[rtextures] `LoadImageSvg()` causes heap buffer overflow when reading from file

spartan-engi commented 1 month ago

Issue description

compiling raylib with address sanitizer (-fsanitize=address) and calling LoadImageSvg() accuses a "heap-buffer-overflow" error

Environment

Platform: Desktop Operating System: Windows 10 OpenGL: Vendor: Intel Renderer: Intel(R) HD Graphics 3000 Version: 3.1.0 - Build 9.17.10.4459 GLSL: 1.40 - Intel Build 9.17.10.4459

Issue Screenshot

Code Example

when compiling with sanitizer, even the textures_svg_loading.c example gives out this error but this is smallest program that also triggers it is:

#include "raylib.h"
int main(void)
{
    Image test = LoadImageSvg("examples/textures/resources/test.svg", 2500, 2484);
    return 0;
}

[x] I tested it on latest raylib version from master branch
[x] I checked there is no similar issue already reported
[x] I checked the documentation on the wiki
[x] My code has no errors or misuse of raylib

spartan-engi commented 1 month ago

After a bit more investigation, nanosvg expects the input to nsvgParse() to be a NULL terminated string, and it seems that LoadFileData() doesn't insert a EOF character

Thus, the function simply reads past the given input buffer, onto some random heap memory and i guess most of the time that is '\0' ?

Honestly i have no idea how this function appears to work normally

Though, it might be the cause of some very infrequent crashes

CrackedPixel commented 1 month ago

@spartan-engi Are you still able to reproduce this with the latest master branch? (raylib recompiled with svg support)

raysan5 commented 1 month ago

There is a related open PR, it looks a bit cumbersome to me but I can't think of a better solution... I will continue the discussion there.

raysan5 / raylib