nanosvg: Sync with upstream ccdb199

Includes fixes for a memory corruption bug (CVE-2019-1000032)
and possible division by zero.
This commit is contained in:
Rémi Verschelde 2021-09-22 12:14:36 +02:00
parent 211cb401db
commit 05b28b66ea
No known key found for this signature in database
GPG key ID: C3336907360768E1
2 changed files with 19 additions and 27 deletions

View file

@ -494,7 +494,7 @@ Files extracted from the upstream source:
## nanosvg
- Upstream: https://github.com/memononen/nanosvg
- Version: git (3e403ec72a9145cbbcc6c63d94a4caf079aafec2, 2020)
- Version: git (ccdb1995134d340a93fb20e3a3d323ccb3838dd0, 2021)
- License: zlib
Files extracted from the upstream source:

View file

@ -1215,35 +1215,22 @@ static const char* nsvg__getNextPathItem(const char* s, char* it)
static unsigned int nsvg__parseColorHex(const char* str)
{
unsigned int c = 0, r = 0, g = 0, b = 0;
int n = 0;
str++; // skip #
// Calculate number of characters.
while(str[n] && !nsvg__isspace(str[n]))
n++;
if (n == 6) {
sscanf(str, "%x", &c);
} else if (n == 3) {
sscanf(str, "%x", &c);
c = (c&0xf) | ((c&0xf0) << 4) | ((c&0xf00) << 8);
c |= c<<4;
}
r = (c >> 16) & 0xff;
g = (c >> 8) & 0xff;
b = c & 0xff;
return NSVG_RGB(r,g,b);
unsigned int r=0, g=0, b=0;
if (sscanf(str, "#%2x%2x%2x", &r, &g, &b) == 3 ) // 2 digit hex
return NSVG_RGB(r, g, b);
if (sscanf(str, "#%1x%1x%1x", &r, &g, &b) == 3 ) // 1 digit hex, e.g. #abc -> 0xccbbaa
return NSVG_RGB(r*17, g*17, b*17); // same effect as (r<<4|r), (g<<4|g), ..
return NSVG_RGB(128, 128, 128);
}
static unsigned int nsvg__parseColorRGB(const char* str)
{
int r = -1, g = -1, b = -1;
char s1[32]="", s2[32]="";
sscanf(str + 4, "%d%[%%, \t]%d%[%%, \t]%d", &r, s1, &g, s2, &b);
if (strchr(s1, '%')) {
return NSVG_RGB((r*255)/100,(g*255)/100,(b*255)/100);
} else {
return NSVG_RGB(r,g,b);
}
unsigned int r=0, g=0, b=0;
if (sscanf(str, "rgb(%u, %u, %u)", &r, &g, &b) == 3) // decimal integers
return NSVG_RGB(r, g, b);
if (sscanf(str, "rgb(%u%%, %u%%, %u%%)", &r, &g, &b) == 3) // decimal integer percentage
return NSVG_RGB(r*255/100, g*255/100, b*255/100);
return NSVG_RGB(128, 128, 128);
}
typedef struct NSVGNamedColor {
@ -2187,7 +2174,12 @@ static void nsvg__pathArcTo(NSVGparser* p, float* cpx, float* cpy, float* args,
// The loop assumes an iteration per end point (including start and end), this +1.
ndivs = (int)(fabsf(da) / (NSVG_PI*0.5f) + 1.0f);
hda = (da / (float)ndivs) / 2.0f;
kappa = fabsf(4.0f / 3.0f * (1.0f - cosf(hda)) / sinf(hda));
// Fix for ticket #179: division by 0: avoid cotangens around 0 (infinite)
if ((hda < 1e-3f) && (hda > -1e-3f))
hda *= 0.5f;
else
hda = (1.0f - cosf(hda)) / sinf(hda);
kappa = fabsf(4.0f / 3.0f * hda);
if (da < 0.0f)
kappa = -kappa;