From dac455fd947fbd6afc684bd0c4213992a24f8617 Mon Sep 17 00:00:00 2001
From: Harald Oehlmann <harald.oehlmann@elmicron.de>
Date: Mon, 21 Sep 2020 13:53:54 +0200
Subject: [PATCH] Ticket #178: endless loop (DOS) when parsing crafted input
 via nsvgParseFromFile() Fix be fvogel

---
 src/nanosvg.h | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/nanosvg.h b/src/nanosvg.h
index e5f6900..82f46d3 100644
--- a/src/nanosvg.h
+++ b/src/nanosvg.h
@@ -1597,25 +1597,32 @@ static int nsvg__parseRotate(float* xform, const char* str)
 static void nsvg__parseTransform(float* xform, const char* str)
 {
 	float t[6];
+	int len;
 	nsvg__xformIdentity(xform);
 	while (*str)
 	{
 		if (strncmp(str, "matrix", 6) == 0)
-			str += nsvg__parseMatrix(t, str);
+			len = nsvg__parseMatrix(t, str);
 		else if (strncmp(str, "translate", 9) == 0)
-			str += nsvg__parseTranslate(t, str);
+			len = nsvg__parseTranslate(t, str);
 		else if (strncmp(str, "scale", 5) == 0)
-			str += nsvg__parseScale(t, str);
+			len = nsvg__parseScale(t, str);
 		else if (strncmp(str, "rotate", 6) == 0)
-			str += nsvg__parseRotate(t, str);
+			len = nsvg__parseRotate(t, str);
 		else if (strncmp(str, "skewX", 5) == 0)
-			str += nsvg__parseSkewX(t, str);
+			len = nsvg__parseSkewX(t, str);
 		else if (strncmp(str, "skewY", 5) == 0)
-			str += nsvg__parseSkewY(t, str);
+			len = nsvg__parseSkewY(t, str);
 		else{
 			++str;
 			continue;
 		}
+		if (len != 0) {
+			str += len;
+		} else {
+			++str;
+			continue;
+		}
 
 		nsvg__xformPremultiply(xform, t);
 	}