From d4f7b19cf12710452ff6b70071de0990ad4ac8f7 Mon Sep 17 00:00:00 2001
From: bptato <nincsnevem662@gmail.com>
Date: Thu, 19 Dec 2024 19:21:01 +0100
Subject: Fix OOB read in nsvg__parseColorRGB()

nsvg__isspace uses strchr on a NUL terminated string, so it returns
true for the NUL terminator.  Other uses of nsvg__isspace account for
this by checking for NUL first; I've followed the same pattern here.

Fixes: https://github.com/memononen/nanosvg/issues/241
See: https://github.com/memononen/nanosvg/pull/262
---
 src/nanosvg.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/nanosvg.h b/src/nanosvg.h
index 77617f65..db5382a1 100644
--- a/src/nanosvg.h
+++ b/src/nanosvg.h
@@ -1281,7 +1281,7 @@ static unsigned int nsvg__parseColorRGB(const char* str)
 				while (*str && nsvg__isdigit(*str)) str++;	// skip fractional part
 			}
 			if (*str == '%') str++; else break;
-			while (nsvg__isspace(*str)) str++;
+			while (*str && nsvg__isspace(*str)) str++;
 			if (*str == delimiter[i]) str++;
 			else break;
 		}
-- 
cgit v1.2.3