Fix potential out of range in String::concat

TD-er · web-flow · commit 34707966082f · 2025-02-06T13:42:50.000+01:00
There is no prerequisite the given array has to be a 0-terminated char array.
So we should only copy the length that has been given.

The `setLen()` function will make sure the internal string is 0-terminated.
So no need to dangerously assume there will be 1 more byte to copy
diff --git a/cores/esp32/WString.cpp b/cores/esp32/WString.cpp
@@ -343,10 +343,10 @@ bool String::concat(const char *cstr, unsigned int length) {
   }
   if (cstr >= wbuffer() && cstr < wbuffer() + len()) {
     // compatible with SSO in ram #6155 (case "x += x.c_str()")
-    memmove(wbuffer() + len(), cstr, length + 1);
+    memmove(wbuffer() + len(), cstr, length);
   } else {
     // compatible with source in flash #6367
-    memcpy_P(wbuffer() + len(), cstr, length + 1);
+    memcpy_P(wbuffer() + len(), cstr, length);
   }
   setLen(newlen);
   return true;

Original file line number	Diff line number	Diff line change
`@@ -343,10 +343,10 @@ bool String::concat(const char *cstr, unsigned int length) {`
`343`	`343`	`}`
`344`	`344`	`if (cstr >= wbuffer() && cstr < wbuffer() + len()) {`
`345`	`345`	`// compatible with SSO in ram #6155 (case "x += x.c_str()")`
`346`		`- memmove(wbuffer() + len(), cstr, length + 1);`
	`346`	`+ memmove(wbuffer() + len(), cstr, length);`
`347`	`347`	`} else {`
`348`	`348`	`// compatible with source in flash #6367`
`349`		`- memcpy_P(wbuffer() + len(), cstr, length + 1);`
	`349`	`+ memcpy_P(wbuffer() + len(), cstr, length);`
`350`	`350`	`}`
`351`	`351`	`setLen(newlen);`
`352`	`352`	`return true;`