From ee6fe984ffb0d700ac91ab58283467d6957d068a Mon Sep 17 00:00:00 2001
From: Campbell Barton <ideasman42@gmail.com>
Date: Fri, 22 Mar 2013 21:26:59 +0000
Subject: fix for buffer out-of-bounds reading for STR_String comparisons with
 char arrays.

---
 intern/string/STR_String.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'intern/string')

diff --git a/intern/string/STR_String.h b/intern/string/STR_String.h
index a3d367a6fef..4607db45c7c 100644
--- a/intern/string/STR_String.h
+++ b/intern/string/STR_String.h
@@ -187,11 +187,11 @@ public:
 	inline friend bool operator>=(rcSTR_String     lhs, const char      *rhs)	{ return (strcmp(lhs, rhs)>=0); }
 	inline friend bool operator>=(const char      *lhs, rcSTR_String     rhs)	{ return (strcmp(lhs, rhs)>=0); }
 	inline friend bool operator==(rcSTR_String     lhs, rcSTR_String     rhs)	{ return ((lhs.Length() == rhs.Length()) && (memcmp(lhs, rhs, lhs.Length()) == 0)); }
-	inline friend bool operator==(rcSTR_String     lhs, const char      *rhs)	{ return (memcmp(lhs, rhs, lhs.Length() + 1) == 0); }
-	inline friend bool operator==(const char      *lhs, rcSTR_String     rhs)	{ return (memcmp(lhs, rhs, rhs.Length() + 1) == 0); }
-	inline friend bool operator!=(rcSTR_String     lhs, rcSTR_String     rhs)	{ return ((lhs.Length() != rhs.Length()) || (memcmp(lhs, rhs, lhs.Length())!=0)); }
-	inline friend bool operator!=(rcSTR_String     lhs, const char      *rhs)	{ return (memcmp(lhs, rhs, lhs.Length() + 1) != 0); }
-	inline friend bool operator!=(const char       *lhs, rcSTR_String    rhs)	{ return (memcmp(lhs, rhs, rhs.Length() + 1) != 0); }
+	inline friend bool operator==(rcSTR_String     lhs, const char      *rhs)	{ return (strncmp(lhs, rhs, lhs.Length() + 1) == 0); }
+	inline friend bool operator==(const char      *lhs, rcSTR_String     rhs)	{ return (strncmp(lhs, rhs, rhs.Length() + 1) == 0); }
+	inline friend bool operator!=(rcSTR_String     lhs, rcSTR_String     rhs)	{ return ((lhs.Length() != rhs.Length()) || (memcmp(lhs, rhs, lhs.Length()) != 0)); }
+	inline friend bool operator!=(rcSTR_String     lhs, const char      *rhs)	{ return (strncmp(lhs, rhs, lhs.Length() + 1) != 0); }
+	inline friend bool operator!=(const char       *lhs, rcSTR_String    rhs)	{ return (strncmp(lhs, rhs, rhs.Length() + 1) != 0); }
 
 	// serializing
 	//int			Serialize(pCStream stream);
-- 
cgit v1.2.3