InputText: fixed a buffer overrun that could happen when using dynamically resizing buffers. (#8689)

docs/CHANGELOG.txt

@@ -336,6 +336,9 @@ Other changes:
 - TreeNode: fixed incorrect clipping of arrow/bullet when using ImGuiTreeNodeFlags_SpanAllColumns.
 - InputText: fixed cursor positioning issue using up/down keys near end of lines while
   editing non-ASCII text. (Regression from 1.91.2) (#8635, #7925)
+- InputText: fixed a buffer overrun that could happen when using dynamically resizing 
+  buffers (e.g. imgui_stdlib.cpp for std::string, or ImGuiInputTextFlags_CallbackRezize)
+  and programmatically making an insertion. (#8689) [@ocornut, @m9710797]
 - Tables: fixed TableHeader() eager vertical clipping of text which may be noticeable
   with FramePadding.y was too small. (#6236)
 - Tables: fixed an assert when combining Tables, Frozen Rows, Clipper and BeginMultiSelect()

imgui.h

@@ -29,7 +29,7 @@
 // Library Version
 // (Integer encoded as XYYZZ for use in #if preprocessor conditionals, e.g. '#if IMGUI_VERSION_NUM >= 12345')
 #define IMGUI_VERSION       "1.92.0 WIP"
-#define IMGUI_VERSION_NUM   19198
+#define IMGUI_VERSION_NUM   19199
 #define IMGUI_HAS_TABLE             // Added BeginTable() - from IMGUI_VERSION_NUM >= 18000
 #define IMGUI_HAS_TEXTURES          // Added ImGuiBackendFlags_RendererHasTextures - from IMGUI_VERSION_NUM >= 19198
 

imgui_widgets.cpp

@@ -4289,7 +4289,7 @@ void ImGuiInputTextCallbackData::InsertChars(int pos, const char* new_text, cons
     // Grow internal buffer if needed
     const bool is_resizable = (Flags & ImGuiInputTextFlags_CallbackResize) != 0;
     const int new_text_len = new_text_end ? (int)(new_text_end - new_text) : (int)ImStrlen(new_text);
-    if (new_text_len + BufTextLen >= BufSize)
+    if (new_text_len + BufTextLen + 1 > obj->TextA.Size)
     {
         if (!is_resizable)
             return;