* fixed some buffer overflow errors in SetString (both short and

    ansistring versions) (merged)

rtl/inc/astrings.inc

@@ -805,11 +805,17 @@ begin
 end;
 
 Procedure SetString (Var S : AnsiString; Buf : PChar; Len : Longint);
-
+var
+  BufLen: longint;
 begin
   SetLength(S,Len);
-  If Buf<>Nil then
-    Move (Buf[0],S[1],Len);
+  If (Buf<>Nil) then
+    begin
+      BufLen := StrLen(Buf);
+      If (BufLen < Len) then
+        Len := BufLen;
+      Move (Buf[0],S[1],Len);
+    end;
 end;
 
 
@@ -835,7 +841,11 @@ end;
 
 {
   $Log$
-  Revision 1.32  2002-10-20 12:59:21  jonas
+  Revision 1.33  2002-10-21 19:52:47  jonas
+    * fixed some buffer overflow errors in SetString (both short and
+      ansistring versions) (merged)
+
+  Revision 1.32  2002/10/20 12:59:21  jonas
     * fixed ansistring append helpers so they preserve the terminating #0
     * optimized SetLength() so that it uses reallocmem in case the refcount
       of the target string is 1

rtl/inc/sstrings.inc

@@ -671,15 +671,28 @@ end;
 
 
 Procedure SetString (Var S : Shortstring; Buf : PChar; Len : Longint);
+var
+  BufLen: Longint;
 begin
+  S[0]:=chr(Len);
+  If Len > High(S) then
+    Len := High(S);
   If Buf<>Nil then
-    Move (Buf[0],S[1],Len);
-  S[0]:=chr(len);
+    begin
+      BufLen := StrLen(Buf);
+      if BufLen < Len then
+        Len := BufLen;
+      Move (Buf[0],S[1],Len);
+    end;
 end;
 
 {
   $Log$
-  Revision 1.25  2002-10-19 17:06:50  michael
+  Revision 1.26  2002-10-21 19:52:47  jonas
+    * fixed some buffer overflow errors in SetString (both short and
+      ansistring versions) (merged)
+
+  Revision 1.25  2002/10/19 17:06:50  michael
   + Added check for nil buffer to setstring
 
   Revision 1.24  2002/10/02 18:21:51  peter