Merge pull request #20772 from dragmz/string_copy_oob_read_fix

Fix out of buffer read when copying from a non-null-terminated string
This commit is contained in:
Rémi Verschelde 2018-08-14 15:47:34 +02:00 committed by GitHub
commit 9a6e4d10b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 8 deletions

View file

@ -148,7 +148,7 @@ void String::copy_from(const char *p_cstr) {
} }
} }
void String::copy_from(const CharType *p_cstr, int p_clip_to) { void String::copy_from(const CharType *p_cstr, const int p_clip_to) {
if (!p_cstr) { if (!p_cstr) {
@ -158,12 +158,9 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) {
int len = 0; int len = 0;
const CharType *ptr = p_cstr; const CharType *ptr = p_cstr;
while (*(ptr++) != 0) while ((p_clip_to < 0 || len < p_clip_to) && *(ptr++) != 0)
len++; len++;
if (p_clip_to >= 0 && len > p_clip_to)
len = p_clip_to;
if (len == 0) { if (len == 0) {
resize(0); resize(0);
@ -177,7 +174,7 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) {
// p_char != NULL // p_char != NULL
// p_length > 0 // p_length > 0
// p_length <= p_char strlen // p_length <= p_char strlen
void String::copy_from_unchecked(const CharType *p_char, int p_length) { void String::copy_from_unchecked(const CharType *p_char, const int p_length) {
resize(p_length + 1); resize(p_length + 1);
set(p_length, 0); set(p_length, 0);

View file

@ -84,9 +84,9 @@ class String {
CowData<CharType> _cowdata; CowData<CharType> _cowdata;
void copy_from(const char *p_cstr); void copy_from(const char *p_cstr);
void copy_from(const CharType *p_cstr, int p_clip_to = -1); void copy_from(const CharType *p_cstr, const int p_clip_to = -1);
void copy_from(const CharType &p_char); void copy_from(const CharType &p_char);
void copy_from_unchecked(const CharType *p_char, int p_length); void copy_from_unchecked(const CharType *p_char, const int p_length);
bool _base_is_subsequence_of(const String &p_string, bool case_insensitive) const; bool _base_is_subsequence_of(const String &p_string, bool case_insensitive) const;
public: public: