From 5fd2c86c7d2ac862f8448f635778753e2e612ef8 Mon Sep 17 00:00:00 2001
From: Leon Styhre <leon@leonstyhre.com>
Date: Tue, 14 Dec 2021 17:08:37 +0100
Subject: [PATCH] Fixed an issue where corrupt Unicode strings could crash the
 application.

---
 es-core/src/utils/StringUtil.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/es-core/src/utils/StringUtil.cpp b/es-core/src/utils/StringUtil.cpp
index 81e4f6ba4..2049b55fe 100644
--- a/es-core/src/utils/StringUtil.cpp
+++ b/es-core/src/utils/StringUtil.cpp
@@ -306,7 +306,7 @@ namespace Utils
                 result = (stringArg[cursor++]);
             }
             // 11110xxx, four byte character.
-            else if (checkCharType >= 0xF0) {
+            else if (checkCharType >= 0xF0 && cursor < stringArg.length() - 2) {
                 // 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
                 result = (stringArg[cursor++] & 0x07) << 18;
                 result |= (stringArg[cursor++] & 0x3F) << 12;
@@ -314,14 +314,14 @@ namespace Utils
                 result |= stringArg[cursor++] & 0x3F;
             }
             // 1110xxxx, three byte character.
-            else if (checkCharType >= 0xE0) {
+            else if (checkCharType >= 0xE0 && cursor < stringArg.length() - 1) {
                 // 1110xxxx 10xxxxxx 10xxxxxx
                 result = (stringArg[cursor++] & 0x0F) << 12;
                 result |= (stringArg[cursor++] & 0x3F) << 6;
                 result |= stringArg[cursor++] & 0x3F;
             }
             // 110xxxxx, two byte character.
-            else if (checkCharType >= 0xC0) {
+            else if (checkCharType >= 0xC0 && cursor < stringArg.length()) {
                 // 110xxxxx 10xxxxxx
                 result = (stringArg[cursor++] & 0x1F) << 6;
                 result |= stringArg[cursor++] & 0x3F;