Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix out-of-bounds memory read (#19500)
CopyString copies one byte past the end of a non-terminated source string, then overwrites it with nul. The version of CopyString taking a const char* source expects it to be nul terminated. When called from ScopedMemoryString() the destination buffer is always one byte larger than the source, and the source may not be terminated. The result is a one-byte out-of-bounds memory read in CopyString(). This change modifies ScopedMemoryString() to wrap the source string in a CharSpan, so it calls the version of CopyString that handles unterminated source strings.
- Loading branch information