From c342778f4252a69d32c50feba3a085a983f0ff70 Mon Sep 17 00:00:00 2001 From: Turo Lamminen Date: Mon, 2 Mar 2015 13:52:19 +0200 Subject: [PATCH] Fix read past end of buffer after call to TokenMatch IsSpaceOrNewLine returns true on end of input (NUL character). But if TokenMatch considers a token at end of input to match it sets "in" to one past end of buffer. This will lead to reading past the end of buffer on any subsequent operation. --- code/ParsingUtils.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/code/ParsingUtils.h b/code/ParsingUtils.h index 25495fd51..0d27e7fbf 100644 --- a/code/ParsingUtils.h +++ b/code/ParsingUtils.h @@ -201,7 +201,12 @@ template AI_FORCE_INLINE bool TokenMatch(char_t*& in, const char* token, unsigned int len) { if (!::strncmp(token,in,len) && IsSpaceOrNewLine(in[len])) { + if (in[len] != '\0') { in += len+1; + } else { + // If EOF after the token make sure we don't go past end of buffer + in += len; + } return true; }