From 87fe71f52f12bfdecd6f4a1109504224797675d5 Mon Sep 17 00:00:00 2001
From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Date: Tue, 19 Mar 2024 13:55:51 +1100
Subject: [PATCH] Stop possible underrun when processing a string

Calling String::utf8("Unicode String", -1) assumes that the string will be NULL terminated.
However, the length parameter is always used to find the end of the string.  So there is the
chance the character before th start of the string is read.

Making the pointer NULL in the case where it's out of range, still allows the following
to work as expected
while (ptrtmp != ptrtmp_limit && *ptrtmp)
....
---
 core/string/ustring.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/string/ustring.cpp b/core/string/ustring.cpp
index a7e12138f2f..d0d600007be 100644
--- a/core/string/ustring.cpp
+++ b/core/string/ustring.cpp
@@ -1822,7 +1822,7 @@ Error String::parse_utf8(const char *p_utf8, int p_len, bool p_skip_cr) {
 	bool decode_failed = false;
 	{
 		const char *ptrtmp = p_utf8;
-		const char *ptrtmp_limit = &p_utf8[p_len];
+		const char *ptrtmp_limit = p_len >= 0 ? &p_utf8[p_len] : nullptr;
 		int skip = 0;
 		uint8_t c_start = 0;
 		while (ptrtmp != ptrtmp_limit && *ptrtmp) {
@@ -2099,7 +2099,7 @@ Error String::parse_utf16(const char16_t *p_utf16, int p_len) {
 	bool decode_error = false;
 	{
 		const char16_t *ptrtmp = p_utf16;
-		const char16_t *ptrtmp_limit = &p_utf16[p_len];
+		const char16_t *ptrtmp_limit = p_len >= 0 ? &p_utf16[p_len] : nullptr;
 		uint32_t c_prev = 0;
 		bool skip = false;
 		while (ptrtmp != ptrtmp_limit && *ptrtmp) {