Merge pull request #20772 from dragmz/string_copy_oob_read_fix

Fix out of buffer read when copying from a non-null-terminated string

core/ustring.cpp

@@ -148,7 +148,7 @@ void String::copy_from(const char *p_cstr) {
 	}
 }
 
-void String::copy_from(const CharType *p_cstr, int p_clip_to) {
+void String::copy_from(const CharType *p_cstr, const int p_clip_to) {
 
 	if (!p_cstr) {
 
@@ -158,12 +158,9 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) {
 
 	int len = 0;
 	const CharType *ptr = p_cstr;
-	while (*(ptr++) != 0)
+	while ((p_clip_to < 0 || len < p_clip_to) && *(ptr++) != 0)
 		len++;
 
-	if (p_clip_to >= 0 && len > p_clip_to)
-		len = p_clip_to;
-
 	if (len == 0) {
 
 		resize(0);
@@ -177,7 +174,7 @@ void String::copy_from(const CharType *p_cstr, int p_clip_to) {
 // p_char != NULL
 // p_length > 0
 // p_length <= p_char strlen
-void String::copy_from_unchecked(const CharType *p_char, int p_length) {
+void String::copy_from_unchecked(const CharType *p_char, const int p_length) {
 	resize(p_length + 1);
 	set(p_length, 0);
 

core/ustring.h

@@ -84,9 +84,9 @@ class String {
 	CowData<CharType> _cowdata;
 
 	void copy_from(const char *p_cstr);
-	void copy_from(const CharType *p_cstr, int p_clip_to = -1);
+	void copy_from(const CharType *p_cstr, const int p_clip_to = -1);
 	void copy_from(const CharType &p_char);
-	void copy_from_unchecked(const CharType *p_char, int p_length);
+	void copy_from_unchecked(const CharType *p_char, const int p_length);
 	bool _base_is_subsequence_of(const String &p_string, bool case_insensitive) const;
 
 public: