG_Loader *loader, attrs_length = length - sz; while ((sz > 0) && (isspace(content[sz - 1]))) sz--; - if ((unsigned int)sz > sizeof(tag_name)) return; + if ((unsigned int)sz >= sizeof(tag_name)) return; strncpy(tag_name, content, sz); tag_name[sz] = '\0'; } |