summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRĂ©mi Verschelde <rverschelde@gmail.com>2018-08-14 15:47:34 +0200
committerGitHub <noreply@github.com>2018-08-14 15:47:34 +0200
commit9a6e4d10b495211d68088806e45bdf1242244c7c (patch)
treeaf65a8405bd83ff3723a798b593d57a40c78ae33
parent8c38bab6d719bc2e49f4826330529278f18e7ae5 (diff)
parentf3b2689aa6fdc8dd4ab01fdded7fd94a5e998a4c (diff)
Merge pull request #20772 from dragmz/string_copy_oob_read_fix
Fix out of buffer read when copying from a non-null-terminated string
-rw-r--r--core/ustring.cpp9
-rw-r--r--core/ustring.h4
2 files changed, 5 insertions, 8 deletions
diff --git a/core/ustring.cpp b/core/ustring.cpp
index 96d142d85b..8717c14a6b 100644
--- a/core/ustring.cpp
+++ b/core/ustring.cpp
@@ -148,7 +148,7 @@ void String::copy_from(const char *p_cstr) {
}
}
-void String::copy_from(const CharType *p_cstr, int p_clip_to) {
+void String::copy_from(const CharType *p_cstr, const int p_clip_to) {
if (!p_cstr) {
@@ -158,12 +158,9 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) {
int len = 0;
const CharType *ptr = p_cstr;
- while (*(ptr++) != 0)
+ while ((p_clip_to < 0 || len < p_clip_to) && *(ptr++) != 0)
len++;
- if (p_clip_to >= 0 && len > p_clip_to)
- len = p_clip_to;
-
if (len == 0) {
resize(0);
@@ -177,7 +174,7 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) {
// p_char != NULL
// p_length > 0
// p_length <= p_char strlen
-void String::copy_from_unchecked(const CharType *p_char, int p_length) {
+void String::copy_from_unchecked(const CharType *p_char, const int p_length) {
resize(p_length + 1);
set(p_length, 0);
diff --git a/core/ustring.h b/core/ustring.h
index 3b4405833c..01397f6912 100644
--- a/core/ustring.h
+++ b/core/ustring.h
@@ -84,9 +84,9 @@ class String {
CowData<CharType> _cowdata;
void copy_from(const char *p_cstr);
- void copy_from(const CharType *p_cstr, int p_clip_to = -1);
+ void copy_from(const CharType *p_cstr, const int p_clip_to = -1);
void copy_from(const CharType &p_char);
- void copy_from_unchecked(const CharType *p_char, int p_length);
+ void copy_from_unchecked(const CharType *p_char, const int p_length);
bool _base_is_subsequence_of(const String &p_string, bool case_insensitive) const;
public: