forked from enlightenment/efl
vg_load_svg: Prevent memory overflow for tag_name
Summary: When copying tag_name, if length of referenced string is longer than general case, it is not used as tag_name. Test Plan: N/A Reviewers: Hermet, smohanty Reviewed By: Hermet Subscribers: kimcinoo, herb, cedric, #committers, #reviewers Tags: #efl Differential Revision: https://phab.enlightenment.org/D12185
This commit is contained in:
parent
94c2d2295f
commit
888e1e7401
|
@ -2279,6 +2279,7 @@ _evas_svg_loader_xml_open_parser(Evas_SVG_Loader *loader,
|
||||||
attrs_length = length - sz;
|
attrs_length = length - sz;
|
||||||
while ((sz > 0) && (isspace(content[sz - 1])))
|
while ((sz > 0) && (isspace(content[sz - 1])))
|
||||||
sz--;
|
sz--;
|
||||||
|
if ((unsigned int)sz > sizeof(tag_name)) return;
|
||||||
strncpy(tag_name, content, sz);
|
strncpy(tag_name, content, sz);
|
||||||
tag_name[sz] = '\0';
|
tag_name[sz] = '\0';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue