From ad7731d900643e3136dc089a83df6dcb49ef0748 Mon Sep 17 00:00:00 2001
From: 0xFEEDC0DE64 <daniel@brunner.ninja>
Date: Tue, 4 Jul 2023 19:09:53 +0200
Subject: [PATCH] Fix out of memory access in parser

---
 tools/xml2cpp-codegen/xml.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/xml2cpp-codegen/xml.cpp b/tools/xml2cpp-codegen/xml.cpp
index 17ec36e..0d9aa0f 100644
--- a/tools/xml2cpp-codegen/xml.cpp
+++ b/tools/xml2cpp-codegen/xml.cpp
@@ -292,12 +292,12 @@ void Document::Expat::character_data_handler(void* data, const XML_Char* chars,
         nod = &(nod->children.back());
     }
 
-    int x = 0, y = len - 1;
+    int offset = 0, count = len;
 
-    while (isspace(chars[y]) && y > 0) --y;
-    while (isspace(chars[x]) && x < y) ++x;
+    while (count > 0 && isspace(chars[count - 1])) --count;
+    while (offset < count && isspace(chars[offset])) { ++offset; --count; }
 
-    nod->cdata = std::string(chars, x, y + 1);
+    nod->cdata = std::string{chars + offset, static_cast<std::string::size_type>(count)};
 }
 
 void Document::Expat::end_element_handler(void* data, const XML_Char* /*name*/)