raster pushed a commit to branch v-1.26.0. http://git.enlightenment.org/core/efl.git/commit/?id=1b64de1cca1ba268672ccb1bae0d882955a446f3
commit 1b64de1cca1ba268672ccb1bae0d882955a446f3 Author: JunsuChoi <[email protected]> Date: Tue Jan 11 00:41:34 2022 +0000 evas_vg_load_svg: Prevent array overflow Summary: sz must be less than 20 to append 'carriage return' Test Plan: Example SVG ``` <?xml version="1.0" encoding="UTF-8"?> <svg><aaaaaaaaaaaaaaaaaaaa > </aaaaaaaaaaaaaaaaaaaa></svg> ``` @fix Reviewers: Hermet, raster, kimcinoo Reviewed By: raster Subscribers: cedric, #committers, #reviewers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12313 --- src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c index 1d93741ba3..465b499505 100644 --- a/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c +++ b/src/modules/evas/vg_loaders/svg/evas_vg_load_svg.c @@ -2279,7 +2279,7 @@ _evas_svg_loader_xml_open_parser(Evas_SVG_Loader *loader, attrs_length = length - sz; while ((sz > 0) && (isspace(content[sz - 1]))) sz--; - if ((unsigned int)sz > sizeof(tag_name)) return; + if ((unsigned int)sz >= sizeof(tag_name)) return; strncpy(tag_name, content, sz); tag_name[sz] = '\0'; } --
