Merge pull request #454 from zfbx/Fix365

Added fix for #365 from PR #367 - buffer overrun bug
2026-01-19 20:24:49 +00:00 · 2021-01-21 18:04:14 -06:00 · 2021-01-21 18:04:14 -06:00 · 37a319bf35
parent be3b5ec3aa e3ea4c549c
commit 37a319bf35
1 changed files with 8 additions and 3 deletions
--- a/Engine/source/ts/tsShapeOldRead.cpp
+++ b/Engine/source/ts/tsShapeOldRead.cpp
@ -856,12 +856,12 @@ void TSShape::writeName(Stream * s, S32 nameIndex)
 S32 TSShape::readName(Stream * s, bool addName)
 {
   static char buffer[256];
-   S32 sz;
+   U32 sz;
   S32 nameIndex = -1;
   s->read(&sz);
-   if (sz)
+   if (sz>0 && sz<255)
   {
-      s->read(sz*sizeof(char),buffer);
+      s->read(sz,buffer);
      buffer[sz] = '\0';
      nameIndex = findName(buffer);

@ -881,6 +881,11 @@ S32 TSShape::readName(Stream * s, bool addName)
         names.last() = buffer;
      }
   }
+   else
+   {
+      Con::errorf("invalid TSShape::readName length!");
+   }
+   

   return nameIndex;
 }