TorqueGameEngines/Torque3D
1
0
Fork 0
mirror of https://github.com/TorqueGameEngines/Torque3D.git synced 2026-02-13 19:53:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix buffer overflow issue in StringUnit::getWords.

Browse source 
getWords("a b c d", 2); // "c d"

that turns into this inside the engine:

getWords("a b c d", 2, 1000000);

that code after parsing d goes string++ which passes over the null character. This now enforces that check. Found this with the new script interpreter...how this wasn't blowing up before is beyond me.
This commit is contained in:
Jeff Hutchinson 2021-06-18 21:08:03 -04:00
parent 43c403a30e
commit 2e8a0185b3
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Engine/source/core/strings/stringUnit.cpp
View file

@ -42,7 +42,7 @@ namespace StringUnit
buffer[0] = 0;
U32 sz;
dsize_t sz;
while(index--)
{
if(!*string)
@ -71,7 +71,7 @@ namespace StringUnit
if( startIndex > endIndex )
return "";
S32 sz;
dsize_t sz;
S32 index = startIndex;
while(index--)
{
@ -89,7 +89,7 @@ namespace StringUnit
sz = dStrcspn(string, set);
string += sz;
if( i < endIndex )
if( i < endIndex && *string )
string ++;
}