Avoid out of bounds access in String::fromCharCode (#1254)

tobil4sk · web-flow · commit 1618253d7bb2 · 2025-09-02T14:40:47.000+02:00
If c is negative (this can happen if char is signed), then accessing
sConstStrings[c] is an out of bounds memory access. This results in a
string being created from garbage memory, which can lead to seg faults
later on.

Taking the other branch is safer in this case.
diff --git a/src/String.cpp b/src/String.cpp
@@ -1380,7 +1380,7 @@ Dynamic String::charCodeAt(int inPos) const
 
 String String::fromCharCode( int c )
 {
-   if (c<=255)
+   if (0<=c && c<=255)
    {
       return sConstStrings[c];
    }

Original file line number	Diff line number	Diff line change
`@@ -1380,7 +1380,7 @@ Dynamic String::charCodeAt(int inPos) const`
`1380`	`1380`
`1381`	`1381`	`String String::fromCharCode( int c )`
`1382`	`1382`	`{`
`1383`		`- if (c<=255)`
	`1383`	`+ if (0<=c && c<=255)`
`1384`	`1384`	`{`
`1385`	`1385`	`return sConstStrings[c];`
`1386`	`1386`	`}`