From a2ba37a1a4f0aec39d2c7a85f1ea90a0efb9e9cf Mon Sep 17 00:00:00 2001
From: Misa <infoteddy@infoteddy.info>
Date: Thu, 11 Feb 2021 16:07:25 -0800
Subject: [PATCH] Fix out-of-bounds indexing with malformed XML entities in
 find_tag()

find_tag() would commit out-of-bounds indexing if someone made a level
file with malformed XML entity encodings in the metadata tags.

This would happen if the end of the string followed immediately after an
ampersand and hash, or if there wasn't a semicolon ending an XML entity.

Valgrind complains about these, so I've fixed it.
---
 desktop_version/src/editor.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/desktop_version/src/editor.cpp b/desktop_version/src/editor.cpp
index 45b0709a..c791af4e 100644
--- a/desktop_version/src/editor.cpp
+++ b/desktop_version/src/editor.cpp
@@ -146,8 +146,19 @@ std::string find_tag(const std::string& buf, const std::string& start, const std
     size_t start_pos = 0;
     while ((start_pos = value.find("&#", start_pos)) != std::string::npos)
     {
+        if (start_pos + 2 >= value.length())
+        {
+            return "";
+        }
+
         bool hex = value[start_pos + 2] == 'x';
         size_t end = value.find(';', start_pos);
+
+        if (end == std::string::npos)
+        {
+            return "";
+        }
+
         size_t real_start = start_pos + 2 + ((int) hex);
         std::string number(value.substr(real_start, end - real_start));