From 1d87932d93c9c58a4d273783a14a0f7f8d140a87 Mon Sep 17 00:00:00 2001
From: veins1 <19636663+veins1@users.noreply.github.com>
Date: Thu, 13 Feb 2025 03:12:10 +0500
Subject: [PATCH] TextSubtext fixes (#4759)

Fix buffer write overflow
Fix reading past the end of text
---
 src/rtext.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/rtext.c b/src/rtext.c
index 982402f54..0d06caa9a 100644
--- a/src/rtext.c
+++ b/src/rtext.c
@@ -1540,21 +1540,21 @@ const char *TextSubtext(const char *text, int position, int length)
 
     if (position >= textLength)
     {
-        position = textLength - 1;
-        length = 0;
+        return buffer; //First char is already '\0' by memset
     }
 
-    if (length >= textLength) length = textLength;
+    int maxLength = textLength - position;
+    if (length > maxLength) length = maxLength;
+    if (length >= MAX_TEXT_BUFFER_LENGTH) length = MAX_TEXT_BUFFER_LENGTH - 1;
 
     // NOTE: Alternative: memcpy(buffer, text + position, length)
 
     for (int c = 0 ; c < length ; c++)
     {
-        *(buffer + c) = *(text + position);
-        text++;
+        buffer[c] = text[position + c];
     }
 
-    *(buffer + length) = '\0';
+    buffer[length] = '\0';
 
     return buffer;
 }