From e3ea4c549cfc09bb8079be608677d94b01e991a6 Mon Sep 17 00:00:00 2001
From: Tony <1414927+zfbTony@users.noreply.github.com>
Date: Thu, 21 Jan 2021 18:38:00 -0500
Subject: [PATCH] Added fix for #365 from PR #367 - buffer overrun

---
 Engine/source/ts/tsShapeOldRead.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Engine/source/ts/tsShapeOldRead.cpp b/Engine/source/ts/tsShapeOldRead.cpp
index 9b06aff75..909ee2add 100644
--- a/Engine/source/ts/tsShapeOldRead.cpp
+++ b/Engine/source/ts/tsShapeOldRead.cpp
@@ -856,12 +856,12 @@ void TSShape::writeName(Stream * s, S32 nameIndex)
 S32 TSShape::readName(Stream * s, bool addName)
 {
    static char buffer[256];
-   S32 sz;
+   U32 sz;
    S32 nameIndex = -1;
    s->read(&sz);
-   if (sz)
+   if (sz>0 && sz<255)
    {
-      s->read(sz*sizeof(char),buffer);
+      s->read(sz,buffer);
       buffer[sz] = '\0';
       nameIndex = findName(buffer);
 
@@ -881,6 +881,11 @@ S32 TSShape::readName(Stream * s, bool addName)
          names.last() = buffer;
       }
    }
+   else
+   {
+      Con::errorf("invalid TSShape::readName length!");
+   }
+   
 
    return nameIndex;
 }