From c342778f4252a69d32c50feba3a085a983f0ff70 Mon Sep 17 00:00:00 2001 From: Turo Lamminen Date: Mon, 2 Mar 2015 13:52:19 +0200 Subject: [PATCH 1/2] Fix read past end of buffer after call to TokenMatch IsSpaceOrNewLine returns true on end of input (NUL character). But if TokenMatch considers a token at end of input to match it sets "in" to one past end of buffer. This will lead to reading past the end of buffer on any subsequent operation. --- code/ParsingUtils.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/code/ParsingUtils.h b/code/ParsingUtils.h index 25495fd51..0d27e7fbf 100644 --- a/code/ParsingUtils.h +++ b/code/ParsingUtils.h @@ -201,7 +201,12 @@ template AI_FORCE_INLINE bool TokenMatch(char_t*& in, const char* token, unsigned int len) { if (!::strncmp(token,in,len) && IsSpaceOrNewLine(in[len])) { + if (in[len] != '\0') { in += len+1; + } else { + // If EOF after the token make sure we don't go past end of buffer + in += len; + } return true; } From ba4689fd0509fc33667671a20a56dcd51c0f16cd Mon Sep 17 00:00:00 2001 From: Turo Lamminen Date: Mon, 9 Mar 2015 12:18:10 +0200 Subject: [PATCH 2/2] Whitespace --- code/ParsingUtils.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/ParsingUtils.h b/code/ParsingUtils.h index 0d27e7fbf..93a44d0a6 100644 --- a/code/ParsingUtils.h +++ b/code/ParsingUtils.h @@ -202,7 +202,7 @@ AI_FORCE_INLINE bool TokenMatch(char_t*& in, const char* token, unsigned int len { if (!::strncmp(token,in,len) && IsSpaceOrNewLine(in[len])) { if (in[len] != '\0') { - in += len+1; + in += len+1; } else { // If EOF after the token make sure we don't go past end of buffer in += len;