TorqueGameEngines/Torque3D
1
0
Fork 0
mirror of https://github.com/TorqueGameEngines/Torque3D.git synced 2026-01-19 20:24:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix buffer overflow issue in StringUnit::getWords.

Browse source 
getWords("a b c d", 2); // "c d"

that turns into this inside the engine:

getWords("a b c d", 2, 1000000);

that code after parsing d goes string++ which passes over the null character. This now enforces that check. Found this with the new script interpreter...how this wasn't blowing up before is beyond me.
This commit is contained in:
Jeff Hutchinson 2021-06-18 21:08:03 -04:00
parent 43c403a30e
commit 2e8a0185b3
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Engine/source/core/strings/stringUnit.cpp
View file

@ -42,7 +42,7 @@ namespace StringUnit
buffer[0] = 0;
U32 sz;
dsize_t sz;
while(index--)
{
if(!*string)
@ -71,7 +71,7 @@ namespace StringUnit
if( startIndex > endIndex )
return "";
S32 sz;
dsize_t sz;
S32 index = startIndex;
while(index--)
{
@ -89,7 +89,7 @@ namespace StringUnit
sz = dStrcspn(string, set);
string += sz;
if( i < endIndex )
if( i < endIndex && *string )
string ++;
}