From 2e8a0185b38187c68866f2bdde02cbb79020f26c Mon Sep 17 00:00:00 2001
From: Jeff Hutchinson <programmerjeff95@gmail.com>
Date: Fri, 18 Jun 2021 21:08:03 -0400
Subject: [PATCH] Fix buffer overflow issue in StringUnit::getWords.

getWords("a b c d", 2); // "c d"

that turns into this inside the engine:

getWords("a b c d", 2, 1000000);

that code after parsing d goes string++ which passes over the null character. This now enforces that check. Found this with the new script interpreter...how this wasn't blowing up before is beyond me.
---
 Engine/source/core/strings/stringUnit.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Engine/source/core/strings/stringUnit.cpp b/Engine/source/core/strings/stringUnit.cpp
index 0012d60e6..8ad78bc79 100644
--- a/Engine/source/core/strings/stringUnit.cpp
+++ b/Engine/source/core/strings/stringUnit.cpp
@@ -42,7 +42,7 @@ namespace StringUnit
          
       buffer[0] = 0;
       
-      U32 sz;
+      dsize_t sz;
       while(index--)
       {
          if(!*string)
@@ -71,7 +71,7 @@ namespace StringUnit
       if( startIndex > endIndex )
          return "";
 
-      S32 sz;
+      dsize_t sz;
       S32 index = startIndex;
       while(index--)
       {
@@ -89,7 +89,7 @@ namespace StringUnit
          sz = dStrcspn(string, set);
          string += sz;
 
-         if( i < endIndex )
+         if( i < endIndex && *string )
             string ++;
       }