From c687d7e7b0353556a1c9ac1d395394560373f94f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pa=CC=84vels=20Nadtoc=CC=8Cajevs?= <7645683+bruvzg@users.noreply.github.com> Date: Mon, 11 Aug 2025 21:11:07 +0300 Subject: [PATCH] [TVG] Use heap for XML parser allocs. --- thirdparty/README.md | 1 + .../thorvg/patches/0002-use-heap-alloc.patch | 44 +++++++++++++++++++ .../thorvg/src/loaders/svg/tvgXmlParser.cpp | 16 +++++-- 3 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 thirdparty/thorvg/patches/0002-use-heap-alloc.patch diff --git a/thirdparty/README.md b/thirdparty/README.md index bcccb28154d..a8d2b0c0b4b 100644 --- a/thirdparty/README.md +++ b/thirdparty/README.md @@ -1041,6 +1041,7 @@ Files extracted from upstream source: Patches: - `0001-revert-tvglines-bezier-precision.patch` (GH-96658) +- `0002-use-heap-alloc.patch` (GH-109530) ## tinyexr diff --git a/thirdparty/thorvg/patches/0002-use-heap-alloc.patch b/thirdparty/thorvg/patches/0002-use-heap-alloc.patch new file mode 100644 index 00000000000..8bacdf59024 --- /dev/null +++ b/thirdparty/thorvg/patches/0002-use-heap-alloc.patch @@ -0,0 +1,44 @@ +diff --git a/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp b/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp +index 81d5c098a2..4c0a0f53db 100644 +--- a/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp ++++ b/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp +@@ -475,11 +475,14 @@ bool simpleXmlParseW3CAttribute(const char* buf, unsigned bufLength, simpleXMLAt + if (!buf) return false; + + end = buf + bufLength; +- key = (char*)alloca(end - buf + 1); +- val = (char*)alloca(end - buf + 1); + + if (buf == end) return true; + ++ char* key_buf = (char*)malloc(end - buf + 1); ++ char* val_buf = (char*)malloc(end - buf + 1); ++ ++ key = key_buf; ++ val = val_buf; + do { + char* sep = (char*)strchr(buf, ':'); + next = (char*)strchr(buf, ';'); +@@ -487,7 +490,11 @@ bool simpleXmlParseW3CAttribute(const char* buf, unsigned bufLength, simpleXMLAt + if (auto src = strstr(buf, "src")) {//src tag from css font-face contains extra semicolon + if (src < sep) { + if (next + 1 < end) next = (char*)strchr(next + 1, ';'); +- else return true; ++ else { ++ free(key_buf); ++ free(val_buf); ++ return true; ++ } + } + } + +@@ -534,6 +541,9 @@ bool simpleXmlParseW3CAttribute(const char* buf, unsigned bufLength, simpleXMLAt + buf = next + 1; + } while (true); + ++ free(key_buf); ++ free(val_buf); ++ + return true; + } + diff --git a/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp b/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp index 81d5c098a24..4c0a0f53dba 100644 --- a/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp +++ b/thirdparty/thorvg/src/loaders/svg/tvgXmlParser.cpp @@ -475,11 +475,14 @@ bool simpleXmlParseW3CAttribute(const char* buf, unsigned bufLength, simpleXMLAt if (!buf) return false; end = buf + bufLength; - key = (char*)alloca(end - buf + 1); - val = (char*)alloca(end - buf + 1); if (buf == end) return true; + char* key_buf = (char*)malloc(end - buf + 1); + char* val_buf = (char*)malloc(end - buf + 1); + + key = key_buf; + val = val_buf; do { char* sep = (char*)strchr(buf, ':'); next = (char*)strchr(buf, ';'); @@ -487,7 +490,11 @@ bool simpleXmlParseW3CAttribute(const char* buf, unsigned bufLength, simpleXMLAt if (auto src = strstr(buf, "src")) {//src tag from css font-face contains extra semicolon if (src < sep) { if (next + 1 < end) next = (char*)strchr(next + 1, ';'); - else return true; + else { + free(key_buf); + free(val_buf); + return true; + } } } @@ -534,6 +541,9 @@ bool simpleXmlParseW3CAttribute(const char* buf, unsigned bufLength, simpleXMLAt buf = next + 1; } while (true); + free(key_buf); + free(val_buf); + return true; }