Fix decimal values in color fields (nsvg__parseColorRGB)
Closes #136, fixes [CVE-2019-1000032](https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/).
This commit is contained in:
parent
3cdd4a9d78
commit
419782d3d1
@ -1215,35 +1215,22 @@ static const char* nsvg__getNextPathItem(const char* s, char* it)
|
|||||||
|
|
||||||
static unsigned int nsvg__parseColorHex(const char* str)
|
static unsigned int nsvg__parseColorHex(const char* str)
|
||||||
{
|
{
|
||||||
unsigned int c = 0, r = 0, g = 0, b = 0;
|
unsigned int r=0, g=0, b=0;
|
||||||
int n = 0;
|
if (sscanf(str, "#%2x%2x%2x", &r, &g, &b) == 3 ) // 2 digit hex
|
||||||
str++; // skip #
|
|
||||||
// Calculate number of characters.
|
|
||||||
while(str[n] && !nsvg__isspace(str[n]))
|
|
||||||
n++;
|
|
||||||
if (n == 6) {
|
|
||||||
sscanf(str, "%x", &c);
|
|
||||||
} else if (n == 3) {
|
|
||||||
sscanf(str, "%x", &c);
|
|
||||||
c = (c&0xf) | ((c&0xf0) << 4) | ((c&0xf00) << 8);
|
|
||||||
c |= c<<4;
|
|
||||||
}
|
|
||||||
r = (c >> 16) & 0xff;
|
|
||||||
g = (c >> 8) & 0xff;
|
|
||||||
b = c & 0xff;
|
|
||||||
return NSVG_RGB(r, g, b);
|
return NSVG_RGB(r, g, b);
|
||||||
|
if (sscanf(str, "#%1x%1x%1x", &r, &g, &b) == 3 ) // 1 digit hex, e.g. #abc -> 0xccbbaa
|
||||||
|
return NSVG_RGB(r*17, g*17, b*17); // same effect as (r<<4|r), (g<<4|g), ..
|
||||||
|
return NSVG_RGB(128, 128, 128);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int nsvg__parseColorRGB(const char* str)
|
static unsigned int nsvg__parseColorRGB(const char* str)
|
||||||
{
|
{
|
||||||
int r = -1, g = -1, b = -1;
|
unsigned int r=0, g=0, b=0;
|
||||||
char s1[32]="", s2[32]="";
|
if (sscanf(str, "rgb(%u, %u, %u)", &r, &g, &b) == 3) // decimal integers
|
||||||
sscanf(str + 4, "%d%[%%, \t]%d%[%%, \t]%d", &r, s1, &g, s2, &b);
|
|
||||||
if (strchr(s1, '%')) {
|
|
||||||
return NSVG_RGB((r*255)/100,(g*255)/100,(b*255)/100);
|
|
||||||
} else {
|
|
||||||
return NSVG_RGB(r, g, b);
|
return NSVG_RGB(r, g, b);
|
||||||
}
|
if (sscanf(str, "rgb(%u%%, %u%%, %u%%)", &r, &g, &b) == 3) // decimal integer percentage
|
||||||
|
return NSVG_RGB(r*255/100, g*255/100, b*255/100);
|
||||||
|
return NSVG_RGB(128, 128, 128);
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef struct NSVGNamedColor {
|
typedef struct NSVGNamedColor {
|
||||||
|
Loading…
Reference in New Issue
Block a user