From e451faa1ccaa66feb05c2425cc3c5b2a12ca9d3d Mon Sep 17 00:00:00 2001
From: Randy Heit <rheit@users.noreply.github.com>
Date: Sat, 4 Apr 2015 18:02:49 -0500
Subject: [PATCH] Fixed: FString::ReallocBuffer could write to unallocated
 memory

- Previously, calling ReallocBuffer with a smaller buffer size than the
  current one could overwrite unallocated memory. This required that the
  string it was called on had more than one reference and therefore
  required creating a new copy. The entire original string would be
  copied, whether it fit in the new buffer or not.
---
 src/zstring.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/zstring.cpp b/src/zstring.cpp
index 14d19f46f9..510ff19d7e 100644
--- a/src/zstring.cpp
+++ b/src/zstring.cpp
@@ -1096,7 +1096,7 @@ void FString::ReallocBuffer (size_t newlen)
 	{ // If more than one reference, we must use a new copy
 		FStringData *old = Data();
 		AllocBuffer (newlen);
-		StrCopy (Chars, old->Chars(), old->Len);
+		StrCopy (Chars, old->Chars(), newlen < old->Len ? newlen : old->Len);
 		old->Release();
 	}
 	else