From f174111128465805d122f2e5167c5e54a42bfd13 Mon Sep 17 00:00:00 2001
From: "alexey.lysiuk" <alexey.lysiuk@gmail.com>
Date: Sat, 23 Sep 2017 11:57:06 +0300
Subject: [PATCH] Fixed read beyond buffer boundary during font color parsing

Printing of string that ends with '\c' led to undefined behavior
Example: 'echo \c' in console
---
 src/v_font.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/v_font.cpp b/src/v_font.cpp
index 68422cd74..309f8d560 100644
--- a/src/v_font.cpp
+++ b/src/v_font.cpp
@@ -2666,7 +2666,7 @@ EColorRange V_ParseFontColor (const uint8_t *&color_value, int normalcolor, int
 	}
 	else							// Incomplete!
 	{
-		color_value = ch - (*ch == '\0');
+		color_value = ch - (newcolor == '\0');
 		return CR_UNDEFINED;
 	}
 	color_value = ch;
@@ -2772,4 +2772,4 @@ DEFINE_ACTION_FUNCTION(FFont, GetCursor)
 {
 	PARAM_SELF_STRUCT_PROLOGUE(FFont);
 	ACTION_RETURN_STRING(FString(self->GetCursor()));
-}
\ No newline at end of file
+}