From 563404fd99824e96877f66164a70d8658c46e9f4 Mon Sep 17 00:00:00 2001
From: Scott Freeman <gsfreema@gmail.com>
Date: Mon, 6 Jan 2020 16:44:40 -0500
Subject: [PATCH] Wstring view overrun (#884)

---
 src/CalcManager/CEngine/scidisp.cpp         | 8 +++++---
 src/CalculatorUnitTests/CalcEngineTests.cpp | 5 +++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/CalcManager/CEngine/scidisp.cpp b/src/CalcManager/CEngine/scidisp.cpp
index e3378db..632969f 100644
--- a/src/CalcManager/CEngine/scidisp.cpp
+++ b/src/CalcManager/CEngine/scidisp.cpp
@@ -215,10 +215,12 @@ int CCalcEngine::IsNumberInvalid(const wstring& numberString, int iMaxExp, int i
 \****************************************************************************/
 vector<uint32_t> CCalcEngine::DigitGroupingStringToGroupingVector(wstring_view groupingString)
 {
-    vector<uint32_t> grouping{};
+    vector<uint32_t> grouping;
     uint32_t currentGroup = 0;
     wchar_t* next = nullptr;
-    for (const wchar_t* itr = groupingString.data(); *itr != L'\0'; ++itr)
+    const wchar_t* begin = groupingString.data();
+    const wchar_t* end = begin + groupingString.length();
+    for (auto itr = begin; itr != end; ++itr)
     {
         // Try to parse a grouping number from the string
         currentGroup = wcstoul(itr, &next, 10);
@@ -232,7 +234,7 @@ vector<uint32_t> CCalcEngine::DigitGroupingStringToGroupingVector(wstring_view g
         // If we found a grouping and aren't at the end of the string yet,
         // jump to the next position in the string (the ';').
         // The loop will then increment us to the next character, which should be a number.
-        if (next && (static_cast<size_t>(next - groupingString.data()) < groupingString.length()))
+        if (next && (static_cast<size_t>(next - begin) < groupingString.length()))
         {
             itr = next;
         }
diff --git a/src/CalculatorUnitTests/CalcEngineTests.cpp b/src/CalculatorUnitTests/CalcEngineTests.cpp
index 9d8ad32..2b9d3b5 100644
--- a/src/CalculatorUnitTests/CalcEngineTests.cpp
+++ b/src/CalculatorUnitTests/CalcEngineTests.cpp
@@ -177,6 +177,11 @@ namespace CalculatorEngineTests
 
             groupingVector = { 4, 7, 0 };
             VERIFY_ARE_EQUAL(groupingVector, CCalcEngine::DigitGroupingStringToGroupingVector(L"4;16;7;25;0"), L"Verify we ignore oversize grouping");
+
+            groupingVector = { 3, 0 };
+            constexpr wstring_view nonRepeatingGrouping = L"3;0;0";
+            constexpr wstring_view repeatingGrouping = nonRepeatingGrouping.substr(0, 3);
+            VERIFY_ARE_EQUAL(groupingVector, CCalcEngine::DigitGroupingStringToGroupingVector(repeatingGrouping), L"Verify we don't go past the end of wstring_view range");
         }
 
         TEST_METHOD(TestGroupDigits)