From 00c9218b48bfb4b5d688b11ef286ef0af0099d0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pedro=20J=2E=20Est=C3=A9banez?= <pedrojrulez@gmail.com>
Date: Tue, 22 Aug 2017 19:39:10 +0200
Subject: [PATCH] Fix crashes in SVG loading

Adding null terminators.
---
 modules/svg/image_loader_svg.cpp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/svg/image_loader_svg.cpp b/modules/svg/image_loader_svg.cpp
index 46931fb0f6a..c74188d9ea0 100644
--- a/modules/svg/image_loader_svg.cpp
+++ b/modules/svg/image_loader_svg.cpp
@@ -82,9 +82,9 @@ Error ImageLoaderSVG::create_image_from_string(Ref<Image> p_image, const char *s
 
 	size_t str_len = strlen(svg_str);
 	PoolVector<uint8_t> src_data;
-	src_data.resize(str_len);
+	src_data.resize(str_len + 1);
 	PoolVector<uint8_t>::Write src_w = src_data.write();
-	memcpy(src_w.ptr(), svg_str, str_len);
+	memcpy(src_w.ptr(), svg_str, str_len + 1);
 
 	return _create_image(p_image, &src_data, p_scale, upsample);
 }
@@ -93,9 +93,10 @@ Error ImageLoaderSVG::load_image(Ref<Image> p_image, FileAccess *f, bool p_force
 
 	uint32_t size = f->get_len();
 	PoolVector<uint8_t> src_image;
-	src_image.resize(size);
+	src_image.resize(size + 1);
 	PoolVector<uint8_t>::Write src_w = src_image.write();
 	f->get_buffer(src_w.ptr(), size);
+	src_w.ptr()[size] = '\0';
 
 	return _create_image(p_image, &src_image, p_scale, 1.0);
 }