From f3b2689aa6fdc8dd4ab01fdded7fd94a5e998a4c Mon Sep 17 00:00:00 2001 From: Marcin Zawiejski Date: Mon, 6 Aug 2018 23:51:07 +0200 Subject: fix out of buffer read when copying non-null terminated strings --- core/ustring.cpp | 9 +++------ core/ustring.h | 4 ++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/core/ustring.cpp b/core/ustring.cpp index 84613610a9..4af30a5d5c 100644 --- a/core/ustring.cpp +++ b/core/ustring.cpp @@ -148,7 +148,7 @@ void String::copy_from(const char *p_cstr) { } } -void String::copy_from(const CharType *p_cstr, int p_clip_to) { +void String::copy_from(const CharType *p_cstr, const int p_clip_to) { if (!p_cstr) { @@ -158,12 +158,9 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) { int len = 0; const CharType *ptr = p_cstr; - while (*(ptr++) != 0) + while ((p_clip_to < 0 || len < p_clip_to) && *(ptr++) != 0) len++; - if (p_clip_to >= 0 && len > p_clip_to) - len = p_clip_to; - if (len == 0) { resize(0); @@ -177,7 +174,7 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) { // p_char != NULL // p_length > 0 // p_length <= p_char strlen -void String::copy_from_unchecked(const CharType *p_char, int p_length) { +void String::copy_from_unchecked(const CharType *p_char, const int p_length) { resize(p_length + 1); set(p_length, 0); diff --git a/core/ustring.h b/core/ustring.h index 3b4405833c..01397f6912 100644 --- a/core/ustring.h +++ b/core/ustring.h @@ -84,9 +84,9 @@ class String { CowData _cowdata; void copy_from(const char *p_cstr); - void copy_from(const CharType *p_cstr, int p_clip_to = -1); + void copy_from(const CharType *p_cstr, const int p_clip_to = -1); void copy_from(const CharType &p_char); - void copy_from_unchecked(const CharType *p_char, int p_length); + void copy_from_unchecked(const CharType *p_char, const int p_length); bool _base_is_subsequence_of(const String &p_string, bool case_insensitive) const; public: -- cgit v1.2.3